From e00b941921bc27d91e293b5dfdf60e2ac033d954 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 21:56:45 -0800 Subject: Remove old eslint-disable --- packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts | 1 - 1 file changed, 1 deletion(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts b/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts index 117bf4c..afc1176 100644 --- a/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts +++ b/packages/browser/src/helpers/browserSupportsWebAuthnAutofill.ts @@ -1,4 +1,3 @@ -/* eslint-disable @typescript-eslint/ban-ts-comment */ import { PublicKeyCredentialFuture } from '@simplewebauthn/typescript-types'; /** -- cgit v1.2.3 From 1ad23a7d0a1aa5cd766fa2b604d7954d0bed4899 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 21:57:34 -0800 Subject: Fix test --- packages/browser/src/helpers/webAuthnAbortService.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/webAuthnAbortService.test.ts b/packages/browser/src/helpers/webAuthnAbortService.test.ts index 294a894..b3ec518 100644 --- a/packages/browser/src/helpers/webAuthnAbortService.test.ts +++ b/packages/browser/src/helpers/webAuthnAbortService.test.ts @@ -14,7 +14,7 @@ test('should call abort() on existing controller when creating a new signal', () // Spy on the existing instance of AbortController const abortSpy = jest.fn(); // @ts-ignore - webauthnAbortService.controller?.abort = abortSpy; + webauthnAbortService.controller.abort = abortSpy; // Generate a new signal, which should call `abort()` on the existing controller webauthnAbortService.createNewAbortSignal(); -- cgit v1.2.3 From d088c064064c4612d7c8549354c8b47a7ba9abe5 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:00:44 -0800 Subject: Prepare to expand WebAuthnError --- .../src/helpers/identifyAuthenticationError.ts | 2 +- .../src/helpers/identifyRegistrationError.ts | 2 +- packages/browser/src/helpers/structs.ts | 23 ----------------- packages/browser/src/helpers/webAuthnError.ts | 30 ++++++++++++++++++++++ 4 files changed, 32 insertions(+), 25 deletions(-) delete mode 100644 packages/browser/src/helpers/structs.ts create mode 100644 packages/browser/src/helpers/webAuthnError.ts (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts index 600a2d6..4c0cfe2 100644 --- a/packages/browser/src/helpers/identifyAuthenticationError.ts +++ b/packages/browser/src/helpers/identifyAuthenticationError.ts @@ -1,5 +1,5 @@ import { isValidDomain } from './isValidDomain'; -import { WebAuthnError } from './structs'; +import { WebAuthnError } from './webAuthnError'; /** * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.get()` diff --git a/packages/browser/src/helpers/identifyRegistrationError.ts b/packages/browser/src/helpers/identifyRegistrationError.ts index 9b76454..6134227 100644 --- a/packages/browser/src/helpers/identifyRegistrationError.ts +++ b/packages/browser/src/helpers/identifyRegistrationError.ts @@ -1,5 +1,5 @@ import { isValidDomain } from './isValidDomain'; -import { WebAuthnError } from './structs'; +import { WebAuthnError } from './webAuthnError'; /** * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()` diff --git a/packages/browser/src/helpers/structs.ts b/packages/browser/src/helpers/structs.ts deleted file mode 100644 index 8ae01b7..0000000 --- a/packages/browser/src/helpers/structs.ts +++ /dev/null @@ -1,23 +0,0 @@ -/** - * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented - * errors in the spec was raised after calling `navigator.credentials.create()` or - * `navigator.credentials.get()`: - * - * - `AbortError` - * - `ConstraintError` - * - `InvalidStateError` - * - `NotAllowedError` - * - `NotSupportedError` - * - `SecurityError` - * - `TypeError` - * - `UnknownError` - * - * Error messages were determined through investigation of the spec to determine under which - * scenarios a given error would be raised. - */ -export class WebAuthnError extends Error { - constructor(message: string, name = 'WebAuthnError') { - super(message); - this.name = name; - } -} diff --git a/packages/browser/src/helpers/webAuthnError.ts b/packages/browser/src/helpers/webAuthnError.ts new file mode 100644 index 0000000..aad98ff --- /dev/null +++ b/packages/browser/src/helpers/webAuthnError.ts @@ -0,0 +1,30 @@ +/* eslint-disable @typescript-eslint/ban-ts-comment */ +/** + * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented + * errors in the spec was raised after calling `navigator.credentials.create()` or + * `navigator.credentials.get()`: + * + * - `AbortError` + * - `ConstraintError` + * - `InvalidStateError` + * - `NotAllowedError` + * - `NotSupportedError` + * - `SecurityError` + * - `TypeError` + * - `UnknownError` + * + * Error messages were determined through investigation of the spec to determine under which + * scenarios a given error would be raised. + */ +export class WebAuthnError extends Error { + constructor(message: string, cause: Error, name?: string) { + /** + * `cause` is supported in evergreen browsers, but not IE10, so this ts-ignore is to + * help Rollup complete the ES5 build. + */ + // @ts-ignore + super(message, { cause }) + // this.name = name ?? cause.name; + this.name = name ?? cause.name; + } +} -- cgit v1.2.3 From 04d49d9cc03cb6342d5073c20d0e139baba3541c Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:02:01 -0800 Subject: Pass in original errors as `cause` --- .../src/helpers/identifyAuthenticationError.ts | 8 ++++---- .../browser/src/helpers/identifyRegistrationError.ts | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts index 4c0cfe2..d5ba5fa 100644 --- a/packages/browser/src/helpers/identifyAuthenticationError.ts +++ b/packages/browser/src/helpers/identifyAuthenticationError.ts @@ -20,7 +20,7 @@ export function identifyAuthenticationError({ if (error.name === 'AbortError') { if (options.signal === new AbortController().signal) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16) - return new WebAuthnError('Authentication ceremony was sent an abort signal', 'AbortError'); + return new WebAuthnError('Authentication ceremony was sent an abort signal', error); } } else if (error.name === 'NotAllowedError') { /** @@ -31,12 +31,12 @@ export function identifyAuthenticationError({ const effectiveDomain = window.location.hostname; if (!isValidDomain(effectiveDomain)) { // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5) - return new WebAuthnError(`${window.location.hostname} is an invalid domain`, 'SecurityError'); + return new WebAuthnError(`${window.location.hostname} is an invalid domain`, error); } else if (publicKey.rpId !== effectiveDomain) { // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6) return new WebAuthnError( `The RP ID "${publicKey.rpId}" is invalid for this domain`, - 'SecurityError', + error, ); } } else if (error.name === 'UnknownError') { @@ -44,7 +44,7 @@ export function identifyAuthenticationError({ // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12) return new WebAuthnError( 'The authenticator was unable to process the specified options, or could not create a new assertion signature', - 'UnknownError', + error, ); } diff --git a/packages/browser/src/helpers/identifyRegistrationError.ts b/packages/browser/src/helpers/identifyRegistrationError.ts index 6134227..57bfe51 100644 --- a/packages/browser/src/helpers/identifyRegistrationError.ts +++ b/packages/browser/src/helpers/identifyRegistrationError.ts @@ -20,26 +20,26 @@ export function identifyRegistrationError({ if (error.name === 'AbortError') { if (options.signal === new AbortController().signal) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16) - return new WebAuthnError('Registration ceremony was sent an abort signal', 'AbortError'); + return new WebAuthnError('Registration ceremony was sent an abort signal', error); } } else if (error.name === 'ConstraintError') { if (publicKey.authenticatorSelection?.requireResidentKey === true) { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4) return new WebAuthnError( 'Discoverable credentials were required but no available authenticator supported it', - 'ConstraintError', + error, ); } else if (publicKey.authenticatorSelection?.userVerification === 'required') { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5) return new WebAuthnError( 'User verification was required but no available authenticator supported it', - 'ConstraintError', + error, ); } } else if (error.name === 'InvalidStateError') { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20) // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3) - return new WebAuthnError('The authenticator was previously registered', 'InvalidStateError'); + return new WebAuthnError('The authenticator was previously registered', error); } else if (error.name === 'NotAllowedError') { /** * Pass the error directly through. Platforms are overloading this error beyond what the spec @@ -54,38 +54,38 @@ export function identifyRegistrationError({ // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10) return new WebAuthnError( 'No entry in pubKeyCredParams was of type "public-key"', - 'NotSupportedError', + error, ); } // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2) return new WebAuthnError( 'No available authenticator supported any of the specified pubKeyCredParams algorithms', - 'NotSupportedError', + error, ); } else if (error.name === 'SecurityError') { const effectiveDomain = window.location.hostname; if (!isValidDomain(effectiveDomain)) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7) - return new WebAuthnError(`${window.location.hostname} is an invalid domain`, 'SecurityError'); + return new WebAuthnError(`${window.location.hostname} is an invalid domain`, error); } else if (publicKey.rp.id !