RubyGems - clarion - Versions diffs - 1.0.0 → 1.1.0 - Mend

clarion 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1be5cccde62a2aa7db2fc08a6f55f872779c0745da3daff77a04d8ae2f28e77d
-  data.tar.gz: 4cbd2bd4368caf6487a79a79977eb0f82b3c19cb1c10741237e27132774eeb7b
+  metadata.gz: 84a30b16b873057c9f6f6831b5a11827eef098caddaf3a4cb19047f081eb2ebb
+  data.tar.gz: cf47f7b89067fe1438a94f67556a6240feb17ea5e22968318bd6ab1b1ba3bec8
 SHA512:
-  metadata.gz: 7bf00fbb11b976a954b09bb26fe950dcfccb40eed66b6a2dda726d83ef7e27400913f31058fa68f8e8328a746be06157223ef520507aa490e109d46c5d2db234
-  data.tar.gz: 5a0956255f6f737367476f3294d944b5761beaf8ade31524c4b3f46278c8ac3bdc6d554c3c43630cf962ef8e1fcfdce17c00ebc9c224a1956854b3d6163e364d
+  metadata.gz: 1d837f20219b82a12bc833268fe5edf9ebeb138013ff2f3481993ea6cb4ddaf3a214835f9c64f0775678cec3b2bf65dc2c62033806358707eac5434c6db916ca
+  data.tar.gz: a2cd1b1a58cba9438a46dd6a886ddb6c97a2382d4e4f4c8547a0dea11d6c493a468efe0e51464bec6e31cfa30554a91f1614e09f7f4ecfd471c88f312d9ef8c0

data/app/public/register.js CHANGED

@@ -7,6 +7,7 @@ document.addEventListener("DOMContentLoaded", async function() {
     processionElem.className = 'procession_unsupported';
   };
   if (!navigator.credentials) return handleUnsupported();
+  if (!window.PublicKeyCredential) return handleUnsupported();
   const regId = processionElem.attributes['data-reg-id'].value;
   const state = processionElem.attributes['data-state'].value;
@@ -19,6 +20,25 @@ document.addEventListener("DOMContentLoaded", async function() {
   let attestation;
+  // "Force platform authenticator" link; This is especially for Chrome 70 Touch ID support.
+  // Until the WebAuthn dialog https://crbug.com/847985 is rolled out, the platform authenticators are needed to be chosen
+  // explicitly to enable Touch ID authenticator.
+  if (window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable) {
+    const platformAuthenticatorAvailability = await window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+    if (platformAuthenticatorAvailability && location.hash == '#platform') {
+      creationOptions.publicKey.authenticatorSelection = {authenticatorAttachment: 'platform'};
+    } else if (platformAuthenticatorAvailability) {
+      document.querySelector('#force_platform_link').addEventListener('click', function(e) {
+        e.target.remove();
+        e.preventDefault();
+        // https://crbug.com/803833
+        location.hash = '#platform';
+        location.reload();
+      });
+      document.body.classList.add('platform-authenticator-available');
+    }
+  }
   const startCreationRequest = async function() {
     processionElem.className = 'procession_wait';

data/app/views/authn.erb CHANGED

@@ -85,4 +85,4 @@
 </div>
-<script src="/sign.js"></script>
+<script src="/sign.js?<%= Clarion::VERSION %>"></script>

data/app/views/register.erb CHANGED

@@ -26,6 +26,8 @@
   #procession.procession_timeout > div.procession_timeout {
     display: block;
   }
+  #force_platform_link { display: none; }
+  body.platform-authenticator-available #force_platform_link { display: inline; }
 </style>
 <p><strong>U2F key registration<%- if @name -%> for <%= @name %><%- end -%></strong></p>
@@ -42,6 +44,7 @@
   </div>
   <div class="procession_wait">
     <p>Insert and tap your security key.</p>
+    <p class='right'><a href='#' id="force_platform_link" class='text-muted'><small>Force platform authenticator (May enable Touch ID)</small></a></p>
   </div>
   <div class="procession_edit">
     <p>Security key recognized:</p>
@@ -73,4 +76,4 @@
 <%- end -%>
-<script src="/register.js"></script>
+<script src="/register.js?<%= Clarion::VERSION %>"></script>

data/lib/clarion/app.rb CHANGED

@@ -262,6 +262,7 @@ module Clarion
           challenge: challenge,
           origin: request.base_url,
           credential_id: data[:credential_id],
+          extension_results: data[:extension_results] || {},
           authenticator_data: data[:authenticator_data].unpack('m*')[0],
           client_data_json: data[:client_data_json].unpack('m*')[0],
           signature: data[:signature].unpack('m*')[0],

data/lib/clarion/authenticator.rb CHANGED

@@ -54,7 +54,7 @@ module Clarion
         raise Authenticator::InvalidKey
       end
-      rp_id = extension_results&.fetch('appid', false) ? legacy_app_id : self.rp_id()
+      rp_id = extension_results&.fetch('appid', extension_results&.fetch(:appid, false)) ? legacy_app_id : self.rp_id()
       allowed_credentials = authn.keys.map { |_|  {id: _.handle, public_key: _.public_key_bytes} }
       unless assertion.valid?(challenge, origin, rp_id: rp_id, allowed_credentials: allowed_credentials)
         raise Authenticator::InvalidAssertion, "invalid assertion"

data/lib/clarion/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Clarion
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clarion
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Sorah Fukumori