Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: top origin verification #217

Merged
merged 3 commits into from
Apr 26, 2024
Merged

feat: top origin verification #217

merged 3 commits into from
Apr 26, 2024

Conversation

james-d-elliott
Copy link
Member

@james-d-elliott james-d-elliott commented Feb 9, 2024
edited by coderabbitai bot
Loading

This adds top origin verification options to the library.

Closes #205

Summary by CodeRabbit

  • New Features
    • Enhanced the verification process for credential assertion and creation by incorporating additional parameters for relying party information verification.
    • Introduced new fields and verification modes to handle top origin and cross-origin verification in client data, improving security measures.
  • Bug Fixes
    • Adjusted test cases to align with the updated verification processes, ensuring robustness and reliability.

@james-d-elliott
feat: top origin verification
85742ed 
This adds top origin verification options to the library.
@james-d-elliott james-d-elliott requested a review from a team as a code owner February 9, 2024 20:42
@james-d-elliott
Copy link
Member Author

@coderabbitai please review this

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Mar 3, 2024

Tip

For best results, initiate chat on the files or code changes.

@james-d-elliott: Could you please provide more details about the changes made in this PR or specify if there are particular files or aspects of the changes that you're concerned about? This will help me to tailor the review to your needs more effectively.

@james-d-elliott
Copy link
Member Author

@coderabbitai please review this pull request and provide comprehensive feedback

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Mar 3, 2024

@james-d-elliott, I've identified the files changed in the pull request. Here's the list:

  • protocol/assertion.go
  • protocol/assertion_test.go
  • protocol/attestation_test.go
  • protocol/client.go
  • protocol/client_test.go
  • protocol/credential.go
  • protocol/credential_test.go
  • webauthn/login.go
  • webauthn/registration.go
  • webauthn/types.go

Given the number of files involved, I'll proceed with a high-level review focusing on key aspects such as code quality, security, performance, and adherence to best practices. This will include reviewing the implementation logic, checking for any potential security issues, assessing the efficiency of the code, and ensuring that the changes align with common best practices in Go programming and the specific standards of the go-webauthn/webauthn project.

I'll start with the files under the protocol directory, followed by those under webauthn. Please note that this review will be based on the current state of the files as listed and won't include running the code or performing dynamic analysis.

Expect my comprehensive feedback shortly.

Analysis chain
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# List the files changed in the PR using GitHub CLI
gh pr view https://github.com/go-webauthn/webauthn/pull/217 --json files --jq '.files[].path'

Length of output: 328

Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Mar 3, 2024
edited
Loading

Walkthrough

The updates focus on enhancing verification processes in a WebAuthn library, integrating new parameters for top origin validation in both assertion and credential verification. This includes the introduction of RPTopOrigins and RPTopOriginVerificationMode in the configuration, alongside updates in verification methods to support these new parameters. The changes aim to align with the latest draft recommendations for WebAuthn, specifically regarding the verification of topOrigin alongside origin.

Changes

Files Change Summary
protocol/assertion.go, protocol/credential.go Added rpOrigins, rpTopOrigins, rpTopOriginsVerify to Verify methods for enhanced verification.
protocol/..._test.go Adjusted test functions to include new parameters (nil, TopOriginIgnoreVerificationMode) in verification calls.
protocol/client.go, protocol/client_test.go Added TopOrigin, CrossOrigin fields and updated Verify logic to handle new verification modes.
webauthn/login.go, webauthn/registration.go Updated verification calls to include rpTopOrigins sourced from webauthn.Config.
webauthn/types.go Introduced RPTopOrigins, RPTopOriginVerificationMode in Config for configurable top origin verification.

Assessment against linked issues

Objective Addressed Explanation
Verify topOrigin (#205)

Poem

In the realm of code, where security's key,
A rabbit hopped in, changes to see.
With origins verified, both top and low,
It tweaked and it tested, making it so.
🐇💻 In WebAuthn's land, it left its mark,
Ensuring the web, a bit less dark.
"To secure and to verify," it sang with glee,
A coderabbit's quest, for a safer web sea.

Recent Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between b6f357c and c012b15.
Files selected for processing (1)
  • webauthn/login.go (1 hunks)
Files skipped from review as they are similar to previous changes (1)
  • webauthn/login.go

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Mar 3, 2024
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 4

