Skip to content

Commit

Permalink
Merge pull request #108 from HSMDBC/master
Browse files Browse the repository at this point in the history
Validator for extensions
  • Loading branch information
Hexagon authored Sep 9, 2022
2 parents a1bd544 + d938d5a commit 6fe8f54
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 1 deletion.
1 change: 1 addition & 0 deletions lib/response.js
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ class Fido2Result {
await this.validateRawAuthnrData();
await this.validateRpIdHash();
await this.validateFlags();
await this.validateExtensions();
}

async create(req, exp) {
Expand Down
22 changes: 22 additions & 0 deletions lib/validator.js
Original file line number Diff line number Diff line change
Expand Up @@ -613,6 +613,27 @@ async function validatePublicKey() {
return true;
}

function validateExtensions() {
const extensions = this.authnrData.get("webAuthnExtensions");
const shouldHaveExtensions = this.authnrData.get("flags").has("ED");

if (shouldHaveExtensions) {
if (Array.isArray(extensions) &&
extensions.every(item => typeof item === "object")
) {
this.audit.journal.add("webAuthnExtensions");
} else {
throw new Error("webAuthnExtensions aren't valid");
}
} else {
if (extensions !== undefined) {
throw new Error("unexpected webAuthnExtensions found");
}
}

return true;
}

async function validateUserHandle() {
let userHandle = this.authnrData.get("userHandle");

Expand Down Expand Up @@ -706,6 +727,7 @@ function attach(o) {
validateAaguid,
validateCredId,
validatePublicKey,
validateExtensions,
validateFlags,
validateUserHandle,
validateCounter,
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "fido2-lib",
"version": "3.3.1",
"version": "3.3.2",
"description": "A library for performing FIDO 2.0 / WebAuthn functionality",
"type": "module",
"main": "dist/main.cjs",
Expand Down
29 changes: 29 additions & 0 deletions test/validator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -722,6 +722,34 @@ describe("attestation validation", function() {
});
});

describe("validateExtensions", function() {
// original test data does not contain extensions
it("returns true on validation without extensions", async function() {
const ret = attResp.validateExtensions();
assert.isTrue(ret);
assert.isFalse(attResp.audit.journal.has("webAuthnExtensions"));
});

it("returns true on validation with extensions", async function() {
attResp.authnrData.get("flags").add("ED");
attResp.authnrData.set("webAuthnExtensions", [{ credProtect: 1 }]);
const ret = attResp.validateExtensions();
assert.isTrue(ret);
assert.isTrue(attResp.audit.journal.has("webAuthnExtensions"));
});

it("throws on invalid extensions", async function() {
attResp.authnrData.get("flags").add("ED");
attResp.authnrData.set("webAuthnExtensions", [42]);
assert.throws(() => attResp.validateExtensions(), Error, "webAuthnExtensions aren't valid");
});

it("throws on unexpected extensions", async function() {
attResp.authnrData.set("webAuthnExtensions", [{ credProtect: 1 }]);
assert.throws(() => attResp.validateExtensions(), Error, "unexpected webAuthnExtensions found");
});
});

describe("validateTokenBinding", function() {
it("returns true if tokenBinding is undefined", async function() {
const ret = await attResp.validateTokenBinding();
Expand Down Expand Up @@ -828,6 +856,7 @@ describe("attestation validation", function() {
await attResp.validateAaguid();
await attResp.validateCredId();
await attResp.validatePublicKey();
await attResp.validateExtensions();
await attResp.validateFlags();
await attResp.validateInitialCounter();

Expand Down

0 comments on commit 6fe8f54

Please sign in to comment.