Set user_handle to nil for non-string data type #392
Conversation
|
@brauliomartinezlm - I see several PRs open with no response for a while. Is this going to be taken care of at all? |
There was a problem hiding this comment.
Hey @elquimista!!! Thank you so much for reporting this and taking your time to fix it! 🙌
Sorry for the late response.
Code looks good to me. Well done! 💪
Co-authored-by: Santiago Rodriguez <[email protected]>
| @@ -14,7 +14,7 @@ def self.from_client(response, relying_party: WebAuthn.configuration.relying_par | |||
| encoder = relying_party.encoder | |||
|
|
|||
| user_handle = | |||
| if response["userHandle"] && String === response["userHandle"] | |||
| if response["userHandle"] && response["userHandle"].is_a? String | |||
There was a problem hiding this comment.
Seems that we have a syntax error here 😕
| if response["userHandle"] && response["userHandle"].is_a? String | |
| if response["userHandle"] && response["userHandle"].is_a?(String) |
|
🤔 returning I noticed in the fix you referenced that for other ArrayBuffers (authenticatorData, signature) in the AuthenticatorAssertionResponse you wrap these in a |
Current code expects
userHandlevalue in string data type and it seems to work fine at least for desktop web browsers. I tested with Yubikey 5C NFC and it returns an empty string''foruserHandle.However, when I tested on mobile browsers (e.g., iOS Safari), it is returned with an empty object
{}rather than an empty string, which causes an error in the backend code trying to encode a Hash object instead of a String object.Because of this, I had to do a simple workaround temporarily in one of my client application.
I don't know if this suggestion is a right approach but at least it fixes my problem. Please let me know if there is a better approach. I am not an expert when it comes to webauthn.