Merge branch 'master' of github.com:fosscord/fosscord-server

2024-11-22 10:22:39 +01:00 · 2023-02-03 16:28:12 +11:00 · 2023-02-03 16:28:12 +11:00 · 9bbe5b733f
commit 9bbe5b733f
parent 4abf9d9c68 6203a96495
3 changed files with 21 additions and 9 deletions
--- a/src/api/routes/auth/mfa/webauthn.ts
+++ b/src/api/routes/auth/mfa/webauthn.ts
@ -64,20 +64,23 @@ router.post(
 		await User.update({ id: user.id }, { totp_last_ticket: "" });

 		const clientAttestationResponse = JSON.parse(code);
-		const securityKey = await SecurityKey.findOneOrFail({
-			where: {
-				user_id: req.user_id,
-				key_id: clientAttestationResponse.rawId,
-			},
-		});

 		if (!clientAttestationResponse.rawId)
 			throw new HTTPError("Missing rawId", 400);

 		clientAttestationResponse.rawId = toArrayBuffer(
-			Buffer.from(clientAttestationResponse.rawId, "base64"),
+			Buffer.from(clientAttestationResponse.rawId, "base64url"),
 		);

+		const securityKey = await SecurityKey.findOneOrFail({
+			where: {
+				key_id: Buffer.from(
+					clientAttestationResponse.rawId,
+					"base64url",
+				).toString("base64"),
+			},
+		});
+
 		const assertionExpectations: ExpectedAssertionResult = JSON.parse(
 			Buffer.from(
 				clientAttestationResponse.response.clientDataJSON,
--- a/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts
+++ b/src/api/routes/users/@me/mfa/webauthn/credentials/#key_id/index.ts
@ -17,7 +17,7 @@
 */

 import { route } from "@fosscord/api";
-import { SecurityKey } from "@fosscord/util";
+import { SecurityKey, User } from "@fosscord/util";
 import { Request, Response, Router } from "express";
 const router = Router();

@ -29,6 +29,12 @@ router.delete("/", route({}), async (req: Request, res: Response) => {
 		user_id: req.user_id,
 	});

+	const keys = await SecurityKey.count({ where: { user_id: req.user_id } });
+
+	// disable webauthn if there are no keys left
+	if (keys === 0)
+		await User.update({ id: req.user_id }, { webauthn_enabled: false });
+
 	res.sendStatus(204);
 });

--- a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
+++ b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
@ -181,7 +181,10 @@ router.post(
 				key_id: keyId,
 			});

-			await securityKey.save();
+			await Promise.all([
+				securityKey.save(),
+				User.update({ id: req.user_id }, { webauthn_enabled: true }),
+			]);

 			return res.json({
 				name,