search

Hexagon / webauthn-skeleton

Skeleton for a Web Authentication API website
MIT License
29 stars 7 forks source link

Persistence database broken #5

Closed bigjohnson closed 6 months ago

bigjohnson commented 7 months ago

The /routes/webauthn.js loose the json code that save credId in jsonable format and actually if you restart the app old user cannot login.

new code db

{ "users": { "alberto": { "name": "alberto", "registered": true, "id": "bME40SEc-T7CSkCfymytlPPYeM3f-dqpg0Tprbn0KmQ", "authenticators": [ { "credId": {}, "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVvudYp25pHZwtSy95ss/KYOY4nxi\nYZXmpSJ19fHL8jWtZzpa96/7jPvI68mkDPyXbCfu9wgUXo61ncVD0r0PEQ==\n-----END PUBLIC KEY-----\n", "type": "public-key", "transports": [ "usb" ], "counter": 0, "created": 1707906471482 } ] } } }

correct code db:

{ "users": { "test_01": { "name": "test_01", "registered": true, "id": "4KGEPeAyuP6sMFOxgYqRrcfgLdwhBZz1vjxO1MS4x_I", "authenticators": [ { "credId": { "0": 1, "1": 12, "2": 41, "3": 100, "4": 156, "5": 105, "6": 210, "7": 194, "8": 10, "9": 29, "10": 93, "11": 233, "12": 3, "13": 8, "14": 177, "15": 99, "16": 164, "17": 9, "18": 98, "19": 82, "20": 192, "21": 243, "22": 51, "23": 183, "24": 101, "25": 59, "26": 233, "27": 76, "28": 228, "29": 120, "30": 20, "31": 70, "32": 246, "33": 133, "34": 244, "35": 164, "36": 46, "37": 232, "38": 154, "39": 227, "40": 243, "41": 108, "42": 117, "43": 48, "44": 186, "45": 250, "46": 176, "47": 245, "48": 60, "49": 176, "50": 29, "51": 28, "52": 162, "53": 50, "54": 1, "55": 75, "56": 29, "57": 235, "58": 172, "59": 202, "60": 145, "61": 63, "62": 215, "63": 216, "64": 85 }, "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM7qje4qFyJBb8cEmAhGX/gUajVnS\n/cGQJ4QFJofqMlxi8kILJaMFRWquUWf96F1oP42j0TGODRmlVajOk/8gKQ==\n-----END PUBLIC KEY-----\n", "type": "public-key", "counter": 0, "created": 1647307648136 } ] },

the credid in memory cannot be saved in json because it is not in jsonable data type ad need to be converted before save to file and when read from file:

diff webauthn-skeleton-main/routes/webauthn.js webauthn-skeleton-main-mio/routes/webauthn.js
11c11
<       f2l       = new Fido2(),
---
>       f2l       = new Fido2(config.rpId, config.rpName, undefined, config.challengeTimeoutMs),
15,17d14
<
< f2l.init(config.rpId, config.rpName, undefined, config.challengeTimeoutMs);
<
79c76
<
---
>
110c107
<
---
>
114a112
>       //challengeMakeCred.excludeCredentials = database.users[ctx.session.username].authenticators.map((e) => { return { id: base64.fromArrayBuffer(e.credId, true), type: e.type }; });
116c114,121
<               return { id: base64.fromArrayBuffer(e.credId, true), type: e.type };
---
>               let scrivibile = e.credId;
>               let non_scrivibile = new ArrayBuffer(32);
>               let longInt8View = new Uint8Array(non_scrivibile);
>               for (let i=0; i< longInt8View.length; i++) {
>                       longInt8View[i] = scrivibile[i];
>               }
>               //return { id: base64url.encode(non_scrivibile, true), type: e.type };
>               return { id: base64.fromArrayBuffer(non_scrivibile, true), type: e.type };
118d122
<
153a158,166
>               var scrivibile = authr.credId;
>               //console.log("authr");
>               //console.log(authr);
>               var non_scrivibile = new ArrayBuffer(32);
>               var longInt8View = new Uint8Array(non_scrivibile);
>               for (var i=0; i< longInt8View.length; i++) {
>                       longInt8View[i] = scrivibile[i];
>               }
>
156,157c169,171
<                       id: base64.fromArrayBuffer(authr.credId, true),
<                       transports: authr.transports
---
>                       //id: base64.fromArrayBuffer(authr.credId, true),
>                       id: base64.fromArrayBuffer(non_scrivibile, true),
>                       transports: ["usb", "nfc", "ble", "internal"]
183a198,199
>               let scrivibile = new Uint8Array(result.authnrData.get("credId"));
>
185c201,202
<                       credId: result.authnrData.get("credId"),
---
>                       //credId: result.authnrData.get("credId"),
>                       credId: scrivibile,
188d204
<                       transports: webauthnResp.transports,
190c206
<                       created: new Date().getTime(),
---
>                       created: new Date().getTime()
192a209
>               //database.users[ctx.session.username].authenticators.push(token);
217a235,242
>
>                               let scrivibile = authr.credId;
>                               let non_scrivibile = new ArrayBuffer(32);
>                               let longInt8View = new Uint8Array(non_scrivibile);
>                               for (var i=0; i< longInt8View.length; i++) {
>                                       longInt8View[i] = scrivibile[i];
>                               }
>
226c251,252
<                                       userHandle: authr.credId
---
>                                       //userHandle: authr.credId
>                                       userHandle: non_scrivibile
bigjohnson commented 6 months ago

Corrected in the two pull requests.