From 7e257d58cff5fcfeb7375944e46fd763edb4d9d5 Mon Sep 17 00:00:00 2001
From: jng <jng@bitwarden.com>
Date: Wed, 16 Aug 2023 12:45:12 -0400
Subject: [PATCH] added NotAllowedError to assertCredential in fido2

---
 .../src/vault/services/fido2/fido2-client.service.ts      | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts
index 0932799a78b..bbcff8f6dd6 100644
--- a/libs/common/src/vault/services/fido2/fido2-client.service.ts
+++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts
@@ -38,6 +38,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
     params: CreateCredentialParams,
     abortController = new AbortController()
   ): Promise<CreateCredentialResult> {
+    // debugger;
     const enableFido2VaultCredentials = await this.configService.getFeatureFlagBool(
       FeatureFlag.Fido2VaultCredentials
     );
@@ -200,6 +201,13 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
       throw new FallbackRequestedError();
     }
 
+    if (!params.sameOriginWithAncestors) {
+      this.logService?.warning(
+        `[Fido2Client] Invalid 'sameOriginWithAncestors' value: ${params.sameOriginWithAncestors}`
+      );
+      throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError");
+    }
+
     const { domain: effectiveDomain } = parse(params.origin, { allowPrivateDomains: true });
     if (effectiveDomain == undefined) {
       this.logService?.warning(`[Fido2Client] Invalid origin: ${params.origin}`);