summary refs log tree commit diff
path: root/src/api/routes/auth/mfa/webauthn.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/routes/auth/mfa/webauthn.ts')
-rw-r--r--src/api/routes/auth/mfa/webauthn.ts17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/api/routes/auth/mfa/webauthn.ts b/src/api/routes/auth/mfa/webauthn.ts

index e574b969..c4334c4c 100644
--- a/src/api/routes/auth/mfa/webauthn.ts
+++ b/src/api/routes/auth/mfa/webauthn.ts
@@ -64,20 +64,23 @@ router.post(
 		await User.update({ id: user.id }, { totp_last_ticket: "" });
 
 		const clientAttestationResponse = JSON.parse(code);
-		const securityKey = await SecurityKey.findOneOrFail({
-			where: {
-				user_id: req.user_id,
-				key_id: clientAttestationResponse.rawId,
-			},
-		});
 
 		if (!clientAttestationResponse.rawId)
 			throw new HTTPError("Missing rawId", 400);
 
 		clientAttestationResponse.rawId = toArrayBuffer(
-			Buffer.from(clientAttestationResponse.rawId, "base64"),
+			Buffer.from(clientAttestationResponse.rawId, "base64url"),
 		);
 
+		const securityKey = await SecurityKey.findOneOrFail({
+			where: {
+				key_id: Buffer.from(
+					clientAttestationResponse.rawId,
+					"base64url",
+				).toString("base64"),
+			},
+		});
+
 		const assertionExpectations: ExpectedAssertionResult = JSON.parse(
 			Buffer.from(
 				clientAttestationResponse.response.clientDataJSON,
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-13 09:41:13 +0000