From 5883f49f37ad518b17923aa901cd72a345e104c0 Mon Sep 17 00:00:00 2001 From: varjolintu Date: Mon, 11 Mar 2024 16:39:40 +0200 Subject: [PATCH] Passkeys: Fix RP ID validation --- src/browser/BrowserService.cpp | 2 +- src/browser/PasskeyUtils.cpp | 11 +++++++---- tests/TestPasskeys.cpp | 11 ++++++----- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp index 94ff2829a5..c7f734c347 100644 --- a/src/browser/BrowserService.cpp +++ b/src/browser/BrowserService.cpp @@ -630,7 +630,7 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public } const auto excludeCredentials = credentialCreationOptions["excludeCredentials"].toArray(); - const auto rpId = publicKeyOptions["rp"]["id"].toString(); + const auto rpId = credentialCreationOptions["rp"].toObject()["id"].toString(); const auto timeout = publicKeyOptions["timeout"].toInt(); const auto username = credentialCreationOptions["user"].toObject()["name"].toString(); const auto user = credentialCreationOptions["user"].toObject(); diff --git a/src/browser/PasskeyUtils.cpp b/src/browser/PasskeyUtils.cpp index 0dda93a6ea..a40caa1e43 100644 --- a/src/browser/PasskeyUtils.cpp +++ b/src/browser/PasskeyUtils.cpp @@ -109,14 +109,17 @@ int PasskeyUtils::validateRpId(const QJsonValue& rpIdValue, const QString& effec return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH; } - if (rpIdValue.isUndefined()) { - return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH; - } - if (effectiveDomain.isEmpty()) { return ERROR_PASSKEYS_ORIGIN_NOT_ALLOWED; } + // The RP ID defaults to being the caller's origin's effective domain unless the caller has explicitly set + // options.rp.id + if (rpIdValue.isUndefined() || rpIdValue.isNull()) { + *result = effectiveDomain; + return PASSKEYS_SUCCESS; + } + const auto rpId = rpIdValue.toString(); if (!isRegistrableDomainSuffix(rpId, effectiveDomain)) { return ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH; diff --git a/tests/TestPasskeys.cpp b/tests/TestPasskeys.cpp index fc101db5e0..160087b6e0 100644 --- a/tests/TestPasskeys.cpp +++ b/tests/TestPasskeys.cpp @@ -573,17 +573,18 @@ void TestPasskeys::testRpIdValidation() QString result; auto allowedIdentical = passkeyUtils()->validateRpId(QString("example.com"), QString("example.com"), &result); QCOMPARE(result, QString("example.com")); - QVERIFY(allowedIdentical == 0); + QVERIFY(allowedIdentical == PASSKEYS_SUCCESS); result.clear(); auto allowedSubdomain = passkeyUtils()->validateRpId(QString("example.com"), QString("www.example.com"), &result); QCOMPARE(result, QString("example.com")); - QVERIFY(allowedSubdomain == 0); + QVERIFY(allowedSubdomain == PASSKEYS_SUCCESS); result.clear(); - auto emptyRpId = passkeyUtils()->validateRpId({}, QString("example.com"), &result); - QCOMPARE(result, QString("")); - QVERIFY(emptyRpId == ERROR_PASSKEYS_DOMAIN_RPID_MISMATCH); + QJsonValue emptyValue; + auto emptyRpId = passkeyUtils()->validateRpId(emptyValue, QString("example.com"), &result); + QCOMPARE(result, QString("example.com")); + QVERIFY(emptyRpId == PASSKEYS_SUCCESS); result.clear(); auto ipRpId = passkeyUtils()->validateRpId(QString("127.0.0.1"), QString("example.com"), &result);