Add a purpose to challanges

This commit is contained in:
Stanko K.R.
2026-03-25 17:57:37 +01:00
parent 37ff66d552
commit 54cb1a140f
14 changed files with 38 additions and 17 deletions
@@ -6,7 +6,7 @@ class ActionPack::WebAuthn::Authenticator::AssertionResponseTest < ActiveSupport
setup do
ActionPack::WebAuthn::Current.host = "example.com"
@challenge = webauthn_challenge
@challenge = webauthn_challenge(purpose: "authentication")
@origin = "https://example.com"
@client_data_json = {
challenge: @challenge,
@@ -37,7 +37,7 @@ class ActionPack::WebAuthn::Authenticator::AttestationResponseTest < ActiveSuppo
setup do
ActionPack::WebAuthn::Current.host = "example.com"
@challenge = webauthn_challenge
@challenge = webauthn_challenge(purpose: "registration")
@origin = "https://example.com"
@client_data_json = {
challenge: @challenge,
@@ -24,7 +24,7 @@ class ActionPack::WebAuthn::PublicKeyCredential::CreationOptionsTest < ActiveSup
test "generates signed challenge containing nonce" do
signed_message = Base64.urlsafe_decode64(@options.challenge)
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "registration")
assert_not_nil nonce
assert_equal 32, Base64.strict_decode64(nonce).bytesize
@@ -24,7 +24,7 @@ class ActionPack::WebAuthn::PublicKeyCredential::RequestOptionsTest < ActiveSupp
test "generates signed challenge containing nonce" do
signed_message = Base64.urlsafe_decode64(@options.challenge)
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message)
nonce = ActionPack::WebAuthn.challenge_verifier.verified(signed_message, purpose: "authentication")
assert_not_nil nonce
assert_equal 32, Base64.strict_decode64(nonce).bytesize