diff options
| author | syuilo <4439005+syuilo@users.noreply.github.com> | 2024-11-21 09:22:15 +0900 |
|---|---|---|
| committer | syuilo <4439005+syuilo@users.noreply.github.com> | 2024-11-21 09:22:15 +0900 |
| commit | 9fdabe36665fa3a63c80610ea7e0aba64f10c875 (patch) | |
| tree | b4bbcda43ccafb98314d80574e8ae419d88cd8a2 /packages/backend/src/core | |
| parent | Merge commit from fork (diff) | |
| download | sharkey-9fdabe36665fa3a63c80610ea7e0aba64f10c875.tar.gz sharkey-9fdabe36665fa3a63c80610ea7e0aba64f10c875.tar.bz2 sharkey-9fdabe36665fa3a63c80610ea7e0aba64f10c875.zip | |
fix(backend): use atomic command to improve security
Co-Authored-By: Acid Chicken <root@acid-chicken.com>
Diffstat (limited to 'packages/backend/src/core')
| -rw-r--r-- | packages/backend/src/core/WebAuthnService.ts | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/packages/backend/src/core/WebAuthnService.ts b/packages/backend/src/core/WebAuthnService.ts index 75ab0a207c..ad53192f18 100644 --- a/packages/backend/src/core/WebAuthnService.ts +++ b/packages/backend/src/core/WebAuthnService.ts @@ -246,14 +246,12 @@ export class WebAuthnService { @bindThis public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> { - const challenge = await this.redisClient.get(`webauthn:challenge:${userId}`); + const challenge = await this.redisClient.getdel(`webauthn:challenge:${userId}`); if (!challenge) { throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', 'challenge not found'); } - await this.redisClient.del(`webauthn:challenge:${userId}`); - const key = await this.userSecurityKeysRepository.findOneBy({ id: response.id, userId: userId, |