Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for multiple allowed credentials #58

Merged
merged 3 commits into from
Jun 18, 2018
Merged

feat: add support for multiple allowed credentials #58

merged 3 commits into from
Jun 18, 2018

Conversation

brauliomartinezlm
Copy link
Member

No description provided.

@brauliomartinezlm brauliomartinezlm mentioned this pull request Jun 15, 2018
Merged
grzuy
grzuy reviewed Jun 15, 2018
View reviewed changes
Copy link
Contributor

@grzuy grzuy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

lib/webauthn/authenticator_assertion_response.rb Outdated
super(original_challenge, original_origin) &&
valid_credential?(allowed_credential[:id]) &&
valid_signature?(allowed_credential[:public_key])
valid_credentials?(allowed_credentials) &&
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are actually validating only one credential against a set of allowed credentials. Wouldn't that mean that this line should be valid_credential?(allowed_credentials)?

spec/webauthn/authenticator_assertion_response_spec.rb Outdated
it "is valid with more than one allowed credential" do
allowed_credentials << {
id: SecureRandom.random_bytes(16),
public_key: OpenSSL::PKey::EC.new("prime256v1").generate_key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to pass public key bytes here, instead of a PKey instance

@brauliomartinezlm
Copy link
Member Author

@grzuy I've addressed your comments

@grzuy
Copy link
Contributor

grzuy commented Jun 18, 2018

Nice, thanks!

@grzuy grzuy merged commit e077523 into master Jun 18, 2018
@grzuy grzuy deleted the allow_multiple_credentials branch June 18, 2018 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grzuy grzuy grzuy left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@brauliomartinezlm @grzuy