New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PM-6631] Handle Fido2VerificationException during passkey attestation and assertion #3873
base: main
Are you sure you want to change the base?
Conversation
@coroiu do you recall why the |
var assertionVerificationResult = await _fido2.MakeAssertionAsync( | ||
assertionResponse, options, credentialPublicKey, (uint)credential.Counter, callback); | ||
|
||
Fido2NetLib.Objects.AssertionVerificationResult assertionVerificationResult = null; | ||
try | ||
{ | ||
assertionVerificationResult = await _fido2.MakeAssertionAsync( | ||
assertionResponse, options, credentialPublicKey, (uint)credential.Counter, callback); | ||
} | ||
catch (Fido2VerificationException) | ||
{ | ||
throw new BadRequestException("Unable to verify credential."); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did I write this?? I must've completely missed the fact that _fido2.MakeAssertionAsync
can throw exceptions... Good catch!
❓ issue: So one thing we need to be careful with here is that we don't allow credential and/or user enumeration. If we have unique exception messages here then the caller will be able to differentiate between
Invalid Credential -> Not found in database
Unable to verify credential -> Found in database, but invalid assertion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've adjusted the messages with bd46adc
(#3873).
Yeah, I didn't like returning |
No New Or Fixed Issues Found |
I had to make the |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3873 +/- ##
==========================================
- Coverage 38.66% 38.66% -0.01%
==========================================
Files 1209 1209
Lines 58561 58591 +30
Branches 5594 5594
==========================================
+ Hits 22643 22654 +11
- Misses 34863 34883 +20
+ Partials 1055 1054 -1 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A blast from the past :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really nice error handling refactors! Do you think we should add tests for these commands / user service scenarios while we are in here?
Type of change
Objective
In #3615 we handled the
Fido2VerificationException
when asserting a WebAuthn credential for 2FA.In this PR, we address the
MakeNewCredentialAsync
methods similarly, as well as theMakeAssertionAsync
when asserting a WebAuthn credential for login, which was missed in #3615 .📓 We have https://bitwarden.atlassian.net/browse/PM-4172 in the backlog to consolidate the implementations, at which point we should consider an abstraction.
Code changes
BadRequestException
instead of the unhandled exception returned previously. This will be handled on the client, as it is the pattern already established in the class for communicating assertion errors.false
along with a log message. I did this instead of throwing aBadRequestException
as this is the pattern already established in this command for handling invalid data. I added a log here as returningfalse
gives no indication of the root cause.false
along with a log message. I did this instead of throwing aBadRequestException
as this is the pattern already established in this command for handling invalid data. I added a log here as returningfalse
gives no indication of the root cause.Before you submit
dotnet format --verify-no-changes
) (required)