mirror of
https://github.com/bitwarden/browser
synced 2025-12-19 17:53:39 +00:00
[EC-598] feat: don't leak internal errors during creation
This commit is contained in:
Andreas Coroiu
@@ -202,6 +202,18 @@ describe("FidoAuthenticatorService", () => {
|
|||||||
|
|
||||||
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
|
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/** Spec: If any error occurred while creating the new credential object, return an error code equivalent to "UnknownError" and terminate the operation. */
|
||||||
|
it("should throw unkown error if creation fails", async () => {
|
||||||
|
const encryptedCipher = Symbol();
|
||||||
|
userInterface.confirmNewCredential.mockResolvedValue(true);
|
||||||
|
cipherService.encrypt.mockResolvedValue(encryptedCipher as unknown as Cipher);
|
||||||
|
cipherService.createWithServer.mockRejectedValue(new Error("Internal error"));
|
||||||
|
|
||||||
|
const result = async () => await authenticator.makeCredential(params);
|
||||||
|
|
||||||
|
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.Unknown);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("creation of non-discoverable credential", () => {
|
describe("creation of non-discoverable credential", () => {
|
||||||
@@ -270,6 +282,18 @@ describe("FidoAuthenticatorService", () => {
|
|||||||
|
|
||||||
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
|
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/** Spec: If any error occurred while creating the new credential object, return an error code equivalent to "UnknownError" and terminate the operation. */
|
||||||
|
it("should throw unkown error if creation fails", async () => {
|
||||||
|
const encryptedCipher = Symbol();
|
||||||
|
userInterface.confirmNewNonDiscoverableCredential.mockResolvedValue(existingCipherView.id);
|
||||||
|
cipherService.encrypt.mockResolvedValue(encryptedCipher as unknown as Cipher);
|
||||||
|
cipherService.updateWithServer.mockRejectedValue(new Error("Internal error"));
|
||||||
|
|
||||||
|
const result = async () => await authenticator.makeCredential(params);
|
||||||
|
|
||||||
|
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.Unknown);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -70,14 +70,18 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
|
|||||||
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
|
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
|
||||||
}
|
}
|
||||||
|
|
||||||
const keyPair = await this.createKeyPair();
|
try {
|
||||||
|
const keyPair = await this.createKeyPair();
|
||||||
|
|
||||||
const cipher = new CipherView();
|
const cipher = new CipherView();
|
||||||
cipher.type = CipherType.Fido2Key;
|
cipher.type = CipherType.Fido2Key;
|
||||||
cipher.name = params.rpEntity.name;
|
cipher.name = params.rpEntity.name;
|
||||||
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
|
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
|
||||||
const encrypted = await this.cipherService.encrypt(cipher);
|
const encrypted = await this.cipherService.encrypt(cipher);
|
||||||
await this.cipherService.createWithServer(encrypted);
|
await this.cipherService.createWithServer(encrypted);
|
||||||
|
} catch {
|
||||||
|
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
const cipherId = await this.userInterface.confirmNewNonDiscoverableCredential({
|
const cipherId = await this.userInterface.confirmNewNonDiscoverableCredential({
|
||||||
credentialName: params.rpEntity.name,
|
credentialName: params.rpEntity.name,
|
||||||
@@ -88,13 +92,17 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
|
|||||||
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
|
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
|
||||||
}
|
}
|
||||||
|
|
||||||
const keyPair = await this.createKeyPair();
|
try {
|
||||||
|
const keyPair = await this.createKeyPair();
|
||||||
|
|
||||||
const encrypted = await this.cipherService.get(cipherId);
|
const encrypted = await this.cipherService.get(cipherId);
|
||||||
const cipher = await encrypted.decrypt();
|
const cipher = await encrypted.decrypt();
|
||||||
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
|
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
|
||||||
const reencrypted = await this.cipherService.encrypt(cipher);
|
const reencrypted = await this.cipherService.encrypt(cipher);
|
||||||
await this.cipherService.updateWithServer(reencrypted);
|
await this.cipherService.updateWithServer(reencrypted);
|
||||||
|
} catch {
|
||||||
|
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user