Add a purpose to challanges
This commit is contained in:
@@ -32,10 +32,10 @@ class My::PasskeyChallengesControllerTest < ActionDispatch::IntegrationTest
|
||||
signed_message = Base64.urlsafe_decode64(challenge)
|
||||
|
||||
travel Rails.configuration.action_pack.web_authn.creation_challenge_expiration - 1.second
|
||||
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "registration")
|
||||
|
||||
travel 2.seconds
|
||||
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "registration")
|
||||
end
|
||||
end
|
||||
|
||||
@@ -49,10 +49,10 @@ class My::PasskeyChallengesControllerTest < ActionDispatch::IntegrationTest
|
||||
signed_message = Base64.urlsafe_decode64(challenge)
|
||||
|
||||
travel Rails.configuration.action_pack.web_authn.request_challenge_expiration - 1.second
|
||||
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
assert ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "authentication")
|
||||
|
||||
travel 2.seconds
|
||||
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
assert_nil ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "authentication")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -13,7 +13,7 @@ class My::PasskeysControllerTest < ActionDispatch::IntegrationTest
|
||||
end
|
||||
|
||||
test "register a passkey" do
|
||||
challenge = request_webauthn_challenge
|
||||
challenge = request_webauthn_challenge(purpose: "registration")
|
||||
|
||||
assert_difference -> { identities(:kevin).passkeys.count }, 1 do
|
||||
post my_passkeys_path, params: build_attestation_params(challenge: challenge)
|
||||
|
||||
@@ -6,7 +6,7 @@ class ActionPack::WebAuthn::Authenticator::AssertionResponseTest < ActiveSupport
|
||||
setup do
|
||||
ActionPack::WebAuthn::Current.host = "example.com"
|
||||
|
||||
@challenge = webauthn_challenge
|
||||
@challenge = webauthn_challenge(purpose: "authentication")
|
||||
@origin = "https://example.com"
|
||||
@client_data_json = {
|
||||
challenge: @challenge,
|
||||
|
||||
@@ -37,7 +37,7 @@ class ActionPack::WebAuthn::Authenticator::AttestationResponseTest < ActiveSuppo
|
||||
setup do
|
||||
ActionPack::WebAuthn::Current.host = "example.com"
|
||||
|
||||
@challenge = webauthn_challenge
|
||||
@challenge = webauthn_challenge(purpose: "registration")
|
||||
@origin = "https://example.com"
|
||||
@client_data_json = {
|
||||
challenge: @challenge,
|
||||
|
||||
@@ -24,7 +24,7 @@ class ActionPack::WebAuthn::PublicKeyCredential::CreationOptionsTest < ActiveSup
|
||||
|
||||
test "generates signed challenge containing nonce" do
|
||||
signed_message = Base64.urlsafe_decode64(@options.challenge)
|
||||
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "registration")
|
||||
|
||||
assert_not_nil nonce
|
||||
assert_equal 32, Base64.strict_decode64(nonce).bytesize
|
||||
|
||||
@@ -24,7 +24,7 @@ class ActionPack::WebAuthn::PublicKeyCredential::RequestOptionsTest < ActiveSupp
|
||||
|
||||
test "generates signed challenge containing nonce" do
|
||||
signed_message = Base64.urlsafe_decode64(@options.challenge)
|
||||
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
|
||||
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "authentication")
|
||||
|
||||
assert_not_nil nonce
|
||||
assert_equal 32, Base64.strict_decode64(nonce).bytesize
|
||||
|
||||
@@ -20,13 +20,13 @@ module WebauthnTestHelper
|
||||
[ "a363666d74646e6f6e656761747453746d74a068617574684461746158a4" ].pack("H*")
|
||||
|
||||
private
|
||||
def request_webauthn_challenge
|
||||
untenanted { post my_passkey_challenge_url }
|
||||
def request_webauthn_challenge(purpose: "authentication")
|
||||
untenanted { post my_passkey_challenge_url, params: { purpose: purpose } }
|
||||
response.parsed_body["challenge"]
|
||||
end
|
||||
|
||||
def webauthn_challenge
|
||||
ActionPack::WebAuthn::PublicKeyCredential::Options.new.challenge
|
||||
def webauthn_challenge(purpose: nil)
|
||||
ActionPack::WebAuthn::PublicKeyCredential::Options.new(challenge_purpose: purpose).challenge
|
||||
end
|
||||
|
||||
def webauthn_private_key
|
||||
|
||||
Reference in New Issue
Block a user