chore: server code formatting

2025-05-12 15:35:00 +01:00 · 2025-05-12 15:35:00 +01:00 · 68517170e2
commit 68517170e2
parent aedabcbdee
234 changed files with 9824 additions and 6195 deletions
--- a/packages/server/lib/new-admin/graphql/modules/authentication/FIDO2FAStrategy.js
+++ b/packages/server/lib/new-admin/graphql/modules/authentication/FIDO2FAStrategy.js
@ -12,60 +12,70 @@ const devMode = require('minimist')(process.argv.slice(2)).dev
 const REMEMBER_ME_AGE = 90 * T.day

 const generateAttestationOptions = (session, options) => {
-  return users.getUserById(options.userId).then(user => {
-    return Promise.all([credentials.getHardwareCredentialsByUserId(user.id), user])
-  }).then(([userDevices, user]) => {
-    const opts = simpleWebauthn.generateAttestationOptions({
-      rpName: 'Lamassu',
-      rpID: options.domain,
-      userName: user.username,
-      userID: user.id,
-      timeout: 60000,
-      attestationType: 'indirect',
-      excludeCredentials: userDevices.map(dev => ({
-        id: dev.data.credentialID,
-        type: 'public-key',
-        transports: ['usb', 'ble', 'nfc', 'internal']
-      })),
-      authenticatorSelection: {
-        userVerification: 'discouraged',
-        requireResidentKey: false
-      }
+  return users
+    .getUserById(options.userId)
+    .then(user => {
+      return Promise.all([
+        credentials.getHardwareCredentialsByUserId(user.id),
+        user,
+      ])
    })
-
-    session.webauthn = {
-      attestation: {
-        challenge: opts.challenge
-      }
-    }
-
-    return opts
-  })
-}
-
-const generateAssertionOptions = (session, options) => {
-  return userManagement.authenticateUser(options.username, options.password).then(user => {
-    return credentials.getHardwareCredentialsByUserId(user.id).then(devices => {
-      const opts = simpleWebauthn.generateAssertionOptions({
+    .then(([userDevices, user]) => {
+      const opts = simpleWebauthn.generateAttestationOptions({
+        rpName: 'Lamassu',
+        rpID: options.domain,
+        userName: user.username,
+        userID: user.id,
        timeout: 60000,
-        allowCredentials: devices.map(dev => ({
+        attestationType: 'indirect',
+        excludeCredentials: userDevices.map(dev => ({
          id: dev.data.credentialID,
          type: 'public-key',
-          transports: ['usb', 'ble', 'nfc', 'internal']
+          transports: ['usb', 'ble', 'nfc', 'internal'],
        })),
-        userVerification: 'discouraged',
-        rpID: options.domain
+        authenticatorSelection: {
+          userVerification: 'discouraged',
+          requireResidentKey: false,
+        },
      })

      session.webauthn = {
-        assertion: {
-          challenge: opts.challenge
-        }
+        attestation: {
+          challenge: opts.challenge,
+        },
      }

      return opts
    })
-  })
+}
+
+const generateAssertionOptions = (session, options) => {
+  return userManagement
+    .authenticateUser(options.username, options.password)
+    .then(user => {
+      return credentials
+        .getHardwareCredentialsByUserId(user.id)
+        .then(devices => {
+          const opts = simpleWebauthn.generateAssertionOptions({
+            timeout: 60000,
+            allowCredentials: devices.map(dev => ({
+              id: dev.data.credentialID,
+              type: 'public-key',
+              transports: ['usb', 'ble', 'nfc', 'internal'],
+            })),
+            userVerification: 'discouraged',
+            rpID: options.domain,
+          })
+
+          session.webauthn = {
+            assertion: {
+              challenge: opts.challenge,
+            },
+          }
+
+          return opts
+        })
+    })
 }

 const validateAttestation = (session, options) => {
@ -78,98 +88,112 @@ const validateAttestation = (session, options) => {
      credential: options.attestationResponse,
      expectedChallenge: `${expectedChallenge}`,
      expectedOrigin: `https://${options.domain}${devMode ? `:3001` : ``}`,
-      expectedRPID: options.domain
-    })
-  ])
-    .then(([user, verification]) => {
-      const { verified, attestationInfo } = verification
+      expectedRPID: options.domain,
+    }),
+  ]).then(([user, verification]) => {
+    const { verified, attestationInfo } = verification

-      if (!(verified || attestationInfo)) {
-        session.webauthn = null
-        return false
-      }
+    if (!(verified || attestationInfo)) {
+      session.webauthn = null
+      return false
+    }

-      const {
-        counter,
-        credentialPublicKey,
-        credentialID
-      } = attestationInfo
+    const { counter, credentialPublicKey, credentialID } = attestationInfo

