RubyGems - webauthn - Versions diffs - 1.9.0 → 1.10.0 - Mend

webauthn 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +7 -0
data/README.md +1 -1
data/lib/webauthn/authenticator_data.rb +25 -2
data/lib/webauthn/authenticator_data/attested_credential_data.rb +12 -1
data/lib/webauthn/fake_authenticator.rb +23 -2
data/lib/webauthn/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 690e8753529b42c4acc5fa15f621c077ee9822c850aa19e8a322ea5d937dbb8d
-  data.tar.gz: c0aa00203643d32d5bcdc673eced0dbc4185b05ab262fef5aa9fcdbf073de5c4
+  metadata.gz: 64d44e8b2917b4301f669f4f736814ab42c27e3541d81404169aedcec18f64c3
+  data.tar.gz: aa138c35bdcceaf5d6971ae306c2fb3adb9c0be12ffae3ee2c2ebcb051787521
 SHA512:
-  metadata.gz: 66470f20b0365194b77753a664bdd759a204f62cf60c1dcabbf7181c472696c665e8946cf2c1073aad190cbeb3b6b557120aed8386525911cf65e25f5fb82762
-  data.tar.gz: baea59ad89ba252e6da4ec1ddce5394d3ea484d186e7d48740bae1d136e973e4a34114b91c34d64ea65bb4bee4d2a6468300057a5877dfab269296b16ae1a4b0
+  metadata.gz: 18ce684f6613dd5d399ef413f3d9d0c8dae77e97ba8eaa7cafae0e785ce14cdaa5c852cb44ea1e41dc03a7a9cb78841f0038ad0e228f4579f0d904fdd90601fc
+  data.tar.gz: db18d834bbbe2870c8d05db904d4ae2852516b10a786e6c9f7b5b38ea3cbfde9c2cbc7fa9b27b4979e56af892e2fcf019f24821dcc03a13f93e9bf096f1eb198

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Changelog
+## [v1.10.0] - 2019-03-05
+### Added
+- Parse and make AuthenticatorData's extensionData available
 ## [v1.9.0] - 2019-02-22
 ### Added
@@ -121,6 +127,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
+[v1.10.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.9.0...v1.10.0/
 [v1.9.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.8.0...v1.9.0/
 [v1.8.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.7.0...v1.8.0/
 [v1.7.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.6.0...v1.7.0/

data/README.md CHANGED Viewed

@@ -9,7 +9,7 @@ Easily implement WebAuthn in your ruby/rails app
 - [WebAuthn article with Google IO 2018 talk](https://developers.google.com/web/updates/2018/05/webauthn)
 - [Web Authentication API draft article by Mozilla](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API)
-- [WebAuthn W3C Candidate Recommendation](https://www.w3.org/TR/webauthn/)
+- [WebAuthn W3C Recommendation](https://www.w3.org/TR/webauthn/)
 - [WebAuthn W3C Editor's Draft](https://w3c.github.io/webauthn/)
 ## Prerequisites

data/lib/webauthn/authenticator_data.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module WebAuthn
     USER_PRESENT_FLAG_POSITION = 0
     USER_VERIFIED_FLAG_POSITION = 2
     ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION = 6
+    EXTENSION_DATA_INCLUDED_FLAG_POSITION = 7
     def initialize(data)
       @data = data
@@ -23,8 +24,10 @@ module WebAuthn
     attr_reader :data
     def valid?
-      if attested_credential_data_included?
-        data.length > base_length && attested_credential_data.valid?
+      if attested_credential_data_included? || extension_data_included?
+        data.length > base_length &&
+          (!attested_credential_data_included? || attested_credential_data.valid?) &&
+          (!extension_data_included? || extension_data)
       else
         data.length == base_length
       end
@@ -46,6 +49,10 @@ module WebAuthn
       flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1"
     end
+    def extension_data_included?
+      flags[EXTENSION_DATA_INCLUDED_FLAG_POSITION] == "1"
+    end
     def rp_id_hash
       @rp_id_hash ||=
         if valid?
@@ -66,6 +73,10 @@ module WebAuthn
         AttestedCredentialData.new(data_at(attested_credential_data_position))
     end
+    def extension_data
+      @extension_data ||= CBOR.decode(data_at(extension_data_position))
+    end
     def flags
       @flags ||= data_at(flags_position, FLAGS_LENGTH).unpack("b*")[0]
     end
@@ -76,6 +87,18 @@ module WebAuthn
       base_length
     end
+    def attested_credential_data_length
+      if attested_credential_data_included?
+        attested_credential_data.length
+      else
+        0
+      end
+    end
+    def extension_data_position
+      base_length + attested_credential_data_length
+    end
     def base_length
       RP_ID_HASH_LENGTH + FLAGS_LENGTH + SIGN_COUNT_LENGTH
     end

data/lib/webauthn/authenticator_data/attested_credential_data.rb CHANGED Viewed

@@ -40,6 +40,12 @@ module WebAuthn
           end
       end
+      def length
+        if valid?
+          public_key_position + public_key_length
+        end
+      end
       private
       attr_reader :data
@@ -51,7 +57,7 @@ module WebAuthn
       end
       def public_key
-        @public_key ||= PublicKeyU2f.new(data_at(public_key_position))
+        @public_key ||= PublicKeyU2f.new(data_at(public_key_position, public_key_length))
       end
       def id_position
@@ -70,6 +76,11 @@ module WebAuthn
         id_position + id_length
       end
+      def public_key_length
+        @public_key_length ||=
+          CBOR.encode(CBOR::Unpacker.new(StringIO.new(data_at(public_key_position))).each.first).length
+      end
       def data_at(position, length = nil)
         length ||= data.size - position

data/lib/webauthn/fake_authenticator.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module WebAuthn
       end
       def authenticator_data
-        @authenticator_data ||= rp_id_hash + raw_flags + raw_sign_count + attested_credential_data
+        @authenticator_data ||= rp_id_hash + raw_flags + raw_sign_count + attested_credential_data + extension_data
       end
       def client_data_json
@@ -39,7 +39,16 @@ module WebAuthn
       attr_reader :challenge, :context, :rp_id
       def raw_flags
-        ["#{bit(:user_present)}0#{bit(:user_verified)}000#{attested_credential_data_present_bit}0"].pack("b*")
+        [
+          [
+            bit(:user_present),
+            "0",
+            bit(:user_verified),
+            "000",
+            attested_credential_data_present_bit,
+            extension_data_present_bit
+          ].join
+        ].pack("b*")
       end
       def attested_credential_data_present_bit
@@ -50,10 +59,22 @@ module WebAuthn
         end
       end
+      def extension_data_present_bit
+        if extension_data.empty?
+          "0"
+        else
+          "1"
+        end
+      end
       def attested_credential_data
         ""
       end
+      def extension_data
+        CBOR.encode("fakeExtension" => "fakeValue")
+      end
       def raw_sign_count
         [@sign_count].pack('L>')
       end

data/lib/webauthn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module WebAuthn
-  VERSION = "1.9.0"
+  VERSION = "1.10.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-02-22 00:00:00.000000000 Z
+date: 2019-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cbor
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party