From 7c8dbec62ebcabcb7b9627911029c3fe23c62836 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Wed, 15 Nov 2023 15:58:32 +0200
Subject: [PATCH] Fix webauthn registration failure on Firefox < 119 with
 Ed25519 keys

---
 CHANGELOG.md                |  1 +
 static/js/add_credential.js | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15a0207a..561b7650 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
 ### Bug Fixes
 - Fix "Ping Details" dialog to handle email bodies not yet uploaded to object storage
 - Fix webauthn registration failure on Firefox with Bitwarden extension
+- Fix webauthn registration failure on Firefox < 119 with Ed25519 keys
 
 ## v3.0.1 - 2023-10-30
 
diff --git a/static/js/add_credential.js b/static/js/add_credential.js
index b93db3e0..cfd0005e 100644
--- a/static/js/add_credential.js
+++ b/static/js/add_credential.js
@@ -9,6 +9,19 @@ $(function() {
         $("#success").addClass("hide");
 
         var options = JSON.parse($("#options").text());
+        // Override pubKeyCredParams prepared by python-fido2,
+        // to only list ES256 (-7) and RS256 (-257), **and omit Ed25519 (-8)**.
+        // This is to work around a bug in Firefox < 119. Affected
+        // Firefox versions serialize Ed25519 keys incorrectly,
+        // the workaround is to exclude Ed25519 from pubKeyCredParams.
+        //
+        // For reference, different project, similar issue:
+        // https://github.com/MasterKale/SimpleWebAuthn/issues/463
+        options.publicKey.pubKeyCredParams= [
+            {"alg": -7, "type": "public-key"},
+            {"alg": -257, "type": "public-key"}
+        ]
+
         webauthnJSON.create(options).then(function(response) {
             $("#response").val(JSON.stringify(response));
             // Show the success message and save button