Merge pull request #1519 from Lokowitz/webauth

Fix upgrade @simplewebauthn/server from 9.0.3 to 13.2.1
2026-02-22 04:46:40 +00:00 · 2025-09-28 10:47:06 -07:00
parent 1a01e8d53a e43fc59634
commit be9494dd54
8 changed files with 249 additions and 118 deletions
--- a/server/routers/auth/securityKey.ts
+++ b/server/routers/auth/securityKey.ts
@@ -16,18 +16,12 @@ import {
 } from "@simplewebauthn/server";
 import type {
    GenerateRegistrationOptionsOpts,
-    VerifyRegistrationResponseOpts,
    GenerateAuthenticationOptionsOpts,
-    VerifyAuthenticationResponseOpts,
-    VerifiedRegistrationResponse,
-    VerifiedAuthenticationResponse
+    AuthenticatorTransportFuture
 } from "@simplewebauthn/server";
-import type { 
-    AuthenticatorTransport,
-    AuthenticatorTransportFuture,
-    PublicKeyCredentialDescriptorJSON,
-    PublicKeyCredentialDescriptorFuture
-} from "@simplewebauthn/types";
+import {
+    isoBase64URL
+} from '@simplewebauthn/server/helpers';
 import config from "@server/lib/config";
 import { UserType } from "@server/types/UserTypes";
 import { verifyPassword } from "@server/auth/password";
@@ -204,15 +198,14 @@ export async function startRegistration(
            .where(eq(securityKeys.userId, user.userId));

        const excludeCredentials = existingSecurityKeys.map(key => ({
-            id: new Uint8Array(Buffer.from(key.credentialId, 'base64')),
-            type: 'public-key' as const,
+            id: key.credentialId,
            transports: key.transports ? JSON.parse(key.transports) as AuthenticatorTransportFuture[] : undefined
        }));

        const options: GenerateRegistrationOptionsOpts = {
            rpName,
            rpID,
-            userID: user.userId,
+            userID: isoBase64URL.toBuffer(user.userId),
            userName: user.email || user.username,
            attestationType: 'none',
            excludeCredentials,
@@ -308,11 +301,11 @@ export async function verifyRegistration(

        // Store the security key in the database
        await db.insert(securityKeys).values({
-            credentialId: Buffer.from(registrationInfo.credentialID).toString('base64'),
+            credentialId: registrationInfo.credential.id,
            userId: user.userId,
-            publicKey: Buffer.from(registrationInfo.credentialPublicKey).toString('base64'),
-            signCount: registrationInfo.counter || 0,
-            transports: credential.response.transports ? JSON.stringify(credential.response.transports) : null,
+            publicKey: isoBase64URL.fromBuffer(registrationInfo.credential.publicKey),
+            signCount: registrationInfo.credential.counter || 0,
+            transports: registrationInfo.credential.transports ? JSON.stringify(registrationInfo.credential.transports) : null,
            name: challengeData.securityKeyName,
            lastUsed: new Date().toISOString(),
            dateCreated: new Date().toISOString()
@@ -496,7 +489,7 @@ export async function startAuthentication(
    const { email } = parsedBody.data;

    try {
-        let allowCredentials: PublicKeyCredentialDescriptorFuture[] = [];
+        let allowCredentials;
        let userId;

        // If email is provided, get security keys for that specific user
@@ -533,13 +526,9 @@ export async function startAuthentication(
            }

            allowCredentials = userSecurityKeys.map(key => ({
-                id: new Uint8Array(Buffer.from(key.credentialId, 'base64')),
-                type: 'public-key' as const,
+                id: key.credentialId,
                transports: key.transports ? JSON.parse(key.transports) as AuthenticatorTransportFuture[] : undefined
            }));
-        } else {
-            // If no email provided, allow any security key (for resident key authentication)
-            allowCredentials = [];
        }

        const options: GenerateAuthenticationOptionsOpts = {
@@ -616,7 +605,7 @@ export async function verifyAuthentication(
        }

        // Find the security key in database
-        const credentialId = Buffer.from(credential.id, 'base64').toString('base64');
+        const credentialId = credential.id;
        const [securityKey] = await db
            .select()
            .from(securityKeys)
@@ -653,9 +642,9 @@ export async function verifyAuthentication(
            expectedChallenge: challengeData.challenge,
            expectedOrigin: origin,
            expectedRPID: rpID,
-            authenticator: {
-                credentialID: Buffer.from(securityKey.credentialId, 'base64'),
-                credentialPublicKey: Buffer.from(securityKey.publicKey, 'base64'),
+            credential: {
+                id: securityKey.credentialId,
+                publicKey: isoBase64URL.toBuffer(securityKey.publicKey),
                counter: securityKey.signCount,
                transports: securityKey.transports ? JSON.parse(securityKey.transports) as AuthenticatorTransportFuture[] : undefined
            },
@@ -714,4 +703,4 @@ export async function verifyAuthentication(
            )
        );
    }
-} 
+}