summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/registration/generateRegistrationOptions.test.ts17
-rw-r--r--packages/server/src/registration/generateRegistrationOptions.ts14
2 files changed, 28 insertions, 3 deletions
diff --git a/packages/server/src/registration/generateRegistrationOptions.test.ts b/packages/server/src/registration/generateRegistrationOptions.test.ts
index fb164b3..1dc866d 100644
--- a/packages/server/src/registration/generateRegistrationOptions.test.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.test.ts
@@ -1,4 +1,4 @@
-import { assertEquals } from 'https://deno.land/std@0.198.0/assert/mod.ts';
+import { assertEquals, assertRejects } from 'https://deno.land/std@0.198.0/assert/mod.ts';
import { returnsNext, stub } from 'https://deno.land/std@0.198.0/testing/mock.ts';
import { generateRegistrationOptions } from './generateRegistrationOptions.ts';
@@ -319,3 +319,18 @@ Deno.test('should prefer Ed25519 in pubKeyCredParams', async () => {
assertEquals(options.pubKeyCredParams[0].alg, -8);
});
+
+Deno.test('should raise if string is specified for userID', async () => {
+ await assertRejects(
+ () =>
+ generateRegistrationOptions({
+ rpName: 'SimpleWebAuthn',
+ rpID: 'not.real',
+ userName: 'usernameHere',
+ // @ts-ignore: Pretending a dev missed a refactor between v9 and v10
+ userID: 'customUserID',
+ }),
+ Error,
+ 'String values for `userID` are no longer supported. See https://simplewebauthn.dev/docs/advanced/server/custom-user-ids)',
+ );
+});
diff --git a/packages/server/src/registration/generateRegistrationOptions.ts b/packages/server/src/registration/generateRegistrationOptions.ts
index c8d7ea8..39a0b18 100644
--- a/packages/server/src/registration/generateRegistrationOptions.ts
+++ b/packages/server/src/registration/generateRegistrationOptions.ts
@@ -105,8 +105,8 @@ export async function generateRegistrationOptions(
const {
rpName,
rpID,
- userID,
userName,
+ userID,
challenge = await generateChallenge(),
userDisplayName = '',
timeout = 60000,
@@ -166,10 +166,20 @@ export async function generateRegistrationOptions(
}
/**
+ * Explicitly disallow use of strings for userID anymore because `isoBase64URL.fromBuffer()` below
+ * will return an empty string if one gets through!
+ */
+ if (typeof userID === 'string') {
+ throw new Error(
+ `String values for \`userID\` are no longer supported. See https://simplewebauthn.dev/docs/advanced/server/custom-user-ids)`,
+ );
+ }
+
+ /**
* Generate a user ID if one is not provided
*/
let _userID = userID;
- if (_userID === undefined) {
+ if (!_userID) {
_userID = await generateUserID();
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 22:32:37 +0000