Fix handling of error codes in authenticatorSelection (fix #184).

2023-06-26 12:22:36 +02:00 · 2023-06-26 12:22:36 +02:00 · cbe72665e1
parent 54cee2216a
commit cbe72665e1
2 changed files with 8 additions and 2 deletions
--- a/examples/multi_device.py
+++ b/examples/multi_device.py
@ -56,8 +56,9 @@ class CliInteraction(UserInteraction):
        return True


+cli_interaction = CliInteraction()
 clients = [
-    Fido2Client(d, "https://example.com", user_interaction=CliInteraction())
+    Fido2Client(d, "https://example.com", user_interaction=cli_interaction)
    for d in devs
 ]

--- a/fido2/client.py
+++ b/fido2/client.py
@ -453,6 +453,7 @@ class _Ctap2ClientBackend(_ClientBackend):
        if "FIDO_2_1" in self.info.versions:
            self.ctap2.selection(event=event)
        else:
+            # Selection not supported, make dummy credential instead
            try:
                self.ctap2.make_credential(
                    b"\0" * 32,
@ -463,7 +464,11 @@ class _Ctap2ClientBackend(_ClientBackend):
                    event=event,
                )
            except CtapError as e:
-                if e.code is CtapError.ERR.PIN_AUTH_INVALID:
+                if e.code in (
+                    CtapError.ERR.PIN_NOT_SET,
+                    CtapError.ERR.PIN_INVALID,
+                    CtapError.ERR.PIN_AUTH_INVALID,
+                ):
                    return
                raise