Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: encapsulate Credential Creation/Request Options #178

Merged
merged 1 commit into from
Apr 30, 2019
Merged

refactor: encapsulate Credential Creation/Request Options #178

merged 1 commit into from
Apr 30, 2019

Conversation

grzuy
Copy link
Contributor

@grzuy grzuy commented Apr 28, 2019

No description provided.

brauliomartinezlm
brauliomartinezlm approved these changes Apr 29, 2019
View reviewed changes
Copy link
Member

@brauliomartinezlm brauliomartinezlm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Left you a question, but it's not a blocking one. Just curiosity. If there's even something there it can even be done as a followup.

Looked at existing tests and coverage on this seems good enough 👍

lib/webauthn/credential_options.rb

module WebAuthn
class CredentialOptions
CHALLENGE_LENGTH = 32
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we allow challenge length configuration as long as we're on it? I mean, the standard states it should be at least 16, do you think it might be worth to allow them pass in the challenge length and validate it's bigger than 16 bytes?

Not that I would like to encourage people to use shorted and less secure challenges but some people might want to do it for some reason...?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some people might want to do it for some reason...?

I think I would prefer to wait for someone to open an issue with a good reason to do that before providing that as an option.

@grzuy
Copy link
Contributor Author

grzuy commented Apr 29, 2019

Added an extra commit.
Thanks for the review.

@grzuy
Copy link
Contributor Author

grzuy commented Apr 29, 2019

This refactor sort of lays groundwork for:

@brauliomartinezlm brauliomartinezlm self-assigned this Apr 29, 2019
grzuy
grzuy commented Apr 29, 2019
View reviewed changes
spec/webauthn/credential/creation_options_spec.rb Outdated

RSpec.describe WebAuthn::Credential::CreationOptions do
let(:creation_options) do
WebAuthn::Credential::CreationOptions.new(user_id: "1", user_name: "User", user_display_name: "User Display")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still not sure about whether WebAuthn::Credential::CreationOptions or WebAuthn::CredentialCreationOptions...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmm I don't see them as models that will escalate further that these two, but the namespace doesn't hurt neither 🤷‍♂

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I am leaning towards flattening the namespace. I like it better from a user perspective.

@grzuy grzuy merged commit b2c603b into master Apr 30, 2019
@grzuy grzuy deleted the options branch April 30, 2019 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brauliomartinezlm brauliomartinezlm brauliomartinezlm approved these changes

Assignees

@brauliomartinezlm brauliomartinezlm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@grzuy @brauliomartinezlm