mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-10-01 01:26:01 -04:00
Passkeys: Fix RP ID validation
This commit is contained in:
parent
8a4787278d
commit
5883f49f37
@ -630,7 +630,7 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
|
||||
}
|
||||
|
||||
const auto excludeCredentials = credentialCreationOptions["excludeCredentials"].toArray();
|
||||
const auto rpId = publicKeyOptions["rp"]["id"].toString();
|
||||
const auto rpId = credentialCreationOptions["rp"].toObject()["id"].toString();
|
||||
const auto timeout = publicKeyOptions["timeout"].toInt();
|
||||
const auto username = credentialCreationOptions["user"].toObject()["name"].toString();
|
||||
const auto user = credentialCreationOptions["user"].toObject();
|
||||
|
@ -109,14 +109,17 @@ int PasskeyUtils::validateRpId(const QJsonValue& rpIdValue, const QString& effec
|
||||
return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH;
|
||||
}
|
||||
|
||||
if (rpIdValue.isUndefined()) {
|
||||
return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH;
|
||||
}
|
||||
|
||||
if (effectiveDomain.isEmpty()) {
|
||||
return ERROR_PASSKEYS_ORIGIN_NOT_ALLOWED;
|
||||
}
|
||||
|
||||
// The RP ID defaults to being the caller's origin's effective domain unless the caller has explicitly set
|
||||
// options.rp.id
|
||||
if (rpIdValue.isUndefined() || rpIdValue.isNull()) {
|
||||
*result = effectiveDomain;
|
||||
return PASSKEYS_SUCCESS;
|
||||
}
|
||||
|
||||
const auto rpId = rpIdValue.toString();
|
||||
if (!isRegistrableDomainSuffix(rpId, effectiveDomain)) {
|
||||
return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH;
|
||||
|
@ -573,17 +573,18 @@ void TestPasskeys::testRpIdValidation()
|
||||
QString result;
|
||||
auto allowedIdentical = passkeyUtils()->validateRpId(QString("example.com"), QString("example.com"), &result);
|
||||
QCOMPARE(result, QString("example.com"));
|
||||
QVERIFY(allowedIdentical == 0);
|
||||
QVERIFY(allowedIdentical == PASSKEYS_SUCCESS);
|
||||
|
||||
result.clear();
|
||||
auto allowedSubdomain = passkeyUtils()->validateRpId(QString("example.com"), QString("www.example.com"), &result);
|
||||
QCOMPARE(result, QString("example.com"));
|
||||
QVERIFY(allowedSubdomain == 0);
|
||||
QVERIFY(allowedSubdomain == PASSKEYS_SUCCESS);
|
||||
|
||||
result.clear();
|
||||
auto emptyRpId = passkeyUtils()->validateRpId({}, QString("example.com"), &result);
|
||||
QCOMPARE(result, QString(""));
|
||||
QVERIFY(emptyRpId == ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH);
|
||||
QJsonValue emptyValue;
|
||||
auto emptyRpId = passkeyUtils()->validateRpId(emptyValue, QString("example.com"), &result);
|
||||
QCOMPARE(result, QString("example.com"));
|
||||
QVERIFY(emptyRpId == PASSKEYS_SUCCESS);
|
||||
|
||||
result.clear();
|
||||
auto ipRpId = passkeyUtils()->validateRpId(QString("127.0.0.1"), QString("example.com"), &result);
|
||||
|
Loading…
Reference in New Issue
Block a user