From e290965d007a3faea650b2d137a123ccbf3c3b1a Mon Sep 17 00:00:00 2001 From: Puyodead1 Date: Thu, 2 Feb 2023 23:05:54 -0500 Subject: various fixes for webauthn (#973) --- src/api/routes/auth/mfa/webauthn.ts | 17 ++++++++++------- .../users/@me/mfa/webauthn/credentials/#key_id/index.ts | 8 +++++++- .../routes/users/@me/mfa/webauthn/credentials/index.ts | 5 ++++- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/api/routes/auth/mfa/webauthn.ts b/src/api/routes/auth/mfa/webauthn.ts index e574b969..c4334c4c 100644 --- a/src/api/routes/auth/mfa/webauthn.ts +++ b/src/api/routes/auth/mfa/webauthn.ts @@ -64,20 +64,23 @@ router.post( await User.update({ id: user.id }, { totp_last_ticket: "" }); const clientAttestationResponse = JSON.parse(code); - const securityKey = await SecurityKey.findOneOrFail({ - where: { - user_id: req.user_id, - key_id: clientAttestationResponse.rawId, - }, - }); if (!clientAttestationResponse.rawId) throw new HTTPError("Missing rawId", 400); clientAttestationResponse.rawId = toArrayBuffer( - Buffer.from(clientAttestationResponse.rawId, "base64"), + Buffer.from(clientAttestationResponse.rawId, "base64url"), ); + const securityKey = await SecurityKey.findOneOrFail({ + where: { + key_id: Buffer.from( + clientAttestationResponse.rawId, + "base64url", + ).toString("base64"), + }, + }); + const assertionExpectations: ExpectedAssertionResult = JSON.parse( Buffer.from( clientAttestationResponse.response.clientDataJSON, diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts index c451e357..a4381f37 100644 --- a/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts +++ b/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts @@ -17,7 +17,7 @@ */ import { route } from "@fosscord/api"; -import { SecurityKey } from "@fosscord/util"; +import { SecurityKey, User } from "@fosscord/util"; import { Request, Response, Router } from "express"; const router = Router(); @@ -29,6 +29,12 @@ router.delete("/", route({}), async (req: Request, res: Response) => { user_id: req.user_id, }); + const keys = await SecurityKey.count({ where: { user_id: req.user_id } }); + + // disable webauthn if there are no keys left + if (keys === 0) + await User.update({ id: req.user_id }, { webauthn_enabled: false }); + res.sendStatus(204); }); diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts index 581950b8..a33e06ce 100644 --- a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts +++ b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts @@ -181,7 +181,10 @@ router.post( key_id: keyId, }); - await securityKey.save(); + await Promise.all([ + securityKey.save(), + User.update({ id: req.user_id }, { webauthn_enabled: true }), + ]); return res.json({ name, -- cgit 1.4.1