RubyGems - webauthn - Versions diffs - 2.0.0.beta1 → 2.0.0 - Mend

webauthn 2.0.0.beta1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/.travis.yml +4 -6
data/CHANGELOG.md +7 -6
data/README.md +96 -5
data/lib/webauthn/attestation_statement/base.rb +1 -1
data/lib/webauthn/version.rb +1 -1
data/webauthn.gemspec +2 -2
metadata +9 -9

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6181693e3c34f1ca289fb2056df36c35a5e144076288eef34e774e2dfc1794b5
-  data.tar.gz: 87883fa3fe7c7bd5da885025b7a571dfedfdfe1c27c6a5c8edeee54956bd98bc
+  metadata.gz: 2bd2d85eb0ce4769f5c4fe9529dedb4cd8bb25c4322bfb95bd4d9d623ab58b00
+  data.tar.gz: 6b0a3a7c524d7bd4db88d6c94968a165801374708ceac00f24e981c8599cbfe4
 SHA512:
-  metadata.gz: a69f7870a89344a5d00b1c75b55dd6e25741719bf2fd79d03e83348530a964ef237f8330dea55edbb58b9fe5ee0522f2f41b5d9d46f7d975112b9dd8a05889bd
-  data.tar.gz: 19b32618b9e83e2618abe361aca398933030fe2963502c8a9054dc291b22678107e3257be5d7a711bdf0d826dc1d444e28d726282fa6306abf336f675e3794df
+  metadata.gz: ebf401f24d784c4beb0adbcb98203de34612eb47bd6af002dc5cb02709bc258078ca92439d5917fef28f8ff869de6e02c41bbe3301f16f2472d76b0cf93662ec
+  data.tar.gz: 8e1d8f03cad6d75658c4116d7b6117539ba828cbfea07dbb9a584a29387f55519c9a8eed332b4602a75ed0d7691a9bd412e7f9241b9993b0dff123b69cec086c

data/.travis.yml CHANGED

@@ -1,13 +1,12 @@
-dist: xenial
+dist: bionic
 language: ruby
 cache: bundler
 rvm:
   - ruby-head
-  - 2.7.0-preview1
-  - 2.6.4
-  - 2.5.6
-  - 2.4.7
+  - 2.6.5
+  - 2.5.7
+  - 2.4.9
   - 2.3.8
 gemfile:
@@ -20,7 +19,6 @@ matrix:
   fast_finish: true
   allow_failures:
     - rvm: ruby-head
-    - rvm: 2.7.0-preview1
     - gemfile: gemfiles/cose_head.gemfile
     - gemfile: gemfiles/openssl_head.gemfile

data/CHANGELOG.md CHANGED

@@ -1,6 +1,6 @@
 # Changelog
-## [v2.0.0.beta1] - 2019-09-16
+## [v2.0.0] - 2019-10-03
 ### Added
@@ -21,8 +21,9 @@
 Please replace with `public_key:` and `sign_count:` keyword arguments. If you're not performing sign count
 verification, signal opt-out with `sign_count: false`.
-- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using camelBack string
-keys instead of snake_case symbol keys in the returned hash.
+- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using lowerCamelCase
+string keys instead of snake_case symbol keys in the returned hash.
 - `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by not padding the
 returned base64url-encoded `id` value.
@@ -45,8 +46,8 @@ pass it.
 Please replace with `public_key:` and `sign_count:` keyword arguments. If you're not performing sign count
 verification, signal opt-out with `sign_count: false`.
-- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using camelBack string
-keys instead of snake_case symbol keys in the returned hash.
+- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using lowerCamelCase
+string keys instead of snake_case symbol keys in the returned hash.
 - `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by not padding the
 returned base64url-encoded `id` value.
@@ -260,7 +261,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
-[v2.0.0.beta1]: https://github.com/cedarcode/webauthn-ruby/compare/v1.18.0...v2.0.0.beta1/
+[v2.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.18.0...v2.0.0/
 [v1.18.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.17.0...v1.18.0/
 [v1.17.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.16.0...v1.17.0/
 [v1.16.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.15.0...v1.16.0/

