diff --git a/lib/parser.js b/lib/parser.js index 7c6e9813..a401b6bc 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -371,7 +371,7 @@ async function parseAuthnrAssertionResponse(msg) { } let userHandle; - if (msg.response.userHandle !== undefined) { + if (msg.response.userHandle !== undefined && msg.response.userHandle !== null) { userHandle = coerceToArrayBuffer(msg.response.userHandle, "response.userHandle"); if (userHandle.byteLength === 0) { userHandle = undefined; diff --git a/lib/validator.js b/lib/validator.js index c012580c..2cac4af9 100644 --- a/lib/validator.js +++ b/lib/validator.js @@ -220,7 +220,7 @@ function validateAssertionResponse() { if (typeof req.response.userHandle !== "string" && !(req.response.userHandle instanceof ArrayBuffer) && - req.response.userHandle !== undefined) { + req.response.userHandle !== undefined && req.response.userHandle !== null) { throw new TypeError("expected 'response.userHandle' to be base64 String, ArrayBuffer, or undefined"); } diff --git a/test/main.test.js b/test/main.test.js index c2ac4ca2..02b99960 100644 --- a/test/main.test.js +++ b/test/main.test.js @@ -687,7 +687,34 @@ describe("Fido2Lib", function() { clientDataJSON: h.lib.assertionResponse.response.clientDataJSON, authenticatorData: h.lib.assertionResponse.response.authenticatorData, signature: h.lib.assertionResponse.response.signature, - // userHandle: h.lib.assertionResponse.response.userHandle + }, + }; + + return serv.assertionResult(assertionResponse, expectations).then( + (res) => { + assert.instanceOf(res, Fido2AssertionResult); + return res; + }, + ); + }); + + it("valid assertion with null userHandle", function() { + const expectations = { + challenge: "eaTyUNnyPDDdK8SNEgTEUvz1Q8dylkjjTimYd5X7QAo-F8_Z1lsJi3BilUpFZHkICNDWY8r9ivnTgW7-XZC3qQ", + origin: "https://localhost:8443", + factor: "either", + publicKey: h.lib.assnPublicKey, + prevCounter: 362, + userHandle: null, + }; + + const assertionResponse = { + rawId: h.lib.assertionResponse.rawId, + response: { + clientDataJSON: h.lib.assertionResponse.response.clientDataJSON, + authenticatorData: h.lib.assertionResponse.response.authenticatorData, + signature: h.lib.assertionResponse.response.signature, + userHandle: null, }, };