diff options
| author | syuilo <4439005+syuilo@users.noreply.github.com> | 2024-11-23 04:44:33 +0900 |
|---|---|---|
| committer | syuilo <4439005+syuilo@users.noreply.github.com> | 2024-11-23 04:44:33 +0900 |
| commit | 04b221409cac8e54e9f392b1a50094799c866441 (patch) | |
| tree | c7438ec29c7f5c2b3de231f6b6fc06511adfcc7e /packages/backend/src/core/WebAuthnService.ts | |
| parent | Update CHANGELOG.md (typo) (diff) | |
| download | sharkey-04b221409cac8e54e9f392b1a50094799c866441.tar.gz sharkey-04b221409cac8e54e9f392b1a50094799c866441.tar.bz2 sharkey-04b221409cac8e54e9f392b1a50094799c866441.zip | |
fix(backend): use atomic command to improve security
Diffstat (limited to 'packages/backend/src/core/WebAuthnService.ts')
| -rw-r--r-- | packages/backend/src/core/WebAuthnService.ts | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/packages/backend/src/core/WebAuthnService.ts b/packages/backend/src/core/WebAuthnService.ts index ad53192f18..ed75e4f467 100644 --- a/packages/backend/src/core/WebAuthnService.ts +++ b/packages/backend/src/core/WebAuthnService.ts @@ -189,14 +189,12 @@ export class WebAuthnService { */ @bindThis public async verifySignInWithPasskeyAuthentication(context: string, response: AuthenticationResponseJSON): Promise<MiUser['id'] | null> { - const challenge = await this.redisClient.get(`webauthn:challenge:${context}`); + const challenge = await this.redisClient.getdel(`webauthn:challenge:${context}`); if (!challenge) { throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', `challenge '${context}' not found`); } - await this.redisClient.del(`webauthn:challenge:${context}`); - const key = await this.userSecurityKeysRepository.findOneBy({ id: response.id, }); |