Skip to content

Commit

Permalink
fix(backend): use atomic command to improve security
Browse files Browse the repository at this point in the history
  • Loading branch information
@syuilo
syuilo committed Nov 22, 2024
1 parent 0e90589 commit 04b2214
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions packages/backend/src/core/WebAuthnService.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,14 +189,12 @@ export class WebAuthnService {
*/
@bindThis
public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> {
const challenge = await this.redisClient.get(`webauthn:challenge:${context}`);
const challenge = await this.redisClient.getdel(`webauthn:challenge:${context}`);

if (!challenge) {
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`);
}

await this.redisClient.del(`webauthn:challenge:${context}`);

const key = await this.userSecurityKeysRepository.findOneBy({
id: response.id,
});
Expand Down

1 comment on commit 04b2214

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chromatic detects changes. Please review the changes on Chromatic.

Please sign in to comment.