fix all the tests

b7606a89 · o@immerda.ch · 38151856 · b7606a89 · b7606a89 · b7606a89
Commit b7606a89 authored Jul 20, 2021 by o@immerda.ch
--- a/db/migrations/mail/20210720000000_webauthn_add_sign_count.rb
+++ b/db/migrations/mail/20210720000000_webauthn_add_sign_count.rb
@@ -2,11 +2,5 @@ require 'webauthn'
 class WebauthnAddSignCount < ActiveRecord::Migration[5.2]
  def change
    add_column :web_authn_credentials, :signcount, :integer, default: 0
-
-    # We now store keys ids in the original webauthn urlsafe base64
-    WebAuthnCredential.each do |w|
-      w.external_id = WebAuthn.standard_encoder.encode(Base64.decode64(w.external_id))
-      w.save!
-    end
  end
 end
--- a/db/migrations/mail/20210720000001_webauthn_migrate.rb
+++ b/db/migrations/mail/20210720000001_webauthn_migrate.rb
+require 'webauthn'
+class WebauthnMigrate < ActiveRecord::Migration[5.2]
+  def up
+    # We now store keys ids in the original webauthn urlsafe base64
+    WebAuthnCredential.all.each do |w|
+      w.external_id = WebAuthn.standard_encoder.encode(Base64.decode64(w.external_id))
+      w.save!
+    end
+  end
+end
--- a/tests/replay/replay.rb
+++ b/tests/replay/replay.rb
@@ -4,7 +4,8 @@ require 'yaml'
 require 'json'
 require 'rest_client'
 require 'rotp'
-require "webauthn/fake_client"
+require 'webauthn'
+require 'webauthn/fake_client'
 require 'onelogin/ruby-saml'

 DIR           = File.expand_path(File.dirname(__FILE__))
@@ -44,6 +45,10 @@ MASTER_KEY    = File.join(DIR, '../../../local_data/iapi_certs/master.kring')

 WEBAUTHN_REGISTER_ORIGIN = 'https://users.127.0.0.1.nip.io:3000'
 WEBAUTHN_VERIFY_ORIGIN = 'https://login.127.0.0.1.nip.io:3002'
+WebAuthn.configure do |config|
+  config.origin = WEBAUTHN_VERIFY_ORIGIN
+end
+
 # we must be able to reset the origin
 class WebAuthn::FakeClient
  def origin=(o)
@@ -217,10 +222,10 @@ def patch_variables(data)
      r['SAMLRequest']
    elsif data == '%%WEBAUTHN_ATTESTATION_OBJECT%%'
      VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'] ||= webauthn_attestation_response
-      Base64.strict_encode64(VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'][:attestation_object])
+      VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE']['attestationObject']
    elsif data == '%%WEBAUTHN_CLIENT_DATA_JSON%%'
      VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'] ||= webauthn_attestation_response
-      Base64.strict_encode64(VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'][:client_data_json])
+      VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE']['clientDataJSON']
    elsif data == '%%WEBAUTHN_ASSERTION%%'
      webauthn_assertion_response
    elsif data == '%%TODAY%%'
@@ -238,23 +243,23 @@ end
 def webauthn_attestation_response
  VARIABLE['WEBAUTHN_CLIENT'] = WebAuthn::FakeClient.new(WEBAUTHN_REGISTER_ORIGIN)
  public_key_credential = VARIABLE['WEBAUTHN_CLIENT'].create(
-    challenge: Base64.strict_decode64(VARIABLE['%%WEBAUTHN_CHALLENGE%%']),
+    challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'],
    rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'],
  )
-  public_key_credential[:response]
+  public_key_credential['response']
 end

 def webauthn_assertion_response
  client = VARIABLE['WEBAUTHN_CLIENT']
  client.origin = WEBAUTHN_VERIFY_ORIGIN
-  assertion = client.get(challenge: Base64.strict_decode64(VARIABLE['%%WEBAUTHN_CHALLENGE%%']), rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'])
+  assertion = client.get(challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'], rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'])

  {
    challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'],
-    credential_id: Base64.strict_encode64(assertion[:id]),
-    client_data_json: Base64.strict_encode64(assertion[:response][:client_data_json]),
-    authenticator_data: Base64.strict_encode64(assertion[:response][:authenticator_data]),
-    signature: Base64.strict_encode64(assertion[:response][:signature]),
+    credential_id:      assertion['id'],
+    client_data_json:   assertion['response']['clientDataJSON'],
+    authenticator_data: assertion['response']['authenticatorData'],
+    signature:          assertion['response']['signature'],
  }
 end


--- a/tests/replay/scripts/2fa.log
+++ b/tests/replay/scripts/2fa.log
@@ -258,7 +258,7 @@
 :response:
  :status: 200
  :body:
-  - '{"result":"success", "credential_options": {"challenge": "%%WEBAUTHN_CHALLENGE%%", "pubKeyCredParams": [{"type": "public-key", "alg": -7}, {"type": "public-key", "alg": -37}, {"type": "public-key", "alg": -257}], "user": {"id": "dXNlcjFAZXhhbXBsZS5jb20=", "name": "user1@example.com", "displayName": "user1@example.com"}, "rp": {"name": "iAPI RP", "icon": "https://www.immerda.ch/favicon.ico", "id": "%%WEBAUTHN_RP_ID%%"}, "exclude_credentials": []}}'
+  - '{"result":"success", "credential_options": {"challenge": "%%WEBAUTHN_CHALLENGE%%", "timeout": 120000, "pubKeyCredParams": [{"type": "public-key", "alg": -7}, {"type": "public-key", "alg": -37}, {"type": "public-key", "alg": -257}], "user": {"id": "dXNlcjFAZXhhbXBsZS5jb20=", "name": "user1@example.com", "displayName": "user1@example.com"}, "rp": {"name": "iAPI RP", "id": "%%WEBAUTHN_RP_ID%%"}, "excludeCredentials": []}}'
 ---
 :request:
  :method: :post

--- a/tests/replay/scripts/bills.log
+++ b/tests/replay/scripts/bills.log
@@ -129,7 +129,7 @@
 :response:
  :status: 200
  :body:
-  - '{"result":"success","notfound":true}'
+  - '{"result":"success","status":"empty"}'
 ---
 :request:
  :method: :post