summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
authorMatthew Miller <matthew@millerti.me>2020-06-07 22:41:02 -0700
committerMatthew Miller <matthew@millerti.me>2020-06-07 22:41:02 -0700
commita2b231566244e25361f788cc4eb4321cfecdec01 (patch)
tree70862ca9e53f71bc919df3af2216aa82c43505ea /packages/server/src
parent14aa5d112146113fa155e4e8dbca09fa6e46512c (diff)
Add additional checks for ID, RawID, CredType
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/attestation/verifyAttestationResponse.ts18
1 files changed, 17 insertions, 1 deletions
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts
index e696027..374b79b 100644
--- a/packages/server/src/attestation/verifyAttestationResponse.ts
+++ b/packages/server/src/attestation/verifyAttestationResponse.ts
@@ -42,7 +42,23 @@ export default function verifyAttestationResponse(options: Options): VerifiedAtt
expectedRPID,
requireUserVerification = false,
} = options;
- const { response } = credential;
+ const { id, rawId, type: credentialType, response } = credential;
+
+ // Ensure credential specified an ID
+ if (!id) {
+ throw new Error('Missing credential ID');
+ }
+
+ // Ensure ID is base64url-encoded
+ if (id !== rawId) {
+ throw new Error('Credential ID was not base64url-encoded');
+ }
+
+ // Make sure credential type is public-key
+ if (credentialType !== 'public-key') {
+ throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
+ }
+
const clientDataJSON = decodeClientDataJSON(response.clientDataJSON);
const { type, origin, challenge } = clientDataJSON;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-02 03:45:51 +0000