Merge pull request #111 from linux-credentials/deserialize-user-handle

iinuwa · web-flow · commit 2102e8ea6764 · 2025-12-04T17:50:42.000-06:00
daemon: Deserialize user handle on credential creation.
diff --git a/credentialsd/src/dbus/model.rs b/credentialsd/src/dbus/model.rs
@@ -66,7 +66,7 @@ pub(super) fn create_credential_request_try_into_ctap2(
             tracing::info!("JSON missing `rp` field");
             WebAuthnError::TypeError
         })?;
-    let user =
+    let mut user =
         json.get("user")
             .ok_or_else(|| {
                 tracing::info!("JSON missing `user` field.");
@@ -79,6 +79,13 @@ pub(super) fn create_credential_request_try_into_ctap2(
                         WebAuthnError::TypeError
                     })
             })?;
+    user.id = URL_SAFE_NO_PAD
+        .decode(user.id)
+        .map_err(|_| {
+            tracing::info!("user ID is not a valid base64url string");
+            WebAuthnError::TypeError
+        })?
+        .into();
     let other_options =
         serde_json::from_str::<webauthn::MakeCredentialOptions>(&request_value.to_string())
             .map_err(|e| {
