diff options
Diffstat (limited to 'packages/browser/src/helpers')
| -rw-r--r-- | packages/browser/src/helpers/webAuthnAbortService.test.ts | 35 | ||||
| -rw-r--r-- | packages/browser/src/helpers/webAuthnAbortService.ts | 33 |
2 files changed, 55 insertions, 13 deletions
diff --git a/packages/browser/src/helpers/webAuthnAbortService.test.ts b/packages/browser/src/helpers/webAuthnAbortService.test.ts index 506bb2a..87d2535 100644 --- a/packages/browser/src/helpers/webAuthnAbortService.test.ts +++ b/packages/browser/src/helpers/webAuthnAbortService.test.ts @@ -1,23 +1,23 @@ -import { webauthnAbortService } from './webAuthnAbortService'; +import { WebAuthnAbortService } from './webAuthnAbortService'; test('should create a new abort signal every time', () => { - const signal1 = webauthnAbortService.createNewAbortSignal(); - const signal2 = webauthnAbortService.createNewAbortSignal(); + const signal1 = WebAuthnAbortService.createNewAbortSignal(); + const signal2 = WebAuthnAbortService.createNewAbortSignal(); expect(signal2).not.toBe(signal1); }); test('should call abort() with AbortError on existing controller when creating a new signal', () => { // Populate `.controller` - webauthnAbortService.createNewAbortSignal(); + WebAuthnAbortService.createNewAbortSignal(); // Spy on the existing instance of AbortController const abortSpy = jest.fn(); // @ts-ignore: Ignore the fact that `controller` is private - webauthnAbortService.controller.abort = abortSpy; + WebAuthnAbortService.controller.abort = abortSpy; // Generate a new signal, which should call `abort()` on the existing controller - webauthnAbortService.createNewAbortSignal(); + WebAuthnAbortService.createNewAbortSignal(); expect(abortSpy).toHaveBeenCalledTimes(1); // Make sure we raise an AbortError so it can be detected correctly @@ -25,3 +25,26 @@ test('should call abort() with AbortError on existing controller when creating a expect(abortReason).toBeInstanceOf(Error); expect(abortReason.name).toEqual('AbortError'); }); + +test('should cancel active WebAuthn ceremony when manually cancelled', () => { + // Populate `.controller` + WebAuthnAbortService.createNewAbortSignal(); + + // Spy on the existing instance of AbortController + const abortSpy = jest.fn(); + // @ts-ignore: Ignore the fact that `controller` is private + WebAuthnAbortService.controller.abort = abortSpy; + + // Cancel the in-flight ceremony, which should call `abort()` on the existing controller + WebAuthnAbortService.cancelCeremony(); + expect(abortSpy).toHaveBeenCalledTimes(1); + + // Make sure we raise an AbortError so it can be detected correctly + const abortReason = abortSpy.mock.calls[0][0]; + expect(abortReason).toBeInstanceOf(Error); + expect(abortReason.name).toEqual('AbortError'); + + // Ensure that we don't set up a new AbortController because it's unnecessary to do so + // @ts-ignore: Ignore the fact that `controller` is private + expect(WebAuthnAbortService.controller).toBeUndefined(); +}); diff --git a/packages/browser/src/helpers/webAuthnAbortService.ts b/packages/browser/src/helpers/webAuthnAbortService.ts index 50e00ba..395ceea 100644 --- a/packages/browser/src/helpers/webAuthnAbortService.ts +++ b/packages/browser/src/helpers/webAuthnAbortService.ts @@ -1,13 +1,10 @@ -/** - * A way to cancel an existing WebAuthn request, for example to cancel a - * WebAuthn autofill authentication request for a manual authentication attempt. - */ -class WebAuthnAbortService { +class BaseWebAuthnAbortService { private controller: AbortController | undefined; /** * Prepare an abort signal that will help support multiple auth attempts without needing to - * reload the page + * reload the page. This is automatically called whenever `startRegistration()` and + * `startAuthentication()` are called. */ createNewAbortSignal() { // Abort any existing calls to navigator.credentials.create() or navigator.credentials.get() @@ -24,6 +21,28 @@ class WebAuthnAbortService { this.controller = newController; return newController.signal; } + + /** + * Manually cancel any active WebAuthn registration or authentication attempt. + */ + cancelCeremony() { + if (this.controller) { + const abortError = new Error( + 'Manually cancelling existing WebAuthn API call', + ); + abortError.name = 'AbortError'; + this.controller.abort(abortError); + + this.controller = undefined; + } + } } -export const webauthnAbortService = new WebAuthnAbortService(); +/** + * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time. + * + * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g. + * developers building projects that use client-side routing to better control the behavior of + * their UX in response to router navigation events. + */ +export const WebAuthnAbortService = new BaseWebAuthnAbortService(); |