Commit b7606a89 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

fix all the tests

parent 38151856
Pipeline #7989 passed with stage
in 2 minutes and 33 seconds
......@@ -2,11 +2,5 @@ require 'webauthn'
class WebauthnAddSignCount < ActiveRecord::Migration[5.2]
def change
add_column :web_authn_credentials, :signcount, :integer, default: 0
# We now store keys ids in the original webauthn urlsafe base64
WebAuthnCredential.each do |w|
w.external_id = WebAuthn.standard_encoder.encode(Base64.decode64(w.external_id))
w.save!
end
end
end
require 'webauthn'
class WebauthnMigrate < ActiveRecord::Migration[5.2]
def up
# We now store keys ids in the original webauthn urlsafe base64
WebAuthnCredential.all.each do |w|
w.external_id = WebAuthn.standard_encoder.encode(Base64.decode64(w.external_id))
w.save!
end
end
end
......@@ -4,7 +4,8 @@ require 'yaml'
require 'json'
require 'rest_client'
require 'rotp'
require "webauthn/fake_client"
require 'webauthn'
require 'webauthn/fake_client'
require 'onelogin/ruby-saml'
DIR = File.expand_path(File.dirname(__FILE__))
......@@ -44,6 +45,10 @@ MASTER_KEY = File.join(DIR, '../../../local_data/iapi_certs/master.kring')
WEBAUTHN_REGISTER_ORIGIN = 'https://users.127.0.0.1.nip.io:3000'
WEBAUTHN_VERIFY_ORIGIN = 'https://login.127.0.0.1.nip.io:3002'
WebAuthn.configure do |config|
config.origin = WEBAUTHN_VERIFY_ORIGIN
end
# we must be able to reset the origin
class WebAuthn::FakeClient
def origin=(o)
......@@ -217,10 +222,10 @@ def patch_variables(data)
r['SAMLRequest']
elsif data == '%%WEBAUTHN_ATTESTATION_OBJECT%%'
VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'] ||= webauthn_attestation_response
Base64.strict_encode64(VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'][:attestation_object])
VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE']['attestationObject']
elsif data == '%%WEBAUTHN_CLIENT_DATA_JSON%%'
VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'] ||= webauthn_attestation_response
Base64.strict_encode64(VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE'][:client_data_json])
VARIABLE['WEBAUTHN_ATTESTATION_RESPONSE']['clientDataJSON']
elsif data == '%%WEBAUTHN_ASSERTION%%'
webauthn_assertion_response
elsif data == '%%TODAY%%'
......@@ -238,23 +243,23 @@ end
def webauthn_attestation_response
VARIABLE['WEBAUTHN_CLIENT'] = WebAuthn::FakeClient.new(WEBAUTHN_REGISTER_ORIGIN)
public_key_credential = VARIABLE['WEBAUTHN_CLIENT'].create(
challenge: Base64.strict_decode64(VARIABLE['%%WEBAUTHN_CHALLENGE%%']),
challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'],
rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'],
)
public_key_credential[:response]
public_key_credential['response']
end
def webauthn_assertion_response
client = VARIABLE['WEBAUTHN_CLIENT']
client.origin = WEBAUTHN_VERIFY_ORIGIN
assertion = client.get(challenge: Base64.strict_decode64(VARIABLE['%%WEBAUTHN_CHALLENGE%%']), rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'])
assertion = client.get(challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'], rp_id: VARIABLE['%%WEBAUTHN_RP_ID%%'])
{
challenge: VARIABLE['%%WEBAUTHN_CHALLENGE%%'],
credential_id: Base64.strict_encode64(assertion[:id]),
client_data_json: Base64.strict_encode64(assertion[:response][:client_data_json]),
authenticator_data: Base64.strict_encode64(assertion[:response][:authenticator_data]),
signature: Base64.strict_encode64(assertion[:response][:signature]),
credential_id: assertion['id'],
client_data_json: assertion['response']['clientDataJSON'],
authenticator_data: assertion['response']['authenticatorData'],
signature: assertion['response']['signature'],
}
end
......
......@@ -258,7 +258,7 @@
:response:
:status: 200
:body:
- '{"result":"success", "credential_options": {"challenge": "%%WEBAUTHN_CHALLENGE%%", "pubKeyCredParams": [{"type": "public-key", "alg": -7}, {"type": "public-key", "alg": -37}, {"type": "public-key", "alg": -257}], "user": {"id": "dXNlcjFAZXhhbXBsZS5jb20=", "name": "user1@example.com", "displayName": "user1@example.com"}, "rp": {"name": "iAPI RP", "icon": "https://www.immerda.ch/favicon.ico", "id": "%%WEBAUTHN_RP_ID%%"}, "exclude_credentials": []}}'
- '{"result":"success", "credential_options": {"challenge": "%%WEBAUTHN_CHALLENGE%%", "timeout": 120000, "pubKeyCredParams": [{"type": "public-key", "alg": -7}, {"type": "public-key", "alg": -37}, {"type": "public-key", "alg": -257}], "user": {"id": "dXNlcjFAZXhhbXBsZS5jb20=", "name": "user1@example.com", "displayName": "user1@example.com"}, "rp": {"name": "iAPI RP", "id": "%%WEBAUTHN_RP_ID%%"}, "excludeCredentials": []}}'
---
:request:
:method: :post
......
......@@ -129,7 +129,7 @@
:response:
:status: 200
:body:
- '{"result":"success","notfound":true}'
- '{"result":"success","status":"empty"}'
---
:request:
:method: :post
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment