From 078bf9dcb5e2d741303a61839c191c21b7fc08cc Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <andreas.coroiu@gmail.com>
Date: Tue, 21 Mar 2023 14:55:49 +0100
Subject: [PATCH] [EC-598] feat: allow user to confirm duplication

---
 .../fido2-authenticator.service.abstraction.ts | 10 ++++++++++
 .../fido2-authenticator.service.spec.ts        | 18 ++++++++++++++++--
 .../services/fido2-authenticator.service.ts    |  8 +++++++-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts b/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
index 2ab186abfd3..28e12bfa323 100644
--- a/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
+++ b/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
@@ -2,6 +2,16 @@ export abstract class Fido2AuthenticatorService {
   makeCredential: (params: Fido2AuthenticatorMakeCredentialsParams) => void;
 }
 
+export enum Fido2AutenticatorErrorCode {
+  CTAP2_ERR_CREDENTIAL_EXCLUDED,
+}
+
+export class Fido2AutenticatorError extends Error {
+  constructor(readonly errorCode: Fido2AutenticatorErrorCode) {
+    super(Fido2AutenticatorErrorCode[errorCode]);
+  }
+}
+
 /**
  * Parameters for {@link Fido2AuthenticatorService.makeCredential}
  *
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
index c5cf76c6244..0a7e6897675 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@@ -6,7 +6,10 @@ import { Utils } from "../../misc/utils";
 import { CipherService } from "../../vault/abstractions/cipher.service";
 import { CipherType } from "../../vault/enums/cipher-type";
 import { CipherView } from "../../vault/models/view/cipher.view";
-import { Fido2AuthenticatorMakeCredentialsParams } from "../abstractions/fido2-authenticator.service.abstraction";
+import {
+  Fido2AutenticatorErrorCode,
+  Fido2AuthenticatorMakeCredentialsParams,
+} from "../abstractions/fido2-authenticator.service.abstraction";
 import { Fido2UserInterfaceService } from "../abstractions/fido2-user-interface.service.abstraction";
 import { Fido2Utils } from "../abstractions/fido2-utils";
 import { Fido2KeyView } from "../models/view/fido2-key.view";
@@ -40,13 +43,24 @@ describe("FidoAuthenticatorService", () => {
       });
 
       /** Spec: wait for user presence */
-      it("should wait for confirmation from user", async () => {
+      it("should request confirmation from user", async () => {
         userInterface.confirmDuplicateCredential.mockResolvedValue(true);
 
         await authenticator.makeCredential(params);
 
         expect(userInterface.confirmDuplicateCredential).toHaveBeenCalled();
       });
+
+      /** Spec: then terminate this procedure and return error code */
+      it("should throw error if user denies duplication", async () => {
+        userInterface.confirmDuplicateCredential.mockResolvedValue(false);
+
+        const result = async () => await authenticator.makeCredential(params);
+
+        await expect(result).rejects.toThrowError(
+          Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED]
+        );
+      });
     });
   });
 });
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
index c8b971e1494..a2bec95cff3 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@@ -1,5 +1,7 @@
 import { CipherService } from "../../vault/services/cipher.service";
 import {
+  Fido2AutenticatorError,
+  Fido2AutenticatorErrorCode,
   Fido2AuthenticatorMakeCredentialsParams,
   Fido2AuthenticatorService as Fido2AuthenticatorServiceAbstraction,
 } from "../abstractions/fido2-authenticator.service.abstraction";
@@ -17,12 +19,16 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
   ) {}
 
   async makeCredential(params: Fido2AuthenticatorMakeCredentialsParams): Promise<void> {
-    this.userInterface.confirmDuplicateCredential(
+    const userConfirmation = await this.userInterface.confirmDuplicateCredential(
       [Fido2Utils.bufferToString(params.excludeList[0].id)],
       {
         credentialName: params.rp.name,
         userName: params.user.name,
       }
     );
+
+    if (!userConfirmation) {
+      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED);
+    }
   }
 }