3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-02 09:28:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

webauthn: only return known device credentials that match the given type

Browse source
This commit is contained in:
Caleb Doxsey 2023-02-15 16:23:55 -07:00
parent f2a5bda162
commit b966264cfd
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkg/webauthnutil/options.go
View file

@ -12,6 +12,7 @@ import (
"github.com/pomerium/pomerium/pkg/cryptutil"
"github.com/pomerium/pomerium/pkg/grpc/device"
"github.com/pomerium/pomerium/pkg/grpc/user"
"github.com/pomerium/pomerium/pkg/slices"
)
const (
@ -156,7 +157,10 @@ func newRequestOptions(
options,
deviceType.GetWebauthn().GetOptions().GetAuthenticatorSelection().UserVerification,
)
for _, knownDeviceCredential := range knownDeviceCredentials {
knownDeviceCredentialsForType := slices.Filter(knownDeviceCredentials, func(c *device.Credential) bool {
return c.GetTypeId() == deviceType.GetId()
})
for _, knownDeviceCredential := range knownDeviceCredentialsForType {
if publicKey := knownDeviceCredential.GetWebauthn(); publicKey != nil {
options.AllowCredentials = append(options.AllowCredentials, webauthn.PublicKeyCredentialDescriptor{
Type: webauthn.PublicKeyCredentialTypePublicKey,