summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/assertion/verifyAssertionResponse.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/assertion/verifyAssertionResponse.ts')
-rw-r--r--packages/server/src/assertion/verifyAssertionResponse.ts25
1 files changed, 14 insertions, 11 deletions
diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts
index fb668f4..a3b631b 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.ts
@@ -1,17 +1,16 @@
import base64url from 'base64url';
import {
AuthenticatorAssertionResponseJSON,
- U2F_USER_PRESENTED,
AuthenticatorDevice,
VerifiedAssertion,
} from "@webauthntine/typescript-types";
import decodeClientDataJSON from "@helpers/decodeClientDataJSON";
-import parseAssertionAuthData from './parseAssertionAuthData';
import toHash from '@helpers/toHash';
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import verifySignature from '@helpers/verifySignature';
+import parseAuthenticatorData from '@helpers/parseAuthenticatorData';
/**
* Verify that the user has legitimately completed the login process
@@ -40,19 +39,13 @@ export default function verifyAssertionResponse(
}
const authDataBuffer = base64url.toBuffer(base64AuthenticatorData);
- const authData = parseAssertionAuthData(authDataBuffer);
+ const authDataStruct = parseAuthenticatorData(authDataBuffer);
+ const { credentialID, flags, counter } = authDataStruct;
- if (!(authData.flags & U2F_USER_PRESENTED)) {
+ if (!(flags.up)) {
throw new Error('User was NOT present during assertion!');
}
- const {
- rpIdHash,
- flagsBuf,
- counterBuf,
- counter,
- } = authData;
-
if (counter <= authenticator.counter) {
// Error out when the counter in the DB is greater than or equal to the counter in the
// dataStruct. It's related to how the authenticator maintains the number of times its been
@@ -63,6 +56,12 @@ export default function verifyAssertionResponse(
);
}
+ const {
+ rpIdHash,
+ flagsBuf,
+ counterBuf,
+ } = authDataStruct;
+
const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON));
const signatureBase = Buffer.concat([
rpIdHash,
@@ -76,6 +75,10 @@ export default function verifyAssertionResponse(
const toReturn = {
verified: verifySignature(signature, signatureBase, publicKey),
+ authenticatorInfo: {
+ counter,
+ base64CredentialID: response.base64CredentialID,
+ },
};
return toReturn;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-19 19:08:34 +0000