Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-08 00:01:28 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: confirm new credentials

Browse Source
This commit is contained in:
Andreas Coroiu 2023-03-22 10:28:28 +01:00
parent 260ea22adb
commit fbfaa06cbb
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
3 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
View File

@ -12,6 +12,7 @@ export enum Fido2AutenticatorErrorCode {
CTAP2_ERR_UNSUPPORTED_ALGORITHM, CTAP2_ERR_UNSUPPORTED_ALGORITHM,
CTAP2_ERR_INVALID_OPTION, CTAP2_ERR_INVALID_OPTION,
CTAP2_ERR_PIN_AUTH_INVALID, CTAP2_ERR_PIN_AUTH_INVALID,
CTAP2_ERR_OPERATION_DENIED,
} }
export class Fido2AutenticatorError extends Error { export class Fido2AutenticatorError extends Error {

32
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@ -11,7 +11,10 @@ import {
Fido2AutenticatorErrorCode, Fido2AutenticatorErrorCode,
Fido2AuthenticatorMakeCredentialsParams, Fido2AuthenticatorMakeCredentialsParams,
} from "../abstractions/fido2-authenticator.service.abstraction"; } from "../abstractions/fido2-authenticator.service.abstraction";
import { Fido2UserInterfaceService } from "../abstractions/fido2-user-interface.service.abstraction"; import {
Fido2UserInterfaceService,
NewCredentialParams,
} from "../abstractions/fido2-user-interface.service.abstraction";
import { Fido2Utils } from "../abstractions/fido2-utils"; import { Fido2Utils } from "../abstractions/fido2-utils";
import { Fido2Key } from "../models/domain/fido2-key"; import { Fido2Key } from "../models/domain/fido2-key";
@ -123,6 +126,33 @@ describe("FidoAuthenticatorService", () => {
); );
}); });
}); });
describe("when input passes all initial checks", () => {
/** Spec: show the items contained within the user and rp parameter structures to the user. */
it("should request confirmation from user", async () => {
userInterface.confirmNewCredential.mockResolvedValue(true);
const params = await createCredentialParams();
await authenticator.makeCredential(params);
expect(userInterface.confirmNewCredential).toHaveBeenCalledWith({
credentialName: params.rp.name,
userName: params.user.name,
} as NewCredentialParams);
});
/** Spec: If the user declines permission */
it("should throw error if user denies creation request", async () => {
userInterface.confirmNewCredential.mockResolvedValue(false);
const params = await createCredentialParams();
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_OPERATION_DENIED]
);
});
});
}); });
}); });

11
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@ -53,6 +53,17 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
if (params.pinAuth != undefined) { if (params.pinAuth != undefined) {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID); throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID);
} }
if (!duplicateExists) {
const userVerification = await this.userInterface.confirmNewCredential({
credentialName: params.rp.name,
userName: params.user.name,
});
if (!userVerification) {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_OPERATION_DENIED);
}
}
} }
private async vaultContainsId(ids: string[]): Promise<boolean> { private async vaultContainsId(ids: string[]): Promise<boolean> {