bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-18 01:03:35 +00:00
Code Issues Releases Wiki Activity

[EC-598] feat: do not exclude organization credentials

Browse Source
This commit is contained in:
Andreas Coroiu
2023-04-12 13:53:00 +02:00
parent 489c438ff4
commit 6d969439ef
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@@ -143,6 +143,19 @@ describe("FidoAuthenticatorService", () => {
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed); await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
}); });
/** Devation: Organization ciphers are not checked against excluded credentials, even if the user has access to them. */
it("should not inform user of duplication when the excluded credential belongs to an organization", async () => {
userInterfaceSession.informExcludedCredential.mockResolvedValue();
excludedCipher.organizationId = "someOrganizationId";
try {
await authenticator.makeCredential(params);
// eslint-disable-next-line no-empty
} catch {}
expect(userInterfaceSession.informExcludedCredential).not.toHaveBeenCalled();
});
it("should not inform user of duplication when input data does not pass checks", async () => { it("should not inform user of duplication when input data does not pass checks", async () => {
userInterfaceSession.informExcludedCredential.mockResolvedValue(); userInterfaceSession.informExcludedCredential.mockResolvedValue();
const invalidParams = await createInvalidParams(); const invalidParams = await createInvalidParams();
@@ -204,6 +217,19 @@ describe("FidoAuthenticatorService", () => {
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed); await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
}); });
/** Devation: Organization ciphers are not checked against excluded credentials, even if the user has access to them. */
it.only("should not inform user of duplication when the excluded credential belongs to an organization", async () => {
userInterfaceSession.informExcludedCredential.mockResolvedValue();
excludedCipherView.organizationId = "someOrganizationId";
try {
await authenticator.makeCredential(params);
// eslint-disable-next-line no-empty
} catch {}
expect(userInterfaceSession.informExcludedCredential).not.toHaveBeenCalled();
});
it("should not inform user of duplication when input data does not pass checks", async () => { it("should not inform user of duplication when input data does not pass checks", async () => {
userInterfaceSession.informExcludedCredential.mockResolvedValue(); userInterfaceSession.informExcludedCredential.mockResolvedValue();
const invalidParams = await createInvalidParams(); const invalidParams = await createInvalidParams();

9
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@@ -273,10 +273,11 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
return ciphers return ciphers
.filter( .filter(
(cipher) => (cipher) =>
(cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) || cipher.organizationId == undefined &&
(cipher.type === CipherType.Login && ((cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
cipher.login.fido2Key != undefined && (cipher.type === CipherType.Login &&
ids.includes(cipher.login.fido2Key.nonDiscoverableId)) cipher.login.fido2Key != undefined &&
ids.includes(cipher.login.fido2Key.nonDiscoverableId)))
) )
.map((cipher) => cipher.id); .map((cipher) => cipher.id);
} }