Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Commit

Permalink
Fix #1360: Handle special characters in error descriptions (#1361)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jumde @jhreis
jumde authored and jhreis committed Aug 10, 2019
1 parent 33ea7f2 commit b242f7a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 10 deletions.
8 changes: 4 additions & 4 deletions Client/Frontend/UserContent/UserScripts/U2F.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ Object.defineProperty($<webauthn>, 'postCreate', {
return;
}
if (errorName) {
$<webauthn>.reject[handle](new DOMException(errorDescription, errorName))
$<webauthn>.reject[handle](new DOMException(atob(errorDescription), atob(errorName)))
return
}
response = new $<attest>(attestationObject, clientDataJSON)
Expand All @@ -136,7 +136,7 @@ Object.defineProperty($<webauthn>, 'postGet', {
return;
}
if (errorName) {
$<webauthn>.reject[handle](new DOMException(errorDescription, errorName))
$<webauthn>.reject[handle](new DOMException(atob(errorDescription), atob(errorName)))
return
}
response = new $<assert>(authenticatorData, clientDataJSON, signature, userHandle)
Expand All @@ -155,7 +155,7 @@ Object.defineProperty($<u2f>, 'postSign', {
if (errorCode > 1) {
errorData = {
'errorCode': errorCode,
'errorMessage': errorMessage
'errorMessage': atob(errorMessage)
}
$<u2f>.resolve[handle](errorData)
return
Expand All @@ -175,7 +175,7 @@ Object.defineProperty($<u2f>, 'postRegister', {
if (errorCode > 1) {
errorData = {
'errorCode': errorCode,
'errorMessage': errorMessage
'errorMessage': atob(errorMessage)
}
$<u2f>.resolve[handle](errorData)
return
Expand Down
19 changes: 13 additions & 6 deletions Client/U2FExtensions.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ class U2FExtensions: NSObject {
private func sendFIDO2RegistrationError(handle: Int, errorName: String = FIDO2ErrorMessages.NotAllowedError.rawValue, errorDescription: String = Strings.U2FRegistrationError) {
cleanupFIDO2Registration(handle: handle)
ensureMainThread {
self.tab?.webView?.evaluateJavaScript("navigator.credentials.postCreate('\(handle)', \(true),'', '', '', '\(errorName)', '\(errorDescription)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("navigator.credentials.postCreate('\(handle)', \(true),'', '', '', '\(errorName.toBase64())', '\(errorDescription.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorRegistration.rawValue
log.error(errorDescription)
Expand Down Expand Up @@ -576,7 +576,7 @@ class U2FExtensions: NSObject {
private func sendFIDO2AuthenticationError(handle: Int, errorName: String = FIDO2ErrorMessages.NotAllowedError.rawValue, errorDescription: String = Strings.U2FAuthenticationError) {
cleanupFIDO2Authentication(handle: handle)
ensureMainThread {
self.tab?.webView?.evaluateJavaScript("navigator.credentials.postGet('\(handle)', \(true), '', '', '', '', '\(errorName)', '\(errorDescription)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("navigator.credentials.postGet('\(handle)', \(true), '', '', '', '', '\(errorName.toBase64())', '\(errorDescription.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorAuthentication.rawValue
log.error(errorDescription)
Expand Down Expand Up @@ -730,7 +730,7 @@ class U2FExtensions: NSObject {
cleanupFIDORegistration(handle: handle)
if requestId >= 0 {
ensureMainThread {
self.tab?.webView?.evaluateJavaScript("u2f.postLowLevelRegister(\(requestId), \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("u2f.postLowLevelRegister(\(requestId), \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorRegistration.rawValue
log.error(errorDescription)
Expand All @@ -740,7 +740,7 @@ class U2FExtensions: NSObject {
}

ensureMainThread {
self.tab?.webView?.evaluateJavaScript("u2f.postRegister('\(handle)', \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("u2f.postRegister('\(handle)', \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorRegistration.rawValue
log.error(errorDescription)
Expand Down Expand Up @@ -858,7 +858,7 @@ class U2FExtensions: NSObject {

if requestId >= 0 {
ensureMainThread {
self.tab?.webView?.evaluateJavaScript("u2f.postLowLevelSign(\(requestId), \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("u2f.postLowLevelSign(\(requestId), \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorAuthentication.rawValue
log.error(errorDescription)
Expand All @@ -868,7 +868,7 @@ class U2FExtensions: NSObject {
}

ensureMainThread {
self.tab?.webView?.evaluateJavaScript("u2f.postSign('\(handle)', \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage)')", completionHandler: { _, error in
self.tab?.webView?.evaluateJavaScript("u2f.postSign('\(handle)', \(true), '', '', '', \(errorCode.rawValue), '\(errorMessage.toBase64())')", completionHandler: { _, error in
if error != nil {
let errorDescription = error?.localizedDescription ?? U2FErrorMessages.ErrorAuthentication.rawValue
log.error(errorDescription)
Expand Down Expand Up @@ -1083,3 +1083,10 @@ extension Strings {
public static let pinPlaceholder = NSLocalizedString("pinPlaceholder", bundle: Bundle.shared, value: "PIN", comment: "Placeholder text for PIN")
public static let confirmPin = NSLocalizedString("confirmPin", bundle: Bundle.shared, value: "Confirm", comment: "Button text to confirm PIN")
}

extension String {
/// Encode a String to Base64
func toBase64() -> String {
return Data(self.utf8).base64EncodedString()
}
}

0 comments on commit b242f7a

Please sign in to comment.