From d63639fc62d23c791560476e7fd99d667ecc0074 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sun, 24 Mar 2019 22:48:06 -0700 Subject: [PATCH] More WebAuthn/FIDO2 server fixes. --- meshuser.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meshuser.js b/meshuser.js index dbb76f76..708297e6 100644 --- a/meshuser.js +++ b/meshuser.js @@ -2022,8 +2022,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use clientAttestationResponse.response.clientDataJSON = new Uint8Array(Buffer.from(clientAttestationResponse.response.clientDataJSON, 'base64')).buffer; parent.f2l.attestationResult(clientAttestationResponse, attestationExpectations).then(function (regResult) { - // If we register a WebAuthn/FIDO2 key, remove all U2F keys. - // TODO + // Since we are registering a WebAuthn/FIDO2 key, remove all U2F keys (Type 1). + var otphkeys2 = []; + for (var i = 0; i < user.otphkeys.length; i++) { if (user.otphkeys[i].type != 1) { otphkeys2.push(user.otphkeys[i]); } } + user.otphkeys = otphkeys2; // Add the new WebAuthn/FIDO2 keys var keyIndex = parent.crypto.randomBytes(4).readUInt32BE(0);