== effectiveDomain) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8) return new WebAuthnError( `The RP ID "${publicKey.rp.id}" is invalid for this domain`, - 'SecurityError', + error, ); } } else if (error.name === 'TypeError') { if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5) - return new WebAuthnError('User ID was not between 1 and 64 characters', 'TypeError'); + return new WebAuthnError('User ID was not between 1 and 64 characters', error); } } else if (error.name === 'UnknownError') { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1) // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8) return new WebAuthnError( 'The authenticator was unable to process the specified options, or could not create a new credential', - 'UnknownError', + error, ); } -- cgit v1.2.3 From 50bf90ffa88e2f327d400cb175b1f1a0c7d7588e Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:30:41 -0800 Subject: Add error codes to WebAuthnError --- packages/browser/src/helpers/webAuthnError.ts | 30 +++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/webAuthnError.ts b/packages/browser/src/helpers/webAuthnError.ts index aad98ff..135354a 100644 --- a/packages/browser/src/helpers/webAuthnError.ts +++ b/packages/browser/src/helpers/webAuthnError.ts @@ -17,14 +17,40 @@ * scenarios a given error would be raised. */ export class WebAuthnError extends Error { - constructor(message: string, cause: Error, name?: string) { + code: SimpleWebAuthnErrorCode; + + constructor({ + message, + code, + cause, + name, + }: { + message: string, + code: SimpleWebAuthnErrorCode, + cause: Error, + name?: string, + }) { /** * `cause` is supported in evergreen browsers, but not IE10, so this ts-ignore is to * help Rollup complete the ES5 build. */ // @ts-ignore super(message, { cause }) - // this.name = name ?? cause.name; this.name = name ?? cause.name; + this.code = code; } } + +export type SimpleWebAuthnErrorCode = + 'ERROR_CEREMONY_ABORTED' + | 'ERROR_INVALID_DOMAIN' + | 'ERROR_INVALID_RP_ID' + | 'ERROR_INVALID_USER_ID_LENGTH' + | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' + | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' + | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' + | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' + | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' + | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' + | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY' + ; -- cgit v1.2.3 From edd8e54f6d1c52e0315cd25d82e943348a9bd622 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:30:56 -0800 Subject: Update error identification with error codes --- .../src/helpers/identifyAuthenticationError.ts | 35 ++++++--- .../src/helpers/identifyRegistrationError.ts | 83 ++++++++++++++-------- 2 files changed, 80 insertions(+), 38 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/identifyAuthenticationError.ts b/packages/browser/src/helpers/identifyAuthenticationError.ts index d5ba5fa..e617a7d 100644 --- a/packages/browser/src/helpers/identifyAuthenticationError.ts +++ b/packages/browser/src/helpers/identifyAuthenticationError.ts @@ -20,32 +20,47 @@ export function identifyAuthenticationError({ if (error.name === 'AbortError') { if (options.signal === new AbortController().signal) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16) - return new WebAuthnError('Authentication ceremony was sent an abort signal', error); + return new WebAuthnError({ + message: 'Authentication ceremony was sent an abort signal', + code: 'ERROR_CEREMONY_ABORTED', + cause: error, + }); } } else if (error.name === 'NotAllowedError') { /** * Pass the error directly through. Platforms are overloading this error beyond what the spec * defines and we don't want to overwrite potentially useful error messages. */ + return new WebAuthnError({ + message: error.message, + code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY', + cause: error, + }); } else if (error.name === 'SecurityError') { const effectiveDomain = window.location.hostname; if (!isValidDomain(effectiveDomain)) { // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 5) - return new WebAuthnError(`${window.location.hostname} is an invalid domain`, error); + return new WebAuthnError({ + message: `${window.location.hostname} is an invalid domain`, + code: 'ERROR_INVALID_DOMAIN', + cause: error, + }); } else if (publicKey.rpId !