diff options
| author | Matthew Miller <matthew@millerti.me> | 2023-09-27 22:42:59 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-27 22:42:59 -0700 |
| commit | 75fb63dc3de2cb9dede7e31c88f5ec29d3db1a29 (patch) | |
| tree | b5ceff5d86dfd51bf483eac3d0505463cfcc4af8 /packages/browser/src/methods/startRegistration.test.ts | |
| parent | 631ffb451525b33a2a4bc1f85a14a6105fb3ba47 (diff) | |
| parent | dc9965a4653cf8cd9662fab0f638a68c8463ec21 (diff) | |
Merge pull request #443 from MasterKale/fix/438-handle-bad-publickey-getters
fix/438-handle-bad-publickey-getters
Diffstat (limited to 'packages/browser/src/methods/startRegistration.test.ts')
| -rw-r--r-- | packages/browser/src/methods/startRegistration.test.ts | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/packages/browser/src/methods/startRegistration.test.ts b/packages/browser/src/methods/startRegistration.test.ts index b8ca081..97878c6 100644 --- a/packages/browser/src/methods/startRegistration.test.ts +++ b/packages/browser/src/methods/startRegistration.test.ts @@ -309,6 +309,61 @@ test('should not return convenience values if getters missing', async () => { expect(response.response.authenticatorData).toBeUndefined(); }); +test('should survive browser extensions that intercept WebAuthn and incorrectly implement public key value getters', async () => { + /** + * 1Password browser extension v2.15.1 (the one that introduced passkeys support) seemed to have + * implemented the following methods on AuthenticatorAttestationResponse... + * + * - getPublicKeyAlgorithm() + * - getPublicKey() + * - getAuthenticatorData() + * + * ...But when you attempt to call them as methods they'll error out with `TypeError`'s: + * + * Safari: + * > TypeError: Can only call AuthenticatorAttestationResponse.getPublicKeyAlgorithm on instances + * > of AuthenticatorAttestationResponse + * + * Chrome: + * > TypeError: Illegal invocation + * + * Firefox: + * > N/A (it handled it fine for some reason) + * + * Make sure `startRegistration()` can survive this scenario. + * + * See https://github.com/MasterKale/SimpleWebAuthn/issues/438 for more context. + */ + + // Mock extension return values from the browser extension intercepting WebAuthn + mockNavigatorCreate.mockImplementation((): Promise<unknown> => { + return new Promise((resolve) => { + resolve({ + response: { + getPublicKeyAlgorithm: () => { + throw new Error('I throw for some reason'); + }, + getPublicKey: () => { + throw new Error('I also throw for some reason'); + }, + getAuthenticatorData: () => { + throw new Error('I throw for some reason too'); + }, + }, + getClientExtensionResults: () => {}, + }); + }); + }); + + await expect(startRegistration(goodOpts1)).resolves; + + const response = await startRegistration(goodOpts1); + + expect(response.response.publicKeyAlgorithm).toBeUndefined(); + expect(response.response.publicKey).toBeUndefined(); + expect(response.response.authenticatorData).toBeUndefined(); +}); + describe('WebAuthnError', () => { describe('AbortError', () => { const AbortError = generateCustomError('AbortError'); |