server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon bitwarden

[PM-5435] Handle Fido2VerificationException on WebAuthn 2FA

Open trmartin4 opened this issue 2 years ago • 3 comments

Type of change

- [X] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

When there is an error validating the RPID during WebAuthn 2FA, the Fido2NetLib library throws a Fido2VerificationException. This exception was not being caught, and it was causing a 500 Unhandled exception response to the client.

The source for this verification shows when the exception is thrown.

Code changes

  • WebAuthnTokenProvider: Add try/catch around the verification call. Return false (not verified) if there is a verification exception.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

trmartin4 avatar Dec 23 '23 00:12 trmartin4

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Feb 21 '24 16:02 sonarqubecloud[bot]

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (70fac80) 36.36% compared to head (c4ba6ad) 36.36%.

Files Patch % Lines
src/Core/Auth/Identity/WebAuthnTokenProvider.cs 0.00% 12 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3615      +/-   ##
==========================================
- Coverage   36.36%   36.36%   -0.01%     
==========================================
  Files        1158     1158              
  Lines       55884    55888       +4     
  Branches     5376     5376              
==========================================
  Hits        20324    20324              
- Misses      34614    34618       +4     
  Partials      946      946

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Feb 21 '24 16:02 codecov[bot]

Logo Checkmarx One – Scan Summary & Details6613baf2-ca54-4baf-8867-fd40fa121a2c

No New Or Fixed Issues Found

bitwarden-bot avatar Feb 21 '24 16:02 bitwarden-bot