PM-4877: Only allow replacing passkeys for the same userhandle (#9804)

* Initial draft * small cleanup * show vaul items without passkeys * Refactored a bit * tests run for me? * Fixed platform test * null and undefined * lint
2025-12-18 17:23:37 +00:00 · 2024-07-16 19:39:41 +02:00
parent aa8c5b1516
commit dbc9b9c90b
5 changed files with 28 additions and 2 deletions
--- a/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts
@@ -215,6 +215,7 @@ describe("FidoAuthenticatorService", () => {
          expect(userInterfaceSession.confirmNewCredential).toHaveBeenCalledWith({
            credentialName: params.rpEntity.name,
            userName: params.userEntity.name,
+            userHandle: Fido2Utils.bufferToString(params.userEntity.id),
            userVerification,
            rpId: params.rpEntity.id,
          } as NewCredentialParams);
--- a/libs/common/src/platform/services/fido2/fido2-authenticator.service.ts
+++ b/libs/common/src/platform/services/fido2/fido2-authenticator.service.ts
@@ -112,6 +112,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
      const response = await userInterfaceSession.confirmNewCredential({
        credentialName: params.rpEntity.name,
        userName: params.userEntity.name,
+        userHandle: Fido2Utils.bufferToString(params.userEntity.id),
        userVerification: params.requireUserVerification,
        rpId: params.rpEntity.id,
      });