== effectiveDomain) { // https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source (Step 6) - return new WebAuthnError( - `The RP ID "${publicKey.rpId}" is invalid for this domain`, - error, - ); + return new WebAuthnError({ + message: `The RP ID "${publicKey.rpId}" is invalid for this domain`, + code: 'ERROR_INVALID_RP_ID', + cause: error, + }); } } else if (error.name === 'UnknownError') { // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 1) // https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion (Step 12) - return new WebAuthnError( - 'The authenticator was unable to process the specified options, or could not create a new assertion signature', - error, - ); + return new WebAuthnError({ + message: 'The authenticator was unable to process the specified options, or could not create a new assertion signature', + code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR', + cause: error, + }); } return error; diff --git a/packages/browser/src/helpers/identifyRegistrationError.ts b/packages/browser/src/helpers/identifyRegistrationError.ts index 57bfe51..4649fb9 100644 --- a/packages/browser/src/helpers/identifyRegistrationError.ts +++ b/packages/browser/src/helpers/identifyRegistrationError.ts @@ -20,31 +20,46 @@ export function identifyRegistrationError({ if (error.name === 'AbortError') { if (options.signal === new AbortController().signal) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16) - return new WebAuthnError('Registration ceremony was sent an abort signal', error); + return new WebAuthnError({ + message: 'Registration ceremony was sent an abort signal', + code: 'ERROR_CEREMONY_ABORTED', + cause: error, + }); } } else if (error.name === 'ConstraintError') { if (publicKey.authenticatorSelection?.requireResidentKey === true) { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4) - return new WebAuthnError( - 'Discoverable credentials were required but no available authenticator supported it', - error, - ); + return new WebAuthnError({ + message: 'Discoverable credentials were required but no available authenticator supported it', + code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT', + cause: error, + }); } else if (publicKey.authenticatorSelection?.userVerification === 'required') { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5) - return new WebAuthnError( - 'User verification was required but no available authenticator supported it', - error, - ); + return new WebAuthnError({ + message: 'User verification was required but no available authenticator supported it', + code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT', + cause: error, + }); } } else if (error.name === 'InvalidStateError') { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20) // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3) - return new WebAuthnError('The authenticator was previously registered', error); + return new WebAuthnError({ + message: 'The authenticator was previously registered', + code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED', + cause: error + }); } else if (error.name === 'NotAllowedError') { /** * Pass the error directly through. Platforms are overloading this error beyond what the spec * defines and we don't want to overwrite potentially useful error messages. */ + return new WebAuthnError({ + message: error.message, + code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY', + cause: error, + }); } else if (error.name === 'NotSupportedError') { const validPubKeyCredParams = publicKey.pubKeyCredParams.filter( param => param.type === 'public-key', @@ -52,41 +67,53 @@ export function identifyRegistrationError({ if (validPubKeyCredParams.length === 0) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10) - return new WebAuthnError( - 'No entry in pubKeyCredParams was of type "public-key"', - error, - ); + return new WebAuthnError({ + message: 'No entry in pubKeyCredParams was of type "public-key"', + code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS', + cause: error, + }); } // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2) - return new WebAuthnError( - 'No available authenticator