bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-20 18:23:31 +00:00
Code Issues Releases Wiki Activity

Improve WebAuthn error detection for invalid data (#946)

Browse Source
This commit is contained in:
Oscar Hinton
2021-04-23 21:07:15 +02:00
committed by GitHub
parent 2392d34ed8
commit d71d0d9af6
3 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/connectors/webauthn-fallback.ts
View File

@@ -1,5 +1,5 @@
import { getQsParam } from './common';
import { b64Decode, buildDataString } from './common-webauthn';
import { b64Decode, buildDataString, parseWebauthnJson } from './common-webauthn';
// tslint:disable-next-line
require('./webauthn.scss');
@@ -63,7 +63,7 @@ function start() {
let json: any;
try {
const jsonString = b64Decode(data);
json = JSON.parse(jsonString);
json = parseWebauthnJson(jsonString);
}
catch (e) {
error('Cannot parse data.');
@@ -74,15 +74,6 @@ function start() {
}
async function initWebAuthn(obj: any) {
const challenge = obj.challenge.replace(/-/g, '+').replace(/_/g, '/');
obj.challenge = Uint8Array.from(atob(challenge), c => c.charCodeAt(0));
// fix escaping. Change this to coerce
obj.allowCredentials.forEach((listItem: any) => {
const fixedId = listItem.id.replace(/\_/g, '/').replace(/\-/g, '+');
listItem.id = Uint8Array.from(atob(fixedId), c => c.charCodeAt(0));
});
try {
const assertedCredential = await navigator.credentials.get({ publicKey: obj }) as PublicKeyCredential;