fix: multiple small fixes
This commit is contained in:
Sérgio Salgado
parent
6b44c6aa37
commit
d8f163af74
11 changed files with 135 additions and 152 deletions
|
|
@ -15,13 +15,13 @@ const REMEMBER_ME_AGE = 90 * T.day
|
|||
const rpID = devMode ? `localhost` : domain
|
||||
const expectedOrigin = `https://${rpID}:3001`
|
||||
|
||||
const generateAttestationOptions = (userID, session) => {
|
||||
const generateAttestationOptions = (session, options) => {
|
||||
return credentials.getHardwareCredentials().then(devices => {
|
||||
const options = simpleWebauthn.generateAttestationOptions({
|
||||
const opts = simpleWebauthn.generateAttestationOptions({
|
||||
rpName: 'Lamassu',
|
||||
rpID,
|
||||
userName: `Usernameless user created at ${new Date().toISOString()}`,
|
||||
userID: userID,
|
||||
userID: options.userId,
|
||||
timeout: 60000,
|
||||
attestationType: 'direct',
|
||||
excludeCredentials: devices.map(dev => ({
|
||||
|
|
@ -38,15 +38,15 @@ const generateAttestationOptions = (userID, session) => {
|
|||
|
||||
session.webauthn = {
|
||||
attestation: {
|
||||
challenge: options.challenge
|
||||
challenge: opts.challenge
|
||||
}
|
||||
}
|
||||
|
||||
return options
|
||||
return opts
|
||||
})
|
||||
}
|
||||
|
||||
const generateAssertionOptions = context => {
|
||||
const generateAssertionOptions = session => {
|
||||
return credentials.getHardwareCredentials().then(devices => {
|
||||
const options = simpleWebauthn.generateAssertionOptions({
|
||||
timeout: 60000,
|
||||
|
|
@ -59,7 +59,7 @@ const generateAssertionOptions = context => {
|
|||
rpID
|
||||
})
|
||||
|
||||
context.req.session.webauthn = {
|
||||
session.webauthn = {
|
||||
assertion: {
|
||||
challenge: options.challenge
|
||||
}
|
||||
|
|
@ -68,14 +68,14 @@ const generateAssertionOptions = context => {
|
|||
})
|
||||
}
|
||||
|
||||
const validateAttestation = (userID, attestationResponse, context) => {
|
||||
const webauthnData = context.req.session.webauthn.attestation
|
||||
const validateAttestation = (session, options) => {
|
||||
const webauthnData = session.webauthn.attestation
|
||||
const expectedChallenge = webauthnData.challenge
|
||||
|
||||
return Promise.all([
|
||||
users.getUserById(userID),
|
||||
users.getUserById(options.userId),
|
||||
simpleWebauthn.verifyAttestationResponse({
|
||||
credential: attestationResponse,
|
||||
credential: options.attestationResponse,
|
||||
expectedChallenge: `${expectedChallenge}`,
|
||||
expectedOrigin,
|
||||
expectedRPID: rpID
|
||||
|
|
@ -85,7 +85,7 @@ const validateAttestation = (userID, attestationResponse, context) => {
|
|||
const { verified, attestationInfo } = verification
|
||||
|
||||
if (!(verified || attestationInfo)) {
|
||||
context.req.session.webauthn = null
|
||||
session.webauthn = null
|
||||
return verified
|
||||
}
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ const validateAttestation = (userID, attestationResponse, context) => {
|
|||
attestationObject
|
||||
} = attestationInfo
|
||||
|
||||
return credentials.getHardwareCredentialsOfUser(user.id)
|
||||
return credentials.getHardwareCredentialsByUserId(user.id)
|
||||
.then(userDevices => {
|
||||
const existingDevice = userDevices.find(device => device.data.credentialID === credentialID)
|
||||
|
||||
|
|
@ -118,22 +118,22 @@ const validateAttestation = (userID, attestationResponse, context) => {
|
|||
credentials.createHardwareCredential(user.id, newDevice)
|
||||
}
|
||||
|
||||
context.req.session.webauthn = null
|
||||
session.webauthn = null
|
||||
return verified
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
const validateAssertion = (assertionResponse, context) => {
|
||||
const expectedChallenge = context.req.session.webauthn.assertion.challenge
|
||||
const validateAssertion = (session, options) => {
|
||||
const expectedChallenge = session.webauthn.assertion.challenge
|
||||
|
||||
return credentials.getHardwareCredentials().then(devices => {
|
||||
const dbAuthenticator = _.find(dev => {
|
||||
return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(assertionResponse.rawId)) === 0
|
||||
return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(options.assertionResponse.rawId)) === 0
|
||||
}, devices)
|
||||
|
||||
if (!dbAuthenticator.data) {
|
||||
throw new Error(`Could not find authenticator matching ${assertionResponse.id}`)
|
||||
throw new Error(`Could not find authenticator matching ${options.assertionResponse.id}`)
|
||||
}
|
||||
|
||||
const convertedAuthenticator = _.merge(
|
||||
|
|
@ -144,7 +144,7 @@ const validateAssertion = (assertionResponse, context) => {
|
|||
let verification
|
||||
try {
|
||||
verification = simpleWebauthn.verifyAssertionResponse({
|
||||
credential: assertionResponse,
|
||||
credential: options.assertionResponse,
|
||||
expectedChallenge: `${expectedChallenge}`,
|
||||
expectedOrigin,
|
||||
expectedRPID: rpID,
|
||||
|
|
@ -158,7 +158,7 @@ const validateAssertion = (assertionResponse, context) => {
|
|||
const { verified, assertionInfo } = verification
|
||||
|
||||
if (!verified) {
|
||||
context.req.session.webauthn = null
|
||||
session.webauthn = null
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
@ -169,10 +169,10 @@ const validateAssertion = (assertionResponse, context) => {
|
|||
])
|
||||
.then(([_, user]) => {
|
||||
const finalUser = { id: user.id, username: user.username, role: user.role }
|
||||
context.req.session.user = finalUser
|
||||
context.req.session.cookie.maxAge = REMEMBER_ME_AGE
|
||||
session.user = finalUser
|
||||
session.cookie.maxAge = REMEMBER_ME_AGE
|
||||
|
||||
context.req.session.webauthn = null
|
||||
session.webauthn = null
|
||||
return verified
|
||||
})
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue