Skip to content

Commit

Permalink
Tests for extensions validator
Browse files Browse the repository at this point in the history
- fixed extensions validator
- added tests for extensions validation
  • Loading branch information
HSMDBC authored Sep 9, 2022
1 parent c30a93c commit d938d5a
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 9 deletions.
1 change: 1 addition & 0 deletions lib/response.js
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ class Fido2Result {
await this.validateRawAuthnrData();
await this.validateRpIdHash();
await this.validateFlags();
await this.validateExtensions();
}

async create(req, exp) {
Expand Down
23 changes: 15 additions & 8 deletions lib/validator.js
Original file line number Diff line number Diff line change
Expand Up @@ -615,16 +615,23 @@ async function validatePublicKey() {

function validateExtensions() {
const extensions = this.authnrData.get("webAuthnExtensions");

if (extensions === undefined ||
Array.isArray(extensions) &&
extensions.every(item => typeof item === "object")
) {
this.audit.journal.add("webAuthnExtensions");
return true;
const shouldHaveExtensions = this.authnrData.get("flags").has("ED");

if (shouldHaveExtensions) {
if (Array.isArray(extensions) &&
extensions.every(item => typeof item === "object")
) {
this.audit.journal.add("webAuthnExtensions");
} else {
throw new Error("webAuthnExtensions aren't valid");
}
} else {
if (extensions !== undefined) {
throw new Error("unexpected webAuthnExtensions found");
}
}

throw new Error("unable to validate webAuthnExtensions");
return true;
}

async function validateUserHandle() {
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "fido2-lib",
"version": "3.3.1",
"version": "3.3.2",
"description": "A library for performing FIDO 2.0 / WebAuthn functionality",
"type": "module",
"main": "dist/main.cjs",
Expand Down
29 changes: 29 additions & 0 deletions test/validator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -722,6 +722,34 @@ describe("attestation validation", function() {
});
});

describe("validateExtensions", function() {
// original test data does not contain extensions
it("returns true on validation without extensions", async function() {
const ret = attResp.validateExtensions();
assert.isTrue(ret);
assert.isFalse(attResp.audit.journal.has("webAuthnExtensions"));
});

it("returns true on validation with extensions", async function() {
attResp.authnrData.get("flags").add("ED");
attResp.authnrData.set("webAuthnExtensions", [{ credProtect: 1 }]);
const ret = attResp.validateExtensions();
assert.isTrue(ret);
assert.isTrue(attResp.audit.journal.has("webAuthnExtensions"));
});

it("throws on invalid extensions", async function() {
attResp.authnrData.get("flags").add("ED");
attResp.authnrData.set("webAuthnExtensions", [42]);
assert.throws(() => attResp.validateExtensions(), Error, "webAuthnExtensions aren't valid");
});

it("throws on unexpected extensions", async function() {
attResp.authnrData.set("webAuthnExtensions", [{ credProtect: 1 }]);
assert.throws(() => attResp.validateExtensions(), Error, "unexpected webAuthnExtensions found");
});
});

describe("validateTokenBinding", function() {
it("returns true if tokenBinding is undefined", async function() {
const ret = await attResp.validateTokenBinding();
Expand Down Expand Up @@ -828,6 +856,7 @@ describe("attestation validation", function() {
await attResp.validateAaguid();
await attResp.validateCredId();
await attResp.validatePublicKey();
await attResp.validateExtensions();
await attResp.validateFlags();
await attResp.validateInitialCounter();

Expand Down

0 comments on commit d938d5a

Please sign in to comment.