Skip to content

Commit

Permalink
Add hacky validation for hints during registration (#695)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Tyrrrz
Tyrrrz authored Aug 23, 2024
1 parent bc4d39a commit ae98162
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 7 deletions.
26 changes: 20 additions & 6 deletions src/AdminConsole/Pages/App/Playground/NewAccount.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,19 +119,34 @@ document.addEventListener('DOMContentLoaded', function() {
document.getElementById('register-btn').addEventListener('click', (e) => createNewAccount(e));
const createNewAccount = async (e) => {
let form = document.getElementById("registration-form");
const form = document.getElementById("registration-form");
const data = new FormData(form);
let req = await fetch("?handler=token", {
// Validation
if (data.get("hints")) {
const hints = data.get("hints").split(",").map(h => h.trim().toLowerCase());
if (new Set(hints).size !== hints.length) {
alert("You cannot provide duplicate hints.");
return;
}
if (!hints.every(h => ["client-device", "security-key", "hybrid"].includes(h))) {
alert("Hint values must be either 'client-device', 'security-key', or 'hybrid'.");
return;
}
}
const res = await fetch("?handler=token", {
method: "post",
body: data,
headers: {
RequestVerificationToken: "@requestToken"
}
});
if (req.ok) {
const { token } = await req.json();
if (res.ok) {
const { token } = await res.json();
const nicknameForDevice = data.get("nickname");
const { error } = await p.register(token, nicknameForDevice);
Expand All @@ -144,8 +159,7 @@ const createNewAccount = async (e) => {
} else {
const container = document.getElementById("error-message-summary-container");
const field = container.getElementsByClassName("alert-box-message")[0];
const body = await req.text();
const problemDetails = JSON.parse(body);
const problemDetails = await res.json();
field.textContent = problemDetails.title;
container.classList.remove("hidden");
}
Expand Down
2 changes: 1 addition & 1 deletion src/AdminConsole/Pages/App/Playground/NewAccount.cshtml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public async Task<IActionResult> OnPostToken(string name, string email, string a
Aliases = [email],
AliasHashing = false,
Attestation = attestation,
Hints = hints?.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries)
Hints = hints?.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries) ?? []
});

return new JsonResult(token);
Expand Down

0 comments on commit ae98162

Please sign in to comment.