Skip to content

fix: Remove ArrayBuffer checks from WebAuthnIdentity #857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 18, 2024
Merged

fix: Remove ArrayBuffer checks from WebAuthnIdentity #857

merged 3 commits into from
Mar 18, 2024

Conversation

@frederikrothenberger
Copy link
Contributor

@frederikrothenberger frederikrothenberger commented Mar 15, 2024

Description

This PR removes instanceof ArrayBuffer checks from the WebAuthnIdentity. The reason is that these checks hide errors and cause problem in conjunction with the BitWarden password manager (which sets these fields to Uint8Array). See also this issue: dfinity/internet-identity#2235

Simply removing the checks solved the issue entirely, as the fields that supposedly need to be ArrayBuffer are converted to Uint8Array anyway.

How Has This Been Tested?

This change was manually tested with Internet Identity and the BitWarden extension in Chrome.

Checklist:

  • My changes follow the guidelines in CONTRIBUTING.md.
  • The title of this PR complies with Conventional Commits.
  • I have edited the CHANGELOG accordingly.
  • I have made corresponding changes to the documentation.

fix: Remove ArrayBuffer checks from WebAuthnIdentity
843c833 
This PR removes `instanceof ArrayBuffer` checks from the
`WebAuthnIdentity`. The reason is that these checks hide errors
and cause problem in conjunction with the Bitwarden password
manager (which sets these fields to `Uint8Array`). See also this issue:
dfinity/internet-identity#2235

Simply removing the checks solved the issue entirely, as the fields that
supposedly need to be `ArrayBuffer` are converted to `Uint8Array` anyway.

This change was tested with Internet Identity and the Bitwarden extension
in Chrome.
@frederikrothenberger frederikrothenberger requested a review from a team as a code owner March 15, 2024 10:01
@frederikrothenberger frederikrothenberger mentioned this pull request Mar 15, 2024
Closed
frederikrothenberger
frederikrothenberger commented Mar 18, 2024
View reviewed changes
Copy link
Contributor Author

@frederikrothenberger frederikrothenberger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, these changes work too!

peterpeterparker
peterpeterparker reviewed Mar 18, 2024
View reviewed changes
packages/identity/src/identity/webauthn.ts
throw new Error('Could not create credentials.');
}

const response = creds.response as AuthenticatorAttestationResponse;
Copy link
Member

@peterpeterparker peterpeterparker Mar 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't you now potentially casting an undefined to an AuthenticatorAttestationResponse, given that the snippet you removed also checked for creds.response === undefined? In other words, aren't you potentially facing uncaught undefined issues in the following lines?

Copy link
Contributor

@krpeacock krpeacock Mar 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None of the typing suggests that creds.response can be undefined, given the other checks we've done to make sure that _createCredential yields PublicKeyCredentialWithAttachment | null

Copy link
Member

@peterpeterparker peterpeterparker Mar 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this undefined test was useless?

if (creds.response === undefined || !(creds.rawId instanceof ArrayBuffer)) {

Good then, thanks for the feedback.

Copy link
Contributor

@krpeacock krpeacock Mar 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may have been. We have also updated the version of Typescript and other browser typings since this was written, so something I'm unaware of may have changed in the meantime

@krpeacock krpeacock merged commit 2a31681 into dfinity:main Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterpeterparker peterpeterparker peterpeterparker left review comments

+1 more reviewer

@krpeacock krpeacock krpeacock approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@frederikrothenberger @krpeacock @peterpeterparker