-      return credentials.getHardwareCredentialsByUserId(user.id)
-        .then(userDevices => {
-          const existingDevice = userDevices.find(device => device.data.credentialID === credentialID)
+    return credentials
+      .getHardwareCredentialsByUserId(user.id)
+      .then(userDevices => {
+        const existingDevice = userDevices.find(
+          device => device.data.credentialID === credentialID,
+        )

-          if (!existingDevice) {
-            const newDevice = {
-              counter,
-              credentialPublicKey,
-              credentialID
-            }
-            credentials.createHardwareCredential(user.id, newDevice)
+        if (!existingDevice) {
+          const newDevice = {
+            counter,
+            credentialPublicKey,
+            credentialID,
          }
+          credentials.createHardwareCredential(user.id, newDevice)
+        }

-          session.webauthn = null
-          return verified
-        })
-    })
+        session.webauthn = null
+        return verified
+      })
+  })
 }

 const validateAssertion = (session, options) => {
-  return userManagement.authenticateUser(options.username, options.password).then(user => {
-    const expectedChallenge = session.webauthn.assertion.challenge
+  return userManagement
+    .authenticateUser(options.username, options.password)
+    .then(user => {
+      const expectedChallenge = session.webauthn.assertion.challenge

-    return credentials.getHardwareCredentialsByUserId(user.id).then(devices => {
-      const dbAuthenticator = _.find(dev => {
-        return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(options.assertionResponse.rawId)) === 0
-      }, devices)
+      return credentials
+        .getHardwareCredentialsByUserId(user.id)
+        .then(devices => {
+          const dbAuthenticator = _.find(dev => {
+            return (
+              Buffer.from(dev.data.credentialID).compare(
+                base64url.toBuffer(options.assertionResponse.rawId),
+              ) === 0
+            )
+          }, devices)

-      if (!dbAuthenticator.data) {
-        throw new Error(`Could not find authenticator matching ${options.assertionResponse.id}`)
-      }
+          if (!dbAuthenticator.data) {
+            throw new Error(
+              `Could not find authenticator matching ${options.assertionResponse.id}`,
+            )
+          }

-      const convertedAuthenticator = _.merge(
-        dbAuthenticator.data,
-        { credentialPublicKey: Buffer.from(dbAuthenticator.data.credentialPublicKey) }
-      )
+          const convertedAuthenticator = _.merge(dbAuthenticator.data, {
+            credentialPublicKey: Buffer.from(
+              dbAuthenticator.data.credentialPublicKey,
+            ),
+          })

-      let verification
-      try {
-        verification = simpleWebauthn.verifyAssertionResponse({
-          credential: options.assertionResponse,
-          expectedChallenge: `${expectedChallenge}`,
-          expectedOrigin: `https://${options.domain}${devMode ? `:3001` : ``}`,
-          expectedRPID: options.domain,
-          authenticator: convertedAuthenticator
-        })
-      } catch (err) {
-        console.error(err)
-        return false
-      }
+          let verification
+          try {
+            verification = simpleWebauthn.verifyAssertionResponse({
+              credential: options.assertionResponse,
+              expectedChallenge: `${expectedChallenge}`,
+              expectedOrigin: `https://${options.domain}${devMode ? `:3001` : ``}`,
+              expectedRPID: options.domain,
+              authenticator: convertedAuthenticator,
+            })
+          } catch (err) {
+            console.error(err)
+            return false
+          }

-      const { verified, assertionInfo } = verification
+          const { verified, assertionInfo } = verification

-      if (!verified) {
-        session.webauthn = null
-        return false
-      }
+          if (!verified) {
+            session.webauthn = null
+            return false
+          }

-      dbAuthenticator.data.counter = assertionInfo.newCounter
-      return credentials.updateHardwareCredential(dbAuthenticator)
-        .then(() => {
-          const finalUser = { id: user.id, username: user.username, role: user.role }
-          session.user = finalUser
-          if (options.rememberMe) session.cookie.maxAge = REMEMBER_ME_AGE
+          dbAuthenticator.data.counter = assertionInfo.newCounter
+          return credentials
+            .updateHardwareCredential(dbAuthenticator)
+            .then(() => {
+              const finalUser = {
+                id: user.id,
+                username: user.username,
+                role: user.role,
+              }
+              session.user = finalUser
+              if (options.rememberMe) session.cookie.maxAge = REMEMBER_ME_AGE

-          session.webauthn = null
-          return verified
+              session.webauthn = null
+              return verified
+            })
        })
    })
-  })
 }

 module.exports = {
  generateAttestationOptions,
  generateAssertionOptions,
  validateAttestation,
-  validateAssertion
+  validateAssertion,
 }