stable
Clone or download
Read-only
Part of story #33005 login with only my passkey Login form leak information about who has registered a passkey or not. To prevent that, when a users has no passkey, form send a false key then check of authentication will failed. *Testing:* Try to authenticate with a user with no passkey, it will ask to use one, send result to server and failed authentication. For users with registered passkey nothing change. Change-Id: I3a3df2028af44de23aae88d58a3194ff7858412f
Modified Files
Name | ||||
---|---|---|---|---|
M | src/common/WebAuthn/Controllers/PostAuthenticationChallengeController.php | +12 | −4 | Go to diff View file |
M | tests/unit/common/WebAuthn/Controllers/PostAuthenticationChallengeControllerTest.php | +2 | −2 | Go to diff View file |