bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

[EC-598] fix: send correct excluded cipher ids

Browse Source
This commit is contained in:
Andreas Coroiu
2023-04-05 16:47:48 +02:00
parent 034f16f29e
commit 2992142681
2 changed files with 19 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/browser/src/webauthn/popup/fido2/fido2.component.html
View File

@@ -41,11 +41,7 @@
A passkey already exists in Bitwarden for this account A passkey already exists in Bitwarden for this account
<div class="box list"> <div class="box list">
<div class="box-content"> <div class="box-content">
<app-cipher-row <app-cipher-row *ngFor="let cipher of ciphers" [cipher]="cipher"></app-cipher-row>
*ngFor="let cipher of ciphers"
[cipher]="cipher"
(onSelected)="pick(cipher)"
></app-cipher-row>
</div> </div>
</div> </div>
</ng-container> </ng-container>

23
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@@ -62,13 +62,11 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint); throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint);
} }
const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList); const existingCipherIds = await this.findExistingCredentials(
if (isExcluded) { params.excludeCredentialDescriptorList
await userInterfaceSession.informExcludedCredential(
// [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
[],
abortController
); );
if (existingCipherIds.length > 0) {
await userInterfaceSession.informExcludedCredential(existingCipherIds, abortController);
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed); throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
} }
@@ -243,9 +241,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
} }
} }
private async vaultContainsCredentials( /** Finds existing crendetials and returns the `cipherId` for each one */
private async findExistingCredentials(
credentials: PublicKeyCredentialDescriptor[] credentials: PublicKeyCredentialDescriptor[]
): Promise<boolean> { ): Promise<string[]> {
const ids: string[] = []; const ids: string[] = [];
for (const credential of credentials) { for (const credential of credentials) {
@@ -256,17 +255,19 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
} }
if (ids.length === 0) { if (ids.length === 0) {
return false; return [];
} }
const ciphers = await this.cipherService.getAllDecrypted(); const ciphers = await this.cipherService.getAllDecrypted();
return ciphers.some( return ciphers
.filter(
(cipher) => (cipher) =>
(cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) || (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
(cipher.type === CipherType.Login && (cipher.type === CipherType.Login &&
cipher.login.fido2Key != undefined && cipher.login.fido2Key != undefined &&
ids.includes(cipher.login.fido2Key.nonDiscoverableId)) ids.includes(cipher.login.fido2Key.nonDiscoverableId))
); )
.map((cipher) => cipher.id);
} }
private async findNonDiscoverableCredentials( private async findNonDiscoverableCredentials(