Fix, follow spec, response.userHandle allow null (#114)

* userhandle allow null * fix lint trailing comma
webauthn-open-source · Sep 25, 2022 · dc3ffda · dc3ffda
1 parent adaab4d
commit dc3ffda
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/lib/parser.js b/lib/parser.js
@@ -371,7 +371,7 @@ async function parseAuthnrAssertionResponse(msg) {
 	}
 
 	let userHandle;
-	if (msg.response.userHandle !== undefined) {
+	if (msg.response.userHandle !== undefined && msg.response.userHandle !== null) {
 		userHandle = coerceToArrayBuffer(msg.response.userHandle, "response.userHandle");
 		if (userHandle.byteLength === 0) {
 			userHandle = undefined;

diff --git a/lib/validator.js b/lib/validator.js
@@ -220,7 +220,7 @@ function validateAssertionResponse() {
 
 	if (typeof req.response.userHandle !== "string" &&
 		!(req.response.userHandle instanceof ArrayBuffer) &&
-		req.response.userHandle !== undefined) {
+		req.response.userHandle !== undefined && req.response.userHandle !== null) {
 		throw new TypeError("expected 'response.userHandle' to be base64 String, ArrayBuffer, or undefined");
 	}
 

diff --git a/test/main.test.js b/test/main.test.js
@@ -687,7 +687,34 @@ describe("Fido2Lib", function() {
 					clientDataJSON: h.lib.assertionResponse.response.clientDataJSON,
 					authenticatorData: h.lib.assertionResponse.response.authenticatorData,
 					signature: h.lib.assertionResponse.response.signature,
-					// userHandle: h.lib.assertionResponse.response.userHandle
+				},
+			};
+
+			return serv.assertionResult(assertionResponse, expectations).then(
+				(res) => {
+					assert.instanceOf(res, Fido2AssertionResult);
+					return res;
+				},
+			);
+		});
+
+		it("valid assertion with null userHandle", function() {
+			const expectations = {
+				challenge: "eaTyUNnyPDDdK8SNEgTEUvz1Q8dylkjjTimYd5X7QAo-F8_Z1lsJi3BilUpFZHkICNDWY8r9ivnTgW7-XZC3qQ",
+				origin: "https://localhost:8443",
+				factor: "either",
+				publicKey: h.lib.assnPublicKey,
+				prevCounter: 362,
+				userHandle: null,
+			};
+
+			const assertionResponse = {
+				rawId: h.lib.assertionResponse.rawId,
+				response: {
+					clientDataJSON: h.lib.assertionResponse.response.clientDataJSON,
+					authenticatorData: h.lib.assertionResponse.response.authenticatorData,
+					signature: h.lib.assertionResponse.response.signature,
+					userHandle: null,
 				},
 			};