data/README.md CHANGED

@@ -108,11 +108,11 @@ WebAuthn.configure do |config|
   config.rp_name = "Example Inc."
   # Optionally configure a client timeout hint, in milliseconds.
-  # This hint specifies how long the browser should wait for an
-  # attestation or an assertion response.
+  # This hint specifies how long the browser should wait for any
+  # interaction with the user.
   # This hint may be overridden by the browser.
   # https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-timeout
-  config.credential_options_timeout = 120000
+  # config.credential_options_timeout = 120_000
   # You can optionally specify a different Relying Party ID
   # (https://www.w3.org/TR/webauthn/#relying-party-identifier)
@@ -127,7 +127,12 @@ WebAuthn.configure do |config|
   # used in your client-side (user agent) code before sending the credential to the server.
   # Supported values: `:base64url` (default), `:base64` or `false` to disable all encoding.
   #
-  # config.encoding = false
+  # config.encoding = :base64url
+  # Possible values: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "RS1"
+  # Default: ["ES256", "PS256", "RS256"]
+  #
+  # config.algorithms << "ES384"
 end
 ```
@@ -249,7 +254,93 @@ end
 ## API
-_Pending_
+#### `WebAuthn.generate_user_id`
+Generates a [WebAuthn User Handle](https://www.w3.org/TR/webauthn-2/#user-handle) that follows the WebAuthn spec recommendations.
+```ruby
+WebAuthn.generate_user_id # "lWoMZTGf_ml2RoY5qPwbwrkxrvTqWjGOxEoYBgxft3zG-LlrICvE-y8bxFi06zMyIOyNsJoWx4Fa2TOqoRmnxA"
+```
+#### `WebAuthn::Credential.options_for_create(options)`
+Helper method to build the necessary [PublicKeyCredentialCreationOptions](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions)
+to be used in the client-side code to call `navigator.credentials.create({ "publicKey": publicKeyCredentialCreationOptions })`.
+```ruby
+creation_options = WebAuthn::Credential.options_for_create(
+  user: { id: user.webauthn_id, name: user.name }
+  exclude: user.credentials.map { |c| c.webauthn_id }
+)
+# Store the newly generated challenge somewhere so you can have it
+# for the verification phase.
+session[:creation_challenge] = creation_options.challenge
+# Send `creation_options` back to the browser, so that they can be used
+# to call `navigator.credentials.create({ "publicKey": creationOptions })`
+#
+# You can call `creation_options.as_json` to get a ruby hash with a JSON representation if needed.
+# If inside a Rails controller, `render json: creation_options` will just work.
+# I.e. it will encode and convert the options to JSON automatically.
+```
+#### `WebAuthn::Credential.options_for_get([options])`
+Helper method to build the necessary [PublicKeyCredentialRequestOptions](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrequestoptions)
+to be used in the client-side code to call `navigator.credentials.get({ "publicKey": publicKeyCredentialRequestOptions })`.
+```ruby
+request_options = WebAuthn::Credential.options_for_get(allow: user.credentials.map { |c| c.webauthn_id })
+# Store the newly generated challenge somewhere so you can have it
+# for the verification phase.
+session[:authentication_challenge] = request_options.challenge
+# Send `request_options` back to the browser, so that they can be used
+# to call `navigator.credentials.get({ "publicKey": requestOptions })`
+# You can call `request_options.as_json` to get a ruby hash with a JSON representation if needed.
+# If inside a Rails controller, `render json: request_options` will just work.
+# I.e. it will encode and convert the options to JSON automatically.
+```
+#### `WebAuthn::Credential.from_create(credential_create_result)`
+```ruby
+credential_with_attestation = WebAuthn::Credential.from_create(params[:publicKeyCredential])
+```
+#### `WebAuthn::Credential.from_get(credential_get_result)`
+```ruby
+credential_with_assertion = WebAuthn::Credential.from_get(params[:publicKeyCredential])
+```
+#### `PublicKeyCredentialWithAttestation#verify(challenge)`
+Verifies the created WebAuthn credential is [valid](https://www.w3.org/TR/webauthn-2/#sctn-registering-a-new-credential).
+```ruby
+credential_with_attestation.verify(session[:creation_challenge])
+```
+#### `PublicKeyCredentialWithAssertion#verify(challenge, public_key:, sign_count:)`
+Verifies the asserted WebAuthn credential is [valid](https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion).
+Mainly, that the client provided a valid cryptographic signature for the corresponding stored credential public
+key, among other extra validations.
+```ruby
+credential_with_assertion.verify(
+  session[:authentication_challenge],
+  public_key: stored_credential.public_key,
+  sign_count: stored_credential.sign_count
+)
+```
 ## Attestation Statement Formats

data/lib/webauthn/attestation_statement/base.rb CHANGED

@@ -23,7 +23,7 @@ module WebAuthn
       end
       def valid?(_authenticator_data, _client_data_hash)
-        raise NotImpelementedError
+        raise NotImplementedError
       end
       def attestation_certificate

data/lib/webauthn/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module WebAuthn
-  VERSION = "2.0.0.beta1"
+  VERSION = "2.0.0"
 end

data/webauthn.gemspec CHANGED

@@ -42,7 +42,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "appraisal", "~> 2.2.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
   spec.add_development_dependency "byebug", "~> 11.0"
-  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rubocop", "0.73.0"
+  spec.add_development_dependency "rubocop", "0.75.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 2.0.0.beta1
+  version: 2.0.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 2019-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: awrence
@@ -169,14 +169,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -197,14 +197,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.73.0
+        version: 0.75.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.73.0
+        version: 0.75.0
 description: |-
   WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
       Relying Party and allow your users to authenticate with U2F and FIDO2 authenticators.
@@ -309,11 +309,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: WebAuthn ruby server library