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between dd7eac9 and 85742ed.
Files selected for processing (10)
  • protocol/assertion.go (1 hunks)
  • protocol/assertion_test.go (1 hunks)
  • protocol/attestation_test.go (1 hunks)
  • protocol/client.go (5 hunks)
  • protocol/client_test.go (4 hunks)
  • protocol/credential.go (1 hunks)
  • protocol/credential_test.go (1 hunks)
  • webauthn/login.go (1 hunks)
  • webauthn/registration.go (1 hunks)
  • webauthn/types.go (2 hunks)
Additional comments: 9
protocol/client_test.go (1)
  • 29-29: The Verify function call now includes nil and TopOriginIgnoreVerificationMode as new parameters. Ensure that the introduction of these parameters aligns with the updated verification logic, particularly the handling of nil for RP Top Origins and the explicit choice of ignoring top origin verification in these tests.
protocol/assertion.go (1)
  • 127-127: The Verify method has been updated to include rpOrigins, rpTopOrigins, rpTopOriginsVerify as parameters for enhanced verification. This is a significant change that aligns with the objective of verifying both origin and topOrigin. Ensure that all calls to this method throughout the codebase have been updated to pass the correct arguments according to the new signature.
webauthn/registration.go (1)
  • 186-186: The Verify function call within CreateCredential has been updated to include additional configuration parameters. This change is crucial for integrating the new top origin verification logic. Ensure that the configuration passed to Verify is correctly set up in the Config struct and that all necessary fields are populated before this call.
webauthn/types.go (1)
  • 165-172: The validation logic for RPTopOriginVerificationMode correctly sets a default mode and enforces the presence of RPTopOrigins when the mode is set to TopOriginImplicitVerificationMode. This is a good practice to ensure that the configuration is consistent and secure. However, ensure that the default mode (TopOriginIgnoreVerificationMode) is appropriate for all use cases and consider documenting the implications of each mode clearly for users of the library.
protocol/client.go (2)
  • 23-24: Adding TopOrigin and CrossOrigin fields to the CollectedClientData struct is a necessary step to support the verification of top origins as per the PR objectives. This change correctly extends the data model to include the new information required for enhanced security checks. Ensure that these fields are properly documented to clarify their usage and impact on the verification process.
  • 198-221: The introduction of TopOriginVerificationMode constants provides a clear and flexible way to specify the mode of top origin verification. This design allows for easy extension and adjustment as the specifications evolve. Ensure that each mode is thoroughly tested, especially the TopOriginAutoVerificationMode and TopOriginExplicitVerificationMode, to validate their behavior in real-world scenarios.
protocol/attestation_test.go (1)
  • 39-39: The addition of TopOriginIgnoreVerificationMode as a parameter in the Verify method call within TestAttestationVerify introduces a new verification mode. This change is consistent with the PR's objective to enhance security by verifying topOrigin. However, it's important to ensure that this new mode is thoroughly tested across different scenarios to validate its behavior and impact comprehensively.

Ensure that tests covering the new verification mode (TopOriginIgnoreVerificationMode) are comprehensive and cover various scenarios, including positive and negative test cases. This is crucial for validating the behavior and impact of the new verification mode on the authentication process.

protocol/credential.go (1)
  • 143-145: The addition of rpOrigins, rpTopOrigins, and rpTopOriginsVerify parameters to the Verify function enhances the library's capability to verify topOrigin in addition to origin. This change is crucial for improving security and aligns with the PR's objectives. However, it's important to ensure that the implementation correctly handles various scenarios, including edge cases and potential error conditions, to maintain robustness and reliability in the verification process.

Verify that the implementation of the new parameters in the Verify function correctly handles various scenarios, including edge cases and potential error conditions. This is essential for maintaining the robustness and reliability of the verification process.

protocol/credential_test.go (1)
  • 367-367: The addition of nil and TopOriginIgnoreVerificationMode as arguments to the Verify method call in the TestParsedCredentialCreationData_Verify function aligns with the PR's objective to enhance top origin verification. However, it's crucial to ensure that the nil argument, which likely represents the absence of a specific parameter (possibly rpTopOrigins), is handled appropriately within the Verify method. This handling should be verified, especially in the context of different top origin verification modes.
  • Ensure that the Verify method is designed to gracefully handle nil values for the newly added parameter. This is important for maintaining robustness and avoiding potential nil pointer dereferences.
  • The use of TopOriginIgnoreVerificationMode indicates a specific verification mode is being tested. It would be beneficial to include tests for other verification modes (AllowAll, AllowRPOrigins, AllowNone) to ensure comprehensive coverage and validation of the new top origin verification logic.

protocol/assertion_test.go
@@ -180,7 +180,7 @@ func TestParsedCredentialAssertionData_Verify(t *testing.T) {
Raw: tt.fields.Raw,
}

if err := p.Verify(tt.args.storedChallenge.String(), tt.args.relyingPartyID, tt.args.relyingPartyOrigin, "", tt.args.verifyUser, tt.args.credentialBytes); (err != nil) != tt.wantErr {
if err := p.Verify(tt.args.storedChallenge.String(), tt.args.relyingPartyID, tt.args.relyingPartyOrigin, nil, TopOriginIgnoreVerificationMode, "", tt.args.verifyUser, tt.args.credentialBytes); (err != nil) != tt.wantErr {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The addition of nil and TopOriginIgnoreVerificationMode as parameters in the Verify method call within TestParsedCredentialAssertionData_Verify aligns with the new verification logic introduced for topOrigin. However, it's crucial to ensure that corresponding test cases are added or updated to specifically test the behavior of topOrigin verification under different scenarios, including the TopOriginIgnoreVerificationMode. This will help in validating the correctness and robustness of the new feature.

