@@ -0,0 +1,33 @@
|
||||
require "test_helper"
|
||||
|
||||
class My::PasskeyChallengesControllerTest < ActionDispatch::IntegrationTest
|
||||
test "returns a fresh challenge" do
|
||||
untenanted do
|
||||
post my_passkey_challenge_url
|
||||
|
||||
assert_response :success
|
||||
assert_not_nil response.parsed_body["challenge"]
|
||||
end
|
||||
end
|
||||
|
||||
test "stores challenge in cookie" do
|
||||
untenanted do
|
||||
post my_passkey_challenge_url
|
||||
|
||||
jar = ActionDispatch::Cookies::CookieJar.build(request, cookies.to_hash)
|
||||
assert_equal response.parsed_body["challenge"], jar.encrypted[ActionPack::Passkey::ChallengesController::COOKIE_NAME]
|
||||
end
|
||||
end
|
||||
|
||||
test "returns a different challenge each time" do
|
||||
untenanted do
|
||||
post my_passkey_challenge_url
|
||||
first_challenge = response.parsed_body["challenge"]
|
||||
|
||||
post my_passkey_challenge_url
|
||||
second_challenge = response.parsed_body["challenge"]
|
||||
|
||||
assert_not_equal first_challenge, second_challenge
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,26 @@
|
||||
require "test_helper"
|
||||
|
||||
class My::PasskeysControllerTest < ActionDispatch::IntegrationTest
|
||||
include WebauthnTestHelper
|
||||
|
||||
setup do
|
||||
sign_in_as :kevin
|
||||
end
|
||||
|
||||
test "index" do
|
||||
get my_passkeys_path
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "register a passkey" do
|
||||
challenge = request_webauthn_challenge
|
||||
|
||||
assert_difference -> { identities(:kevin).passkeys.count }, 1 do
|
||||
post my_passkeys_path, params: build_attestation_params(challenge: challenge)
|
||||
end
|
||||
|
||||
passkey = identities(:kevin).passkeys.order(created_at: :desc).first
|
||||
assert_redirected_to edit_my_passkey_path(passkey, created: true)
|
||||
assert_equal [ "internal" ], passkey.transports
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,101 @@
|
||||
require "test_helper"
|
||||
|
||||
class Sessions::PasskeysControllerTest < ActionDispatch::IntegrationTest
|
||||
include WebauthnTestHelper
|
||||
|
||||
setup do
|
||||
@identity = identities(:kevin)
|
||||
|
||||
@credential = @identity.passkeys.create!(
|
||||
name: "Test Passkey",
|
||||
credential_id: Base64.urlsafe_encode64(SecureRandom.random_bytes(32), padding: false),
|
||||
public_key: webauthn_private_key.public_to_der,
|
||||
sign_count: 0,
|
||||
transports: [ "internal" ]
|
||||
)
|
||||
end
|
||||
|
||||
test "successful authentication" do
|
||||
untenanted do
|
||||
challenge = request_webauthn_challenge
|
||||
|
||||
post session_passkey_url, params: build_assertion_params(challenge: challenge, credential: @credential)
|
||||
|
||||
assert_response :redirect
|
||||
assert cookies[:session_token].present?
|
||||
assert_redirected_to landing_path
|
||||
end
|
||||
end
|
||||
|
||||
test "updates sign count" do
|
||||
untenanted do
|
||||
challenge = request_webauthn_challenge
|
||||
|
||||
post session_passkey_url, params: build_assertion_params(challenge: challenge, credential: @credential, sign_count: 1)
|
||||
|
||||
assert_equal 1, @credential.reload.sign_count
|
||||
end
|
||||
end
|
||||
|
||||
test "rejects invalid signature" do
|
||||
untenanted do
|
||||
challenge = request_webauthn_challenge
|
||||
|
||||
params = build_assertion_params(challenge: challenge, credential: @credential)
|
||||
params[:passkey][:signature] = Base64.urlsafe_encode64("invalid", padding: false)
|
||||
|
||||
post session_passkey_url, params: params
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
assert_equal "That passkey didn't work. Try again.", flash[:alert]
|
||||
end
|
||||
end
|
||||
|
||||
test "rejects unknown credential" do
|
||||
untenanted do
|
||||
request_webauthn_challenge
|
||||
|
||||
post session_passkey_url, params: {
|
||||
passkey: {
|
||||
id: "nonexistent",
|
||||
client_data_json: Base64.urlsafe_encode64("{}", padding: false),
|
||||
authenticator_data: Base64.urlsafe_encode64("x", padding: false),
|
||||
signature: Base64.urlsafe_encode64("x", padding: false)
|
||||
}
|
||||
}
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
end
|
||||
|
||||
test "successful authentication via JSON" do
|
||||
untenanted do
|
||||
challenge = request_webauthn_challenge
|
||||
|
||||
post session_passkey_url(format: :json), params: build_assertion_params(challenge: challenge, credential: @credential)
|
||||
|
||||
assert_response :success
|
||||
assert @response.parsed_body["session_token"].present?
|
||||
end
|
||||
end
|
||||
|
||||
test "failed authentication via JSON" do
|
||||
untenanted do
|
||||
request_webauthn_challenge
|
||||
|
||||
post session_passkey_url(format: :json), params: {
|
||||
passkey: {
|
||||
id: "nonexistent",
|
||||
client_data_json: Base64.urlsafe_encode64("{}", padding: false),
|
||||
authenticator_data: Base64.urlsafe_encode64("x", padding: false),
|
||||
signature: Base64.urlsafe_encode64("x", padding: false)
|
||||
}
|
||||
}
|
||||
|
||||
assert_response :unauthorized
|
||||
assert_equal "That passkey didn't work. Try again.", @response.parsed_body["message"]
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user