supported any of the specified pubKeyCredParams algorithms', - error, - ); + return new WebAuthnError({ + message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms', + code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG', + cause: error, + }); } else if (error.name === 'SecurityError') { const effectiveDomain = window.location.hostname; if (!isValidDomain(effectiveDomain)) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7) - return new WebAuthnError(`${window.location.hostname} is an invalid domain`, error); + return new WebAuthnError({ + message: `${window.location.hostname} is an invalid domain`, + code: 'ERROR_INVALID_DOMAIN', + cause: error + }); } else if (publicKey.rp.id !== effectiveDomain) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8) - return new WebAuthnError( - `The RP ID "${publicKey.rp.id}" is invalid for this domain`, - error, - ); + return new WebAuthnError({ + message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`, + code: 'ERROR_INVALID_RP_ID', + cause: error, + }); } } else if (error.name === 'TypeError') { if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) { // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5) - return new WebAuthnError('User ID was not between 1 and 64 characters', error); + return new WebAuthnError({ + message: 'User ID was not between 1 and 64 characters', + code: 'ERROR_INVALID_USER_ID_LENGTH', + cause: error, + }); } } else if (error.name === 'UnknownError') { // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1) // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8) - return new WebAuthnError( - 'The authenticator was unable to process the specified options, or could not create a new credential', - error, - ); + return new WebAuthnError({ + message: 'The authenticator was unable to process the specified options, or could not create a new credential', + code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR', + cause: error, + }); } return error; -- cgit v1.2.3 From 0fdf3115bcc4425de92fbff6f6c4c2f521af3d1f Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:40:26 -0800 Subject: Update tests --- .../src/methods/startAuthentication.test.ts | 16 +++++++++-- .../browser/src/methods/startRegistration.test.ts | 31 +++++++++++++++++++--- 2 files changed, 42 insertions(+), 5 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/methods/startAuthentication.test.ts b/packages/browser/src/methods/startAuthentication.test.ts index 1708651..f8830ae 100644 --- a/packages/browser/src/methods/startAuthentication.test.ts +++ b/packages/browser/src/methods/startAuthentication.test.ts @@ -9,7 +9,7 @@ import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn'; import { browserSupportsWebAuthnAutofill } from '../helpers/browserSupportsWebAuthnAutofill'; import { utf8StringToBuffer } from '../helpers/utf8StringToBuffer'; import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString'; -import { WebAuthnError } from '../helpers/structs'; +import { WebAuthnError } from '../helpers/webAuthnError'; import { generateCustomError } from '../helpers/__jest__/generateCustomError'; import { webauthnAbortService } from '../helpers/webAuthnAbortService'; @@ -299,7 +299,7 @@ test('should return authenticatorAttachment if present', async () => { return new Promise(resolve => { resolve({ response: {}, - getClientExtensionResults: () => {}, + getClientExtensionResults: () => { }, authenticatorAttachment: 'cross-platform', }); }); @@ -328,6 +328,8 @@ describe('WebAuthnError', () => { rejected.toThrow(WebAuthnError); rejected.toThrow(/abort signal/i); rejected.toHaveProperty('name', 'AbortError'); + rejected.toHaveProperty('code', 'ERROR_CEREMONY_ABORTED'); + rejected.toHaveProperty('cause', AbortError); }); }); @@ -346,6 +348,8 @@ describe('WebAuthnError', () => { rejected.toThrow(Error); rejected.toThrow(/operation failed/i); rejected.toHaveProperty('name', 'NotAllowedError'); + rejected.toHaveProperty('code', 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY'); + rejected.toHaveProperty('cause', NotAllowedError); }); test('should pass through error message (Chrome M110 - Bad TLS Cert)', async () => { @@ -365,6 +369,8 @@ describe('WebAuthnError', () => { rejected.toThrow(Error); rejected.toThrow(/sites with TLS certificate errors/i); rejected.toHaveProperty('name', 'NotAllowedError'); + rejected.toHaveProperty('code', 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY'); + rejected.toHaveProperty('cause', NotAllowedError); }); }); @@ -391,6 +397,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/1\.2\.3\.4/); rejected.toThrow(/invalid