Revert flipped credential id checks

duo-labs · Aug 7, 2023 · 8d87b2f · 8d87b2f
1 parent ecf3446
commit 8d87b2f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/webauthn/authentication/verify_authentication_response.py b/webauthn/authentication/verify_authentication_response.py
@@ -4,7 +4,7 @@
 from cryptography.exceptions import InvalidSignature
 
 from webauthn.helpers import (
-    base64url_to_bytes,
+    bytes_to_base64url,
     decode_credential_public_key,
     decoded_public_key_to_cryptography,
     parse_authenticator_data,
@@ -69,7 +69,7 @@ def verify_authentication_response(
     """
 
     # FIDO-specific check
-    if credential.raw_id != base64url_to_bytes(credential.id):
+    if bytes_to_base64url(credential.raw_id) != credential.id:
         raise InvalidAuthenticationResponse("id and raw_id were not equivalent")
 
     # FIDO-specific check

diff --git a/webauthn/registration/verify_registration_response.py b/webauthn/registration/verify_registration_response.py
@@ -3,7 +3,7 @@
 
 from webauthn.helpers import (
     aaguid_to_string,
-    base64url_to_bytes,
+    bytes_to_base64url,
     decode_credential_public_key,
     parse_attestation_object,
     parse_client_data_json,
@@ -95,7 +95,7 @@ def verify_registration_response(
     verified = False
 
     # FIDO-specific check
-    if credential.raw_id != base64url_to_bytes(credential.id):
+    if bytes_to_base64url(credential.raw_id) != credential.id:
         raise InvalidRegistrationResponse("id and raw_id were not equivalent")
 
     # FIDO-specific check