-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set user_handle to nil for non-string data type #392
base: master
Are you sure you want to change the base?
Conversation
@brauliomartinezlm - I see several PRs open with no response for a while. Is this going to be taken care of at all? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @elquimista!!! Thank you so much for reporting this and taking your time to fix it! 🙌
Sorry for the late response.
Code looks good to me. Well done! 💪
Co-authored-by: Santiago Rodriguez <[email protected]>
@@ -14,7 +14,7 @@ def self.from_client(response, relying_party: WebAuthn.configuration.relying_par | |||
encoder = relying_party.encoder | |||
|
|||
user_handle = | |||
if response["userHandle"] && String === response["userHandle"] | |||
if response["userHandle"] && response["userHandle"].is_a? String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems that we have a syntax error here 😕
if response["userHandle"] && response["userHandle"].is_a? String | |
if response["userHandle"] && response["userHandle"].is_a?(String) |
🤔 returning I noticed in the fix you referenced that for other ArrayBuffers (authenticatorData, signature) in the AuthenticatorAssertionResponse you wrap these in a |
Current code expects
userHandle
value in string data type and it seems to work fine at least for desktop web browsers. I tested with Yubikey 5C NFC and it returns an empty string''
foruserHandle
.However, when I tested on mobile browsers (e.g., iOS Safari), it is returned with an empty object
{}
rather than an empty string, which causes an error in the backend code trying to encode a Hash object instead of a String object.Because of this, I had to do a simple workaround temporarily in one of my client application.
I don't know if this suggestion is a right approach but at least it fixes my problem. Please let me know if there is a better approach. I am not an expert when it comes to webauthn.