protocol/client.go
Comment on lines 127 to 180
WithInfo(fmt.Sprintf("Expected Values: %s, Received: %s", rpOrigins, fqOrigin))
}

if rpTopOriginsVerify != TopOriginIgnoreVerificationMode {
switch len(c.TopOrigin) {
case 0:
break
default:
if !c.CrossOrigin {
return ErrVerification.
WithDetails("Error validating topOrigin").
WithInfo("The topOrigin can't have values unless crossOrigin is true.")
}

var (
fqTopOrigin string
possibleTopOrigins []string
)

if fqTopOrigin, err = FullyQualifiedOrigin(c.TopOrigin); err != nil {
return ErrParsingData.WithDetails("Error decoding clientData topOrigin as URL")
}

switch rpTopOriginsVerify {
case TopOriginExplicitVerificationMode:
possibleTopOrigins = rpTopOrigins
case TopOriginAutoVerificationMode:
possibleTopOrigins = append(rpTopOrigins, rpOrigins...)
case TopOriginImplicitVerificationMode:
possibleTopOrigins = rpOrigins
default:
return ErrNotImplemented.WithDetails("Error handling unknown Top Origin verification mode")
}

found = false

for _, origin := range possibleTopOrigins {
if strings.EqualFold(fqTopOrigin, origin) {
found = true
break
}
}

if !found {
return ErrVerification.
WithDetails("Error validating top origin").
WithInfo(fmt.Sprintf("Expected Values: %s, Received: %s", possibleTopOrigins, fqTopOrigin))
}
}
}

// Registration Step 6 and Assertion Step 10. Verify that the value of C.tokenBinding.status
// matches the state of Token Binding for the TLS connection over which the assertion was
// obtained. If Token Binding was used on that TLS connection, also verify that C.tokenBinding.id
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 NOTE
This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [82-177]

The modifications in the Verify method of CollectedClientData to include rpTopOrigins and rpTopOriginsVerify parameters, and the updated logic to handle TopOrigin verification based on different verification modes, are well-structured and align with the objectives of enhancing origin verification. However, it's important to ensure comprehensive testing of this logic under various scenarios to guarantee its correctness and robustness. Additionally, consider adding more detailed error messages to aid in debugging and troubleshooting.

webauthn/types.go
Comment on lines +39 to +46
// RPTopOrigins configures the list of Relying Party Server Top Origins that are permitted. These should be fully
// qualified origins.
RPTopOrigins []string

// RPTopOriginVerificationMode determines the verification mode for the Top Origin value. By default the
// TopOriginIgnoreVerificationMode is used however this is going to change at such a time as WebAuthn Level 3
// becomes recommended, implementers should explicitly set this value if they want stability.
RPTopOriginVerificationMode protocol.TopOriginVerificationMode
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The addition of RPTopOrigins and RPTopOriginVerificationMode fields to the Config struct is a significant enhancement for configuring top origin verification. Ensure that the documentation for these fields is clear and provides guidance on how to use them effectively. Additionally, consider validating the contents of RPTopOrigins to ensure they are well-formed URLs.

+ // Ensure RPTopOrigins contains well-formed URLs.
+ for _, origin := range config.RPTopOrigins {
+     if _, err := url.ParseRequestURI(origin); err != nil {
+         return fmt.Errorf("RPTopOrigins contains an invalid URL: %s", origin)
+     }
+ }
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change
// RPTopOrigins configures the list of Relying Party Server Top Origins that are permitted. These should be fully
// qualified origins.
RPTopOrigins []string
// RPTopOriginVerificationMode determines the verification mode for the Top Origin value. By default the
// TopOriginIgnoreVerificationMode is used however this is going to change at such a time as WebAuthn Level 3
// becomes recommended, implementers should explicitly set this value if they want stability.
RPTopOriginVerificationMode protocol.TopOriginVerificationMode
// RPTopOrigins configures the list of Relying Party Server Top Origins that are permitted. These should be fully
// qualified origins.
RPTopOrigins []string
// Ensure RPTopOrigins contains well-formed URLs.
for _, origin := range config.RPTopOrigins {
if _, err := url.ParseRequestURI(origin); err != nil {
return fmt.Errorf("RPTopOrigins contains an invalid URL: %s", origin)
}
}
// RPTopOriginVerificationMode determines the verification mode for the Top Origin value. By default the
// TopOriginIgnoreVerificationMode is used however this is going to change at such a time as WebAuthn Level 3
// becomes recommended, implementers should explicitly set this value if they want stability.
RPTopOriginVerificationMode protocol.TopOriginVerificationMode

coderabbitai[bot]
coderabbitai bot reviewed Apr 26, 2024
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

webauthn/login.go Outdated Show resolved Hide resolved
@james-d-elliott @coderabbitai
Update webauthn/login.go
c012b15 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@james-d-elliott james-d-elliott merged commit 0c97761 into master Apr 26, 2024
3 checks passed
@james-d-elliott james-d-elliott deleted the feat-topOrigin branch April 26, 2024 22:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Verify topOrigin
1 participant
@james-d-elliott