bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

Improve WebAuthn error detection for invalid data (#946)

Browse Source
This commit is contained in:
Oscar Hinton
2021-04-23 21:07:15 +02:00
committed by GitHub
parent 2392d34ed8
commit d71d0d9af6
3 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/connectors/webauthn.ts
View File

@@ -1,5 +1,5 @@
import { getQsParam } from './common';
import { b64Decode, buildDataString } from './common-webauthn';
import { b64Decode, buildDataString, parseWebauthnJson } from './common-webauthn';
// tslint:disable-next-line
require('./webauthn.scss');
@@ -50,22 +50,13 @@ function start() {
try {
const jsonString = b64Decode(data);
obj = JSON.parse(jsonString);
obj = parseWebauthnJson(jsonString);
}
catch (e) {
error('Cannot parse data.');
return;
}
const challenge = obj.challenge.replace(/-/g, '+').replace(/_/g, '/');
obj.challenge = Uint8Array.from(atob(challenge), c => c.charCodeAt(0));
// fix escaping. Change this to coerce
obj.allowCredentials.forEach((listItem: any) => {
const fixedId = listItem.id.replace(/\_/g, '/').replace(/\-/g, '+');
listItem.id = Uint8Array.from(atob(fixedId), c => c.charCodeAt(0));
});
stopWebAuthn = false;
if (navigator.userAgent.indexOf(' Safari/') !== -1 && navigator.userAgent.indexOf('Chrome') === -1) {