coryHawkvelt/gatehouse-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): validate WebAuthn rp.id against current host

Browse Source 
Add ensureValidRpId helper to validate and correct rp.id for WebAuthn
operations, preventing authentication failures when the configured rp.id
doesn't match the current hostname. Also add OAuthProvider type and fix
type casting in LoginPage.
This commit is contained in:
Cory Hawkvelt
2026-02-24 01:20:41 +10:30
parent e854bf801e
commit 5c2971e38d
5 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/pages/auth/LoginPage.tsx
+2 -2
View File
@@ -218,7 +218,7 @@ export default function LoginPage() {
try {
// Step 1: Get login options from server
const options = await api.webauthn.beginLogin(emailToUse) as WebAuthnLoginOptions;
const options = await api.webauthn.beginLogin(emailToUse) as unknown as WebAuthnLoginOptions;
// Step 2: Create assertion using browser WebAuthn API
const assertion = await createLoginAssertion(options);
@@ -286,7 +286,7 @@ export default function LoginPage() {
try {
// Step 1: Get login options from server
const options = await api.webauthn.beginLogin(email) as WebAuthnLoginOptions;
const options = await api.webauthn.beginLogin(email) as unknown as WebAuthnLoginOptions;
// Step 2: Create assertion using browser WebAuthn API
const assertion = await createLoginAssertion(options);