Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-08 00:01:28 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: add check for invalid option values

Browse Source
This commit is contained in:
Andreas Coroiu 2023-03-21 17:27:52 +01:00
parent 696e036ca8
commit e1833ca352
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
View File

@ -10,6 +10,7 @@ export enum Fido2AlgorithmIdentifier {
export enum Fido2AutenticatorErrorCode { export enum Fido2AutenticatorErrorCode {
CTAP2_ERR_CREDENTIAL_EXCLUDED, CTAP2_ERR_CREDENTIAL_EXCLUDED,
CTAP2_ERR_UNSUPPORTED_ALGORITHM, CTAP2_ERR_UNSUPPORTED_ALGORITHM,
CTAP2_ERR_INVALID_OPTION,
} }
export class Fido2AutenticatorError extends Error { export class Fido2AutenticatorError extends Error {

24
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@ -80,6 +80,30 @@ describe("FidoAuthenticatorService", () => {
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM] Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM]
); );
}); });
describe("when options parameter is present", () => {
/** Spec: If the option is known but not valid for this command, terminate this procedure */
it("should throw error when rk has invalid value", async () => {
const params = await createCredentialParams({ options: { rk: "invalid-value" as any } });
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION]
);
});
/** Spec: If the option is known but not valid for this command, terminate this procedure */
it("should throw error when uv has invalid value", async () => {
const params = await createCredentialParams({ options: { uv: "invalid-value" as any } });
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION]
);
});
});
}); });
}); });

8
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@ -41,6 +41,14 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
if (params.pubKeyCredParams.every((p) => p.alg !== Fido2AlgorithmIdentifier.ES256)) { if (params.pubKeyCredParams.every((p) => p.alg !== Fido2AlgorithmIdentifier.ES256)) {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM); throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM);
} }
if (params.options?.rk != undefined && typeof params.options.rk !== "boolean") {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION);
}
if (params.options?.uv != undefined && typeof params.options.uv !== "boolean") {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION);
}
} }
private async vaultContainsId(ids: string[]): Promise<boolean> { private async vaultContainsId(ids: string[]): Promise<boolean> {