javascriptnode.jsfido-u2ffido

U2F - TypeError | not able to register key

I've recently started looking at U2F in Node.js and Javascript. I get the error: TypeError: Cannot read property 'registerResponse' of undefined

Before receiving the error on the server i get the following returned:

{errorCode: 5, errorMessage: "NotAllowedError: The operation either timed out or…://w3c.github.io/webauthn/#sec-assertion-privacy."}

The server is using HTTPS and a self signed cert on localhost in Mac os

What could be the issue? The response seems to be empty; and i dont get asked to insert the usb in the browser.

app.js:

const U2F = require("u2f");
const Cors = require("cors");
const session = require("express-session");
const HTTPS = require("https");
const FS = require("fs");
const BodyParser = require("body-parser");
const express = require("express");

var app = express();
var routes = require("./routes")(app);

const APP_ID = "https://localhost:3000";

app.use(BodyParser.json());
app.use(BodyParser.urlencoded({ extended: true }));
app.use(session({ secret: "thepolyglotdeveloper", cookie: { secure: true, maxAge: 60000 }, saveUninitialized: true, resave: true }));
app.use(Cors({ origin: [APP_ID], credentials: true }));

HTTPS.createServer({
    key: FS.readFileSync("server.key"),
    cert: FS.readFileSync("server.crt")
}, app).listen(3000, () => {
    console.log("Listening at :443...");
});

routes.js

const U2F = require("u2f");
const session = require("express-session");

const APP_ID = "https://localhost:3000";

var appRouter = function(app) {

    var user;

    app.get("/", function(req, res, next) {
        res.sendFile(__dirname + '/index.html');
    });

    app.get("/register", function(req, res, next) {
        var session = U2F.request(APP_ID);
        app.set("session", JSON.stringify(session));
        console.log("session: " + JSON.stringify(session));
        res.send(session);
    });

    app.post("/register", function (req, res, next) {
        console.log("res2: " + req.body);

        var registration = U2F.checkRegistration(JSON.parse(app.get("session")), req.body.registerResponse);
        if(!registration.successful) {
            return res.status(500).send({ message: "error" });
        } else {
            console.log("error");
        }
        user = registration;
        res.send(registration);
    });

}

module.exports = appRouter;

index.html

$("#register").click(() => {
                if(window.u2f && window.u2f.register) {
                    $.get("/register", result => {
                        console.log(result);
                        window.u2f.register(result.appId, [result], [], response => {
                            console.log(response);
                            $.post("/register", { registerResponse: response }, result => {
                                console.log(result);
                            });
                            console.log(response);
                        });
                    });
                } else {
                    document.write("<p>U2F is not supported</p>");
                }
            });

It seems like the request is timing out, or is not allowed. I've tried looking for the solution and so on; but there is little to no information regarding this issue.

Any help is much appreciated!

Solution

  • You are using var routes = require("./routes")(app); before BodyParser. Middlewares work in the order they are initialised. So, In your case body-parser in not even used in the routes.

    Put the routes after bodyParser and cors:

    var app = express();

const APP_ID = "https://localhost:3000";

app.use(BodyParser.json());
app.use(BodyParser.urlencoded({ extended: true }));
app.use(session({ secret: "thepolyglotdeveloper", cookie: { secure: true, maxAge: 60000 }, saveUninitialized: true, resave: true }));
app.use(Cors({ origin: [APP_ID], credentials: true }))
var routes = require("./routes")(app);