bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-17 16:53:34 +00:00
Code Issues Releases Wiki Activity

[EC-598] feat: handle unsupported pinAuth

Browse Source
This commit is contained in:
Andreas Coroiu
2023-03-22 10:01:01 +01:00
parent e1833ca352
commit 260ea22adb
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
View File

@@ -11,6 +11,7 @@ export enum Fido2AutenticatorErrorCode {
CTAP2_ERR_CREDENTIAL_EXCLUDED, CTAP2_ERR_CREDENTIAL_EXCLUDED,
CTAP2_ERR_UNSUPPORTED_ALGORITHM, CTAP2_ERR_UNSUPPORTED_ALGORITHM,
CTAP2_ERR_INVALID_OPTION, CTAP2_ERR_INVALID_OPTION,
CTAP2_ERR_PIN_AUTH_INVALID,
} }
export class Fido2AutenticatorError extends Error { export class Fido2AutenticatorError extends Error {
@@ -59,4 +60,5 @@ export interface Fido2AuthenticatorMakeCredentialsParams {
rk?: boolean; rk?: boolean;
uv?: boolean; uv?: boolean;
}; };
pinAuth?: unknown;
} }

20
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@@ -104,6 +104,25 @@ describe("FidoAuthenticatorService", () => {
); );
}); });
}); });
/**
* Spec: Optionally, if the extensions parameter is present, process any extensions that this authenticator supports.
* Currently not supported.
*/
describe.skip("when extensions parameter is present", () => undefined);
/** Spec: If pinAuth parameter is present and the pinProtocol is not supported */
describe("when pinAuth parameter is present", () => {
it("should throw error", async () => {
const params = await createCredentialParams({ pinAuth: { key: "value" } });
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID]
);
});
});
}); });
}); });
@@ -145,6 +164,7 @@ async function createCredentialParams(
rk: false as boolean, rk: false as boolean,
uv: false as boolean, uv: false as boolean,
}, },
pinAuth: params.pinAuth,
}; };
} }

4
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@@ -49,6 +49,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
if (params.options?.uv != undefined && typeof params.options.uv !== "boolean") { if (params.options?.uv != undefined && typeof params.options.uv !== "boolean") {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION); throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION);
} }
if (params.pinAuth != undefined) {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID);
}
} }
private async vaultContainsId(ids: string[]): Promise<boolean> { private async vaultContainsId(ids: string[]): Promise<boolean> {