Change challange expiration based on purpose

This commit is contained in:
Stanko K.R.
2026-03-25 17:31:42 +01:00
parent 6ba1814f26
commit 01d66a9463
3 changed files with 60 additions and 6 deletions
@@ -21,4 +21,38 @@ class My::PasskeyChallengesControllerTest < ActionDispatch::IntegrationTest
assert_not_equal first_challenge, second_challenge
end
end
test "uses registration challenge expiration for registration purpose" do
untenanted do
post my_passkey_challenge_url, params: { purpose: "registration" }
assert_response :success
challenge = response.parsed_body["challenge"]
signed_message = Base64.urlsafe_decode64(challenge)
travel Rails.configuration.action_pack.web_authn.creation_challenge_expiration - 1.second
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
travel 2.seconds
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
end
end
test "uses authentication challenge expiration by default" do
untenanted do
post my_passkey_challenge_url
assert_response :success
challenge = response.parsed_body["challenge"]
signed_message = Base64.urlsafe_decode64(challenge)
travel Rails.configuration.action_pack.web_authn.request_challenge_expiration - 1.second
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
travel 2.seconds
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
end
end
end