Skip to content

Commit

Permalink
Suppressing unexpected error with `WebAuthn::PublicKeyCredentialWithA…
Browse files Browse the repository at this point in the history 
…ttestation#verify` (cedarcode#413)

* Suppressing unexpected errors with `WebAuthn::PublicKeyCredentialWithAttestation#verify`

* Fix `rubocop` offense `Layout/LineLength`

* Made `challenge` check a common process in `WebAuthn::PublicKeyCredential`
  • Loading branch information
@soartec-lab
soartec-lab committed Nov 21, 2023
1 parent 43a491b commit 6a5d7e9
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 2 deletions.
14 changes: 13 additions & 1 deletion lib/webauthn/public_key_credential.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

module WebAuthn
class PublicKeyCredential
class InvalidChallengeError < Error; end

attr_reader :type, :id, :raw_id, :client_extension_outputs, :authenticator_attachment, :response

def self.from_client(credential, relying_party: WebAuthn.configuration.relying_party)
Expand Down Expand Up @@ -36,7 +38,13 @@ def initialize(
@relying_party = relying_party
end

def verify(*_args)
def verify(challenge, *_args)
unless valid_class?(challenge)
msg = "challenge must be a String. input challenge class: #{challenge.class}"

raise(InvalidChallengeError, msg)
end

valid_type? || raise("invalid type")
valid_id? || raise("invalid id")

Expand Down Expand Up @@ -71,6 +79,10 @@ def valid_id?
raw_id && id && raw_id == WebAuthn.standard_encoder.decode(id)
end

def valid_class?(challenge)
challenge.is_a?(String)
end

def authenticator_data
response&.authenticator_data
end
Expand Down
12 changes: 12 additions & 0 deletions spec/webauthn/public_key_credential_with_assertion_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,18 @@
end
end

context "when challenge class is invalid" do
it "raise error" do
expect do
public_key_credential.verify(
nil,
public_key: credential_public_key,
sign_count: credential_sign_count
)
end.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
end
end

context "when challenge is invalid" do
let(:challenge) { Base64.urlsafe_encode64("another challenge") }

Expand Down
10 changes: 9 additions & 1 deletion spec/webauthn/public_key_credential_with_attestation_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,15 @@
end
end

context "when challenge is invalid" do
context "when challenge class is invalid" do
it "raise error" do
expect {
public_key_credential.verify(nil)
}.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
end
end

context "when challenge value is invalid" do
it "fails" do
expect {
public_key_credential.verify(Base64.urlsafe_encode64("another challenge"))
Expand Down

0 comments on commit 6a5d7e9

Please sign in to comment.