forked from mirror/misskey
fix(backend): use atomic command to improve security
This commit is contained in:
parent
0e90589290
commit
04b221409c
@ -189,14 +189,12 @@ export class WebAuthnService {
|
|||||||
*/
|
*/
|
||||||
@bindThis
|
@bindThis
|
||||||
public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> {
|
public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> {
|
||||||
const challenge = await this.redisClient.get(`webauthn:challenge:${context}`);
|
const challenge = await this.redisClient.getdel(`webauthn:challenge:${context}`);
|
||||||
|
|
||||||
if (!challenge) {
|
if (!challenge) {
|
||||||
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`);
|
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`);
|
||||||
}
|
}
|
||||||
|
|
||||||
await this.redisClient.del(`webauthn:challenge:${context}`);
|
|
||||||
|
|
||||||
const key = await this.userSecurityKeysRepository.findOneBy({
|
const key = await this.userSecurityKeysRepository.findOneBy({
|
||||||
id: response.id,
|
id: response.id,
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user