fix: sql uppercasing

fix: structural changes to remove async/await flows fix: invert boolean flow fix: minor fixes
2021-06-15 19:45:57 +01:00 · 2021-06-15 19:45:57 +01:00 · 1563aa307b
commit 1563aa307b
parent f987a07e0b
9 changed files with 172 additions and 126 deletions
--- a/lib/new-admin/graphql/modules/authentication/FIDO2FAStrategy.js
+++ b/lib/new-admin/graphql/modules/authentication/FIDO2FAStrategy.js
@ -4,12 +4,17 @@ const _ = require('lodash/fp')

 const userManagement = require('../userManagement')
 const credentials = require('../../../../hardware-credentials')
+const db = require('../../../../db')
+const options = require('../../../../options')
 const T = require('../../../../time')
 const users = require('../../../../users')

+const domain = options.hostname
+const devMode = require('minimist')(process.argv.slice(2)).dev
+
 const REMEMBER_ME_AGE = 90 * T.day

-const rpID = `localhost`
+const rpID = devMode ? `localhost` : domain
 const expectedOrigin = `https://${rpID}:3001`

 const generateAttestationOptions = (userID, session) => {
@ -73,46 +78,53 @@ const validateAttestation = (userID, attestationResponse, context) => {
  const webauthnData = context.req.session.webauthn.attestation
  const expectedChallenge = webauthnData.challenge

-  return users.getUserById(userID).then(user => {
-    return simpleWebauthn.verifyAttestationResponse({
+  return Promise.all([
+    users.getUserById(userID),
+    simpleWebauthn.verifyAttestationResponse({
      credential: attestationResponse,
      expectedChallenge: `${expectedChallenge}`,
      expectedOrigin,
      expectedRPID: rpID
-    }).then(async verification => {
+    })
+  ])
+    .then(([user, verification]) => {
      const { verified, attestationInfo } = verification

-      if (verified && attestationInfo) {
-        const {
-          counter,
-          credentialPublicKey,
-          credentialID
-        } = attestationInfo
-
-        const userDevices = await credentials.getHardwareCredentialsOfUser(user.id)
-        const existingDevice = userDevices.find(device => device.data.credentialID === credentialID)
-
-        if (!existingDevice) {
-          const newDevice = {
-            counter,
-            credentialPublicKey,
-            credentialID
-          }
-          credentials.createHardwareCredential(user.id, newDevice)
-        }
+      if (!(verified || attestationInfo)) {
+        context.req.session.webauthn = null
+        return false
      }

-      context.req.session.webauthn = null
-      return verified
+      const {
+        counter,
+        credentialPublicKey,
+        credentialID
+      } = attestationInfo
+
+      return credentials.getHardwareCredentialsOfUser(user.id)
+        .then(userDevices => {
+          const existingDevice = userDevices.find(device => device.data.credentialID === credentialID)
+
+          if (!existingDevice) {
+            const newDevice = {
+              counter,
+              credentialPublicKey,
+              credentialID
+            }
+            credentials.createHardwareCredential(user.id, newDevice)
+          }
+
+          context.req.session.webauthn = null
+          return verified
+        })
    })
-  })
 }

 const validateAssertion = (username, password, rememberMe, assertionResponse, context) => {
  return userManagement.authenticateUser(username, password).then(user => {
    const expectedChallenge = context.req.session.webauthn.assertion.challenge

-    return credentials.getHardwareCredentialsOfUser(user.id).then(async devices => {
+    return credentials.getHardwareCredentialsOfUser(user.id).then(devices => {
      const dbAuthenticator = _.find(dev => {
        return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(assertionResponse.rawId)) === 0
      }, devices)
@ -142,17 +154,21 @@ const validateAssertion = (username, password, rememberMe, assertionResponse, co

      const { verified, assertionInfo } = verification

-      if (verified) {
-        dbAuthenticator.data.counter = assertionInfo.newCounter
-        await credentials.updateHardwareCredential(dbAuthenticator)
-
-        const finalUser = { id: user.id, username: user.username, role: user.role }
-        context.req.session.user = finalUser
-        if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
+      if (!verified) {
+        context.req.session.webauthn = null
+        return false
      }

-      context.req.session.webauthn = null
-      return verified
+      dbAuthenticator.data.counter = assertionInfo.newCounter
+      return credentials.updateHardwareCredential(dbAuthenticator)
+        .then(() => {
+          const finalUser = { id: user.id, username: user.username, role: user.role }
+          context.req.session.user = finalUser
+          if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
+
+          context.req.session.webauthn = null
+          return verified
+        })
    })
  })
 }