domain/i); rejected.toHaveProperty('name', 'SecurityError'); + rejected.toHaveProperty('code', 'ERROR_INVALID_DOMAIN'); + rejected.toHaveProperty('cause', SecurityError); }); test('should identify invalid RP ID', async () => { @@ -403,6 +411,8 @@ describe('WebAuthnError', () => { rejected.toThrow(goodOpts1.rpId); rejected.toThrow(/invalid for this domain/i); rejected.toHaveProperty('name', 'SecurityError'); + rejected.toHaveProperty('code', 'ERROR_INVALID_RP_ID'); + rejected.toHaveProperty('cause', SecurityError); }); }); @@ -418,6 +428,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/unable to process the specified options/i); rejected.toThrow(/could not create a new assertion signature/i); rejected.toHaveProperty('name', 'UnknownError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_GENERAL_ERROR'); + rejected.toHaveProperty('cause', UnknownError); }); }); }); diff --git a/packages/browser/src/methods/startRegistration.test.ts b/packages/browser/src/methods/startRegistration.test.ts index 2c2d2de..debaba3 100644 --- a/packages/browser/src/methods/startRegistration.test.ts +++ b/packages/browser/src/methods/startRegistration.test.ts @@ -7,7 +7,7 @@ import { import { generateCustomError } from '../helpers/__jest__/generateCustomError'; import { browserSupportsWebAuthn } from '../helpers/browserSupportsWebAuthn'; import { bufferToBase64URLString } from '../helpers/bufferToBase64URLString'; -import { WebAuthnError } from '../helpers/structs'; +import { WebAuthnError } from '../helpers/webAuthnError'; import { webauthnAbortService } from '../helpers/webAuthnAbortService'; import { utf8StringToBuffer } from '../helpers/utf8StringToBuffer'; @@ -239,7 +239,7 @@ test('should return authenticatorAttachment if present', async () => { return new Promise(resolve => { resolve({ response: {}, - getClientExtensionResults: () => {}, + getClientExtensionResults: () => { }, authenticatorAttachment: 'cross-platform', }); }); @@ -267,6 +267,8 @@ describe('WebAuthnError', () => { rejected.toThrow(WebAuthnError); rejected.toThrow(/abort signal/i); rejected.toThrow(/AbortError/); + rejected.toHaveProperty('code', 'ERROR_CEREMONY_ABORTED'); + rejected.toHaveProperty('cause', AbortError); }); }); @@ -289,6 +291,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/discoverable credentials were required/i); rejected.toThrow(/no available authenticator supported/i); rejected.toHaveProperty('name', 'ConstraintError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT'); + rejected.toHaveProperty('cause', ConstraintError); }); test('should identify unsupported user verification', async () => { @@ -306,6 +310,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/user verification was required/i); rejected.toThrow(/no available authenticator supported/i); rejected.toHaveProperty('name', 'ConstraintError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT'); + rejected.toHaveProperty('cause', ConstraintError); }); }); @@ -320,6 +326,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/authenticator/i); rejected.toThrow(/previously registered/i); rejected.toHaveProperty('name', 'InvalidStateError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED'); + rejected.toHaveProperty('cause', InvalidStateError); }); }); @@ -338,6 +346,8 @@ describe('WebAuthnError', () => { rejected.toThrow(Error); rejected.toThrow(/operation failed/i); rejected.toHaveProperty('name', 'NotAllowedError'); + rejected.toHaveProperty('code', 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY'); + rejected.toHaveProperty('cause', NotAllowedError); }); test('should pass through error message (Chrome M110 - Bad TLS Cert)', async () => { @@ -357,6 +367,8 @@ describe('WebAuthnError', () => { rejected.toThrow(Error); rejected.toThrow(/sites with TLS certificate errors/i); rejected.toHaveProperty('name', 'NotAllowedError'); + rejected.toHaveProperty('code', 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY'); + rejected.toHaveProperty('cause', NotAllowedError); }); }); @@ -376,6 +388,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/pubKeyCredParams/i); rejected.toThrow(/public-key/i); rejected.toHaveProperty('name', 'NotSupportedError'); + rejected.toHaveProperty('code', 'ERROR_MALFORMED_PUBKEYCREDPARAMS'); + rejected.toHaveProperty('cause', NotSupportedError); }); test('should identify no authenticator supports algs in pubKeyCredParams', async () => { @@ -391,6 +405,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/No available authenticator/i); rejected.toThrow(/pubKeyCredParams/i); rejected.toHaveProperty('name', 