OpenSource/misskey
OpenSource/misskey
1
0
Fork 0
mirror of https://github.com/misskey-dev/misskey.git synced 2024-11-21 19:57:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix(backend): use atomic command to improve security

Browse source 
Co-Authored-By: Acid Chicken <root@acid-chicken.com>
This commit is contained in:
syuilo 2024-11-21 09:22:15 +09:00
parent 090e9392cd
commit 9fdabe3666
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/core/WebAuthnService.ts
View file

@ -246,14 +246,12 @@ export class WebAuthnService {
@bindThis
public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> {
const challenge = await this.redisClient.get(`webauthn:challenge:${userId}`);
const challenge = await this.redisClient.getdel(`webauthn:challenge:${userId}`);
if (!challenge) {
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', 'challenge not found');
}
await this.redisClient.del(`webauthn:challenge:${userId}`);
const key = await this.userSecurityKeysRepository.findOneBy({
id: response.id,
userId: userId,