fix: additional validation

supertokens · Feb 14, 2025 · 6f2452e · 6f2452e
1 parent e109bf8
commit 6f2452e
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 5 deletions.
diff --git a/src/main/java/io/supertokens/webauthn/WebAuthN.java b/src/main/java/io/supertokens/webauthn/WebAuthN.java
@@ -71,10 +71,11 @@ public class WebAuthN {
 
     public static JsonObject generateOptions(TenantIdentifier tenantIdentifier, Storage storage, String email, String displayName, String relyingPartyName, String relyingPartyId,
                                              String origin, Long timeout, String attestation, String residentKey,
-                                             String userVerification, JsonArray supportedAlgorithmIds, boolean userPresenceRequired)
+                                             String userVerification, JsonArray supportedAlgorithmIds, Boolean userPresenceRequired)
             throws StorageQueryException, InvalidWebauthNOptionsException {
 
-        OptionsValidator.validateOptions(origin, relyingPartyId, timeout, attestation, userVerification, residentKey);
+        OptionsValidator.validateOptions(origin, relyingPartyId, timeout, attestation, userVerification, residentKey,
+                supportedAlgorithmIds, userPresenceRequired);
 
         PublicKeyCredentialRpEntity relyingPartyEntity = new PublicKeyCredentialRpEntity(relyingPartyId,
                 relyingPartyName);
@@ -132,7 +133,8 @@ public static JsonObject generateSignInOptions(TenantIdentifier tenantIdentifier
                                                    String userVerification, boolean userPresenceRequired)
             throws StorageQueryException, InvalidWebauthNOptionsException {
 
-        OptionsValidator.validateOptions(origin, relyingPartyId, timeout, "none", "preferred", "required");
+        OptionsValidator.validateOptions(origin, relyingPartyId, timeout, "none", "preferred", "required",
+        new JsonArray(), userPresenceRequired);
 
         Challenge challenge = getChallenge();
 

diff --git a/src/main/java/io/supertokens/webauthn/validator/OptionsValidator.java b/src/main/java/io/supertokens/webauthn/validator/OptionsValidator.java
@@ -16,6 +16,8 @@
 
 package io.supertokens.webauthn.validator;
 
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
 import io.supertokens.webauthn.exception.InvalidWebauthNOptionsException;
 
 import java.net.MalformedURLException;
@@ -25,13 +27,16 @@
 public class OptionsValidator {
 
     public static void validateOptions(String origin, String rpId, Long timeout, String attestation,
-                                        String userVerification, String residentKey)
+                                       String userVerification, String residentKey, JsonElement supportedAlgorithmIds,
+                                       Boolean userPresence)
             throws InvalidWebauthNOptionsException {
         validateOrigin(origin, rpId);
         validateTimeout(timeout);
         validateUserVerification(userVerification);
         validateAttestation(attestation);
         validateResidentKey(residentKey);
+        validateSupportedAlgorithmIds(supportedAlgorithmIds);
+        validateUserPresence(userPresence);
     }
 
     private static void validateOrigin(String origin, String rpId) throws InvalidWebauthNOptionsException {
@@ -46,7 +51,7 @@ private static void validateOrigin(String origin, String rpId) throws InvalidWeb
     }
 
     private static void validateTimeout(Long timeout) throws InvalidWebauthNOptionsException {
-        if (timeout == null || timeout < 0) {
+        if (timeout == null || timeout < 0L) {
             throw new InvalidWebauthNOptionsException("Timeout must be a positive long value");
         }
     }
@@ -70,4 +75,29 @@ private static void validateUserVerification(String userVerification) throws Inv
     private static void validateResidentKey(String residentKey) throws InvalidWebauthNOptionsException {
         validateEnumeratedStrValues(residentKey, List.of("required", "discouraged", "preferred"), "residentKey");
     }
+
+    private static void validateSupportedAlgorithmIds(JsonElement supportedAlgorithmIds) throws InvalidWebauthNOptionsException {
+        if (supportedAlgorithmIds == null){
+            throw new InvalidWebauthNOptionsException("supportedAlgorithmIds should not be null");
+        }
+        try {
+            JsonArray supportedAlgos = supportedAlgorithmIds.getAsJsonArray();
+            for(int i = 0; i < supportedAlgos.size(); i++){
+                try {
+                    supportedAlgos.get(i).getAsLong();
+                } catch (NumberFormatException | IllegalStateException e) {
+                    throw new InvalidWebauthNOptionsException(e.getMessage());
+                }
+            }
+        } catch (IllegalStateException e) {
+            throw new InvalidWebauthNOptionsException("supportedAlgorithmIds has to be a JsonArray");
+        }
+
+    }
+
+    private static void validateUserPresence(Boolean userPresence) throws InvalidWebauthNOptionsException {
+        if (userPresence == null ){
+            throw new InvalidWebauthNOptionsException("userPresence can't be null");
+        }
+    }
 }