Merge pull request #342 from cedarcode/braulio_fix_acceptable_attesta…

…tion_types_inclusion_for_none Fix: validate acceptable attestation type inclusion when attestation statement is None
cedarcode · Feb 15, 2021 · 3c2d2fa · 3c2d2fa
2 parents 844c973 + f9b89f6
commit 3c2d2fa
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/lib/webauthn/attestation_statement/none.rb b/lib/webauthn/attestation_statement/none.rb
@@ -6,12 +6,18 @@ module WebAuthn
  module AttestationStatement
  class None < Base
  def valid?(*_args)
- if statement == {}
+ if statement == {} && trustworthy?
  [WebAuthn::AttestationStatement::ATTESTATION_TYPE_NONE, nil]
  else
  false
  end
  end
+
+ private
+
+ def attestation_type
+ WebAuthn::AttestationStatement::ATTESTATION_TYPE_NONE
+ end
  end
  end
 end
diff --git a/spec/webauthn/attestation_statement/none_spec.rb b/spec/webauthn/attestation_statement/none_spec.rb
@@ -31,5 +31,11 @@
  expect(WebAuthn::AttestationStatement::None.new([]).valid?(authenticator_data, nil)).to be_falsy
  expect(WebAuthn::AttestationStatement::None.new("a" => "b").valid?(authenticator_data, nil)).to be_falsy
  end
+
+ it "returns false if None is not among the acceptable attestation types" do
+ WebAuthn.configuration.acceptable_attestation_types = ['AttCA']
+
+ expect(WebAuthn::AttestationStatement::None.new({}).valid?(authenticator_data, nil)).to be_falsy
+ end
  end
 end