Skip to content

Commit

Permalink
Fix uncovered scenario with PublicKeyCredentialSourceRepository
Browse files Browse the repository at this point in the history
  • Loading branch information
Spomky committed Oct 15, 2023
1 parent 474cc11 commit 1aa6855
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions src/webauthn/src/AuthenticatorAssertionResponseValidator.php
Original file line number Diff line number Diff line change
Expand Up @@ -139,9 +139,17 @@ public function check(
->getHost(),
'userHandle' => $userHandle,
]);
$publicKeyCredentialSource = is_string(
$credentialId
) ? $this->publicKeyCredentialSourceRepository?->findOneByCredentialId($credentialId) : $credentialId;
$publicKeyCredentialSource = null;
if ($credentialId instanceof PublicKeyCredentialSource) {
$publicKeyCredentialSource = $credentialId;
} else {
$this->publicKeyCredentialSourceRepository instanceof PublicKeyCredentialSourceRepository || throw AuthenticatorResponseVerificationException::create(
'The parameter "$publicKeyCredentialSourceRepository" is required.'
);
$publicKeyCredentialSource = $this->publicKeyCredentialSourceRepository->findOneByCredentialId(
$credentialId
);
}
$publicKeyCredentialSource !== null || throw AuthenticatorResponseVerificationException::create(
'The credential ID is invalid.'
);
Expand Down

0 comments on commit 1aa6855

Please sign in to comment.