'NotSupportedError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG'); + rejected.toHaveProperty('cause', NotSupportedError); }); }); @@ -417,6 +433,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/1\.2\.3\.4/); rejected.toThrow(/invalid domain/i); rejected.toHaveProperty('name', 'SecurityError'); + rejected.toHaveProperty('code', 'ERROR_INVALID_DOMAIN'); + rejected.toHaveProperty('cause', SecurityError); }); test('should identify invalid RP ID', async () => { @@ -429,12 +447,15 @@ describe('WebAuthnError', () => { rejected.toThrow(goodOpts1.rp.id); rejected.toThrow(/invalid for this domain/i); rejected.toHaveProperty('name', 'SecurityError'); + rejected.toHaveProperty('code', 'ERROR_INVALID_RP_ID'); + rejected.toHaveProperty('cause', SecurityError); }); }); describe('TypeError', () => { test('should identify malformed user ID', async () => { - mockNavigatorCreate.mockRejectedValueOnce(new TypeError('user id is bad')); + const typeError = new TypeError('user id is bad'); + mockNavigatorCreate.mockRejectedValueOnce(typeError); const opts = { ...goodOpts1, @@ -449,6 +470,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/user id/i); rejected.toThrow(/not between 1 and 64 characters/i); rejected.toHaveProperty('name', 'TypeError'); + rejected.toHaveProperty('code', 'ERROR_INVALID_USER_ID_LENGTH'); + rejected.toHaveProperty('cause', typeError); }); }); @@ -464,6 +487,8 @@ describe('WebAuthnError', () => { rejected.toThrow(/unable to process the specified options/i); rejected.toThrow(/could not create a new credential/i); rejected.toHaveProperty('name', 'UnknownError'); + rejected.toHaveProperty('code', 'ERROR_AUTHENTICATOR_GENERAL_ERROR'); + rejected.toHaveProperty('cause', UnknownError); }); }); }); -- cgit v1.2.3 From 95a4c1f2f07640e76f0ccf2aa0409b46b311d015 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:49:50 -0800 Subject: Group error codes --- packages/browser/src/helpers/webAuthnError.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/webAuthnError.ts b/packages/browser/src/helpers/webAuthnError.ts index 135354a..56d71fd 100644 --- a/packages/browser/src/helpers/webAuthnError.ts +++ b/packages/browser/src/helpers/webAuthnError.ts @@ -46,11 +46,11 @@ export type SimpleWebAuthnErrorCode = | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' + | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' - | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY' ; -- cgit v1.2.3 From d0c5721f4afab5d3b07efbc96cc3e7232b94c8dd Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:50:04 -0800 Subject: Export SimpleWebAuthnErrorCode --- packages/browser/src/index.ts | 2 ++ 1 file changed, 2 insertions(+) (limited to 'packages/browser/src') diff --git a/packages/browser/src/index.ts b/packages/browser/src/index.ts index 41e040f..d0133af 100644 --- a/packages/browser/src/index.ts +++ b/packages/browser/src/index.ts @@ -15,3 +15,5 @@ export { browserSupportsWebAuthnAutofill, platformAuthenticatorIsAvailable, }; + +export type { SimpleWebAuthnErrorCode } from './helpers/webAuthnError'; -- cgit v1.2.3 From ac97005f39974154dc2af9514294bbe217a252f6 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 28 Feb 2023 22:50:48 -0800 Subject: Rename SimpleWebAuthnErrorCode --- packages/browser/src/helpers/webAuthnError.ts | 6 +++--- packages/browser/src/index.ts | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/helpers/webAuthnError.ts b/packages/browser/src/helpers/webAuthnError.ts index 56d71fd..1debec0 100644 --- a/packages/browser/src/helpers/webAuthnError.ts +++ b/packages/browser/src/helpers/webAuthnError.ts @@ -17,7 +17,7 @@ * scenarios a given error would be raised. */ export class WebAuthnError extends Error { - code: SimpleWebAuthnErrorCode; + code: WebAuthnErrorCode; constructor({ message, @@ -26,7 +26,7 @@ export class WebAuthnError extends Error { name, }: { message: string, - code: SimpleWebAuthnErrorCode, + code: WebAuthnErrorCode, cause: Error, name?: string, }) { @@ -41,7 +41,7 @@ export class WebAuthnError extends Error { } } -export type SimpleWebAuthnErrorCode = +export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' diff --git a/packages/browser/src/index.ts b/packages/browser/src/index.ts index d0133af..67c7c74 100644 --- a/packages/browser/src/index.ts +++ b/packages/browser/src/index.ts @@ -16,4 +16,4 @@ export { platformAuthenticatorIsAvailable, }; -export type { SimpleWebAuthnErrorCode } from './helpers/webAuthnError'; +export type { WebAuthnErrorCode } from './helpers/webAuthnError'; -- cgit v1.2.3