bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-04 18:53:20 +00:00
Code Issues Releases Wiki Activity

Bug during reafactoring where the hostname is not used if the rpId is undefined (#6484)

Browse Source
This commit is contained in:
SmithThe4th
2023-10-02 18:14:39 -04:00
committed by GitHub
parent 02fdda42c7
commit a186d32314
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libs/common/src/vault/services/fido2/fido2-client.service.ts
View File

@@ -71,16 +71,16 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
}
const parsedOrigin = parse(params.origin, { allowPrivateDomains: true });
const rpId = params.rp.id ?? parsedOrigin.hostname;
params.rp.id = params.rp.id ?? parsedOrigin.hostname;
if (parsedOrigin.hostname == undefined || !params.origin.startsWith("https://")) {
this.logService?.warning(`[Fido2Client] Invalid https origin: ${params.origin}`);
throw new DOMException("'origin' is not a valid https origin", "SecurityError");
}
if (!isValidRpId(rpId, params.origin)) {
if (!isValidRpId(params.rp.id, params.origin)) {
this.logService?.warning(
`[Fido2Client] 'rp.id' cannot be used with the current origin: rp.id = ${rpId}; origin = ${params.origin}`
`[Fido2Client] 'rp.id' cannot be used with the current origin: rp.id = ${params.rp.id}; origin = ${params.origin}`
);
throw new DOMException("'rp.id' cannot be used with the current origin", "SecurityError");
}
@@ -202,16 +202,16 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
}
const parsedOrigin = parse(params.origin, { allowPrivateDomains: true });
const rpId = params.rpId ?? parsedOrigin.hostname;
params.rpId = params.rpId ?? parsedOrigin.hostname;
if (parsedOrigin.hostname == undefined || !params.origin.startsWith("https://")) {
this.logService?.warning(`[Fido2Client] Invalid https origin: ${params.origin}`);
throw new DOMException("'origin' is not a valid https origin", "SecurityError");
}
if (!isValidRpId(rpId, params.origin)) {
if (!isValidRpId(params.rpId, params.origin)) {
this.logService?.warning(
`[Fido2Client] 'rp.id' cannot be used with the current origin: rp.id = ${rpId}; origin = ${params.origin}`
`[Fido2Client] 'rp.id' cannot be used with the current origin: rp.id = ${params.rpId}; origin = ${params.origin}`
);
throw new DOMException("'rp.id' cannot be used with the current origin", "SecurityError");
}