Fix, follow spec, response.userHandle allow null (#114)

PathToLife · web-flow · commit dc3ffda827c8 · 2022-09-25T11:07:36.000+02:00
* userhandle allow null

* fix lint trailing comma
diff --git a/lib/parser.js b/lib/parser.js
@@ -371,7 +371,7 @@ async function parseAuthnrAssertionResponse(msg) {
 	}
 
 	let userHandle;
-	if (msg.response.userHandle !== undefined) {
+	if (msg.response.userHandle !== undefined && msg.response.userHandle !== null) {
 		userHandle = coerceToArrayBuffer(msg.response.userHandle, "response.userHandle");
 		if (userHandle.byteLength === 0) {
 			userHandle = undefined;
diff --git a/lib/validator.js b/lib/validator.js
@@ -220,7 +220,7 @@ function validateAssertionResponse() {
 
 	if (typeof req.response.userHandle !== "string" &&
 		!(req.response.userHandle instanceof ArrayBuffer) &&
-		req.response.userHandle !== undefined) {
+		req.response.userHandle !== undefined && req.response.userHandle !== null) {
 		throw new TypeError("expected 'response.userHandle' to be base64 String, ArrayBuffer, or undefined");
 	}
 
diff --git a/test/main.test.js b/test/main.test.js
@@ -687,7 +687,34 @@ describe("Fido2Lib", function() {
 					clientDataJSON: h.lib.assertionResponse.response.clientDataJSON,
 					authenticatorData: h.lib.assertionResponse.response.authenticatorData,
 					signature: h.lib.assertionResponse.response.signature,
-					// userHandle: h.lib.assertionResponse.response.userHandle
+				},
+			};
+
+			return serv.assertionResult(assertionResponse, expectations).then(
+				(res) => {
+					assert.instanceOf(res, Fido2AssertionResult);
+					return res;
+				},
+			);
+		});
+
+		it("valid assertion with null userHandle", function() {
+			const expectations = {
+				challenge: "eaTyUNnyPDDdK8SNEgTEUvz1Q8dylkjjTimYd5X7QAo-F8_Z1lsJi3BilUpFZHkICNDWY8r9ivnTgW7-XZC3qQ",
+				origin: "https://localhost:8443",
+				factor: "either",
+				publicKey: h.lib.assnPublicKey,
+				prevCounter: 362,
+				userHandle: null,
+			};
+
+			const assertionResponse = {
+				rawId: h.lib.assertionResponse.rawId,
+				response: {
+					clientDataJSON: h.lib.assertionResponse.response.clientDataJSON,
+					authenticatorData: h.lib.assertionResponse.response.authenticatorData,
+					signature: h.lib.assertionResponse.response.signature,
+					userHandle: null,
 				},
 			};
 

Original file line number	Diff line number	Diff line change
`@@ -371,7 +371,7 @@ async function parseAuthnrAssertionResponse(msg) {`
`371`	`371`	`}`
`372`	`372`
`373`	`373`	`let userHandle;`
`374`		`- if (msg.response.userHandle !== undefined) {`
	`374`	`+ if (msg.response.userHandle !== undefined && msg.response.userHandle !== null) {`
`375`	`375`	`userHandle = coerceToArrayBuffer(msg.response.userHandle, "response.userHandle");`
`376`	`376`	`if (userHandle.byteLength === 0) {`
`377`	`377`	`userHandle = undefined;`
Original file line number	Diff line number	Diff line change
`@@ -220,7 +220,7 @@ function validateAssertionResponse() {`
`220`	`220`
`221`	`221`	`if (typeof req.response.userHandle !== "string" &&`
`222`	`222`	`!(req.response.userHandle instanceof ArrayBuffer) &&`
`223`		`- req.response.userHandle !== undefined) {`
	`223`	`+ req.response.userHandle !== undefined && req.response.userHandle !== null) {`
`224`	`224`	`throw new TypeError("expected 'response.userHandle' to be base64 String, ArrayBuffer, or undefined");`
`225`	`225`	`}`
`226`	`226`