diff options
Diffstat (limited to 'packages/server/src')
5 files changed, 5 insertions, 35 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index 6d68e19..e41636e 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -9,7 +9,6 @@ import { decodeClientDataJSON } from '../helpers/decodeClientDataJSON'; import { toHash } from '../helpers/toHash'; import { verifySignature } from '../helpers/verifySignature'; import { parseAuthenticatorData } from '../helpers/parseAuthenticatorData'; -import { isBase64URLString } from '../helpers/isBase64URLString'; import { parseBackupFlags } from '../helpers/parseBackupFlags'; import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions'; import { matchExpectedRPID } from '../helpers/matchExpectedRPID'; @@ -121,11 +120,11 @@ export async function verifyAuthenticationResponse( } } - if (!isBase64URLString(response.authenticatorData)) { + if (!isoBase64URL.isBase64url(response.authenticatorData)) { throw new Error('Credential response authenticatorData was not a base64url string'); } - if (!isBase64URLString(response.signature)) { + if (!isoBase64URL.isBase64url(response.signature)) { throw new Error('Credential response signature was not a base64url string'); } diff --git a/packages/server/src/helpers/index.ts b/packages/server/src/helpers/index.ts index b71e0b1..643b417 100644 --- a/packages/server/src/helpers/index.ts +++ b/packages/server/src/helpers/index.ts @@ -7,7 +7,6 @@ import { decodeClientDataJSON } from './decodeClientDataJSON'; import { decodeCredentialPublicKey } from './decodeCredentialPublicKey'; import { generateChallenge } from './generateChallenge'; import { getCertificateInfo } from './getCertificateInfo'; -import { isBase64URLString } from './isBase64URLString'; import { isCertRevoked } from './isCertRevoked'; import { parseAuthenticatorData } from './parseAuthenticatorData'; import { toHash } from './toHash'; @@ -25,7 +24,6 @@ export { decodeCredentialPublicKey, generateChallenge, getCertificateInfo, - isBase64URLString, isCertRevoked, parseAuthenticatorData, toHash, diff --git a/packages/server/src/helpers/isBase64URLString.test.ts b/packages/server/src/helpers/isBase64URLString.test.ts deleted file mode 100644 index 358c420..0000000 --- a/packages/server/src/helpers/isBase64URLString.test.ts +++ /dev/null @@ -1,16 +0,0 @@ -import { isBase64URLString } from './isBase64URLString'; - -test('should return true when input is base64URLString', () => { - const actual = isBase64URLString('U2ltcGxlV2ViQXV0aG4'); - expect(actual).toEqual(true); -}); - -test('should return false when input is not base64URLString', () => { - const actual = isBase64URLString('U2ltcGxlV2ViQXV0aG4+'); - expect(actual).toEqual(false); -}); - -test('should return false when input is blank', () => { - const actual = isBase64URLString(''); - expect(actual).toEqual(false); -}); diff --git a/packages/server/src/helpers/isBase64URLString.ts b/packages/server/src/helpers/isBase64URLString.ts deleted file mode 100644 index f229bf3..0000000 --- a/packages/server/src/helpers/isBase64URLString.ts +++ /dev/null @@ -1,13 +0,0 @@ -// Base64URL, with optional padding -const base64urlRegEx = /^([0-9a-zA-Z-_]{4})*(([0-9a-zA-Z-_]{2}(==)?)|([0-9a-zA-Z-_]{3}=?))?$/; - -/** - * Check to see if a string only contains valid Base64URL values - */ -export function isBase64URLString(value: string): boolean { - if (!value) { - return false; - } - - return base64urlRegEx.test(value); -} diff --git a/packages/server/src/helpers/iso/isoBase64URL.ts b/packages/server/src/helpers/iso/isoBase64URL.ts index d03de51..c734ddd 100644 --- a/packages/server/src/helpers/iso/isoBase64URL.ts +++ b/packages/server/src/helpers/iso/isoBase64URL.ts @@ -55,8 +55,10 @@ export function isBase64(input: string): boolean { } /** - * Confirm that the string is encoded into base64url + * Confirm that the string is encoded into base64url, with support for optional padding */ export function isBase64url(input: string): boolean { + // Trim padding characters from the string if present + input = input.replace(/=/g, ''); return base64.validate(input, true); } |