diff options
author | Puyodead1 <puyodead@proton.me> | 2023-02-02 23:05:54 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-03 15:05:54 +1100 |
commit | e290965d007a3faea650b2d137a123ccbf3c3b1a (patch) | |
tree | ea0ad5edbd5d3b84ddd30253ac2c40b72ca70ffe /src | |
parent | run add:license (diff) | |
download | server-e290965d007a3faea650b2d137a123ccbf3c3b1a.tar.xz |
various fixes for webauthn (#973)
Diffstat (limited to 'src')
-rw-r--r-- | src/api/routes/auth/mfa/webauthn.ts | 17 | ||||
-rw-r--r-- | src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts | 8 | ||||
-rw-r--r-- | src/api/routes/users/@me/mfa/webauthn/credentials/index.ts | 5 |
3 files changed, 21 insertions, 9 deletions
diff --git a/src/api/routes/auth/mfa/webauthn.ts b/src/api/routes/auth/mfa/webauthn.ts index e574b969..c4334c4c 100644 --- a/src/api/routes/auth/mfa/webauthn.ts +++ b/src/api/routes/auth/mfa/webauthn.ts @@ -64,20 +64,23 @@ router.post( await User.update({ id: user.id }, { totp_last_ticket: "" }); const clientAttestationResponse = JSON.parse(code); - const securityKey = await SecurityKey.findOneOrFail({ - where: { - user_id: req.user_id, - key_id: clientAttestationResponse.rawId, - }, - }); if (!clientAttestationResponse.rawId) throw new HTTPError("Missing rawId", 400); clientAttestationResponse.rawId = toArrayBuffer( - Buffer.from(clientAttestationResponse.rawId, "base64"), + Buffer.from(clientAttestationResponse.rawId, "base64url"), ); + const securityKey = await SecurityKey.findOneOrFail({ + where: { + key_id: Buffer.from( + clientAttestationResponse.rawId, + "base64url", + ).toString("base64"), + }, + }); + const assertionExpectations: ExpectedAssertionResult = JSON.parse( Buffer.from( clientAttestationResponse.response.clientDataJSON, diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts index c451e357..a4381f37 100644 --- a/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts +++ b/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts @@ -17,7 +17,7 @@ */ import { route } from "@fosscord/api"; -import { SecurityKey } from "@fosscord/util"; +import { SecurityKey, User } from "@fosscord/util"; import { Request, Response, Router } from "express"; const router = Router(); @@ -29,6 +29,12 @@ router.delete("/", route({}), async (req: Request, res: Response) => { user_id: req.user_id, }); + const keys = await SecurityKey.count({ where: { user_id: req.user_id } }); + + // disable webauthn if there are no keys left + if (keys === 0) + await User.update({ id: req.user_id }, { webauthn_enabled: false }); + res.sendStatus(204); }); diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts index 581950b8..a33e06ce 100644 --- a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts +++ b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts @@ -181,7 +181,10 @@ router.post( key_id: keyId, }); - await securityKey.save(); + await Promise.all([ + securityKey.save(), + User.update({ id: req.user_id }, { webauthn_enabled: true }), + ]); return res.json({ name, |