webauthn 2.3.0 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +48 -0
  3. data/CHANGELOG.md +9 -0
  4. data/SECURITY.md +4 -2
  5. data/lib/cose/rsapkcs1_algorithm.rb +7 -0
  6. data/lib/webauthn/credential_creation_options.rb +2 -0
  7. data/lib/webauthn/credential_request_options.rb +2 -0
  8. data/lib/webauthn/fake_client.rb +3 -2
  9. data/lib/webauthn/version.rb +1 -1
  10. data/webauthn.gemspec +3 -3
  11. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4094023fc463d77a38548e294121f819e874bfb1c075ca43b1fb38e41cfd53a2
4
- data.tar.gz: f410f8d7e000822943be953265a32e8f81423908e6aff282486d5afa4ab62eb4
3
+ metadata.gz: 9559be20982322786ccb5877f0d109c85d046a802675f84e286311e111a1101f
4
+ data.tar.gz: f002920190dae5c10f1b74ca69e901e70fcb18b7e4eb574e65088cc068cec21b
5
5
  SHA512:
6
- metadata.gz: 23ea57e2264cc45024174e8d7a54bc3d4f373cca916c4453079d5cfccf46caa4dbc5aa4013a54404121274a35e71f97f90a061062a21ca270a8b58d474345fb8
7
- data.tar.gz: 3b49c5b5b845fdcfc3b0b647a16aeab07ad219210e8e29835d171e387d6bcc4ac5fe08a4f9d2978ee6db1022363d1c2b06fe0a163a8625038aca51e1d274e903
6
+ metadata.gz: 387eec78c72ab4abf441a29d24a98c919ecc65e3e71928d4beb9987d7e30052812ba180d95fb7c2915e6423a4aa99ab501086defbb0ac21f81cb5d5ec2cc49ed
7
+ data.tar.gz: 9b393ced5e4c46d6266f673d104a53c4b41331938ae86f84116162c46aeb22e6156752843e0818f143957ea2d1d40ef157b46eb4d2c5a13371e8bec24b5313e3
data/.rubocop.yml CHANGED
@@ -24,6 +24,9 @@ Layout:
24
24
  Layout/ClassStructure:
25
25
  Enabled: true
26
26
 
27
+ Layout/EmptyLinesAroundAttributeAccessor:
28
+ Enabled: true
29
+
27
30
  Layout/FirstMethodArgumentLineBreak:
28
31
  Enabled: true
29
32
 
@@ -38,9 +41,54 @@ Layout/MultilineAssignmentLayout:
38
41
  Layout/MultilineMethodArgumentLineBreaks:
39
42
  Enabled: true
40
43
 
44
+ Layout/SpaceAroundMethodCallOperator:
45
+ Enabled: true
46
+
41
47
  Lint:
42
48
  Enabled: true
43
49
 
50
+ Lint/DeprecatedOpenSSLConstant:
51
+ Enabled: true
52
+
53
+ Lint/MixedRegexpCaptureTypes:
54
+ Enabled: true
55
+
56
+ Lint/RaiseException:
57
+ Enabled: true
58
+
59
+ Lint/StructNewOverride:
60
+ Enabled: true
61
+
62
+ Lint/BinaryOperatorWithIdenticalOperands:
63
+ Enabled: true
64
+
65
+ Lint/DuplicateElsifCondition:
66
+ Enabled: true
67
+
68
+ Lint/DuplicateRescueException:
69
+ Enabled: true
70
+
71
+ Lint/EmptyConditionalBody:
72
+ Enabled: true
73
+
74
+ Lint/FloatComparison:
75
+ Enabled: true
76
+
77
+ Lint/MissingSuper:
78
+ Enabled: true
79
+
80
+ Lint/OutOfRangeRegexpRef:
81
+ Enabled: true
82
+
83
+ Lint/SelfAssignment:
84
+ Enabled: true
85
+
86
+ Lint/TopLevelReturnWithArgument:
87
+ Enabled: true
88
+
89
+ Lint/UnreachableLoop:
90
+ Enabled: true
91
+
44
92
  Naming:
45
93
  Enabled: true
46
94
 
data/CHANGELOG.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # Changelog
2
2
 
3
+ ## [v2.4.0] - 2020-09-03
4
+
5
+ ### Added
6
+
7
+ - Support for ES256K credentials
8
+ - `FakeClient#get` accepts `user_handle:` keyword argument ([@lgarron])
9
+
3
10
  ## [v2.3.0] - 2020-06-27
4
11
 
5
12
  ### Added
@@ -294,6 +301,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
294
301
  - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
295
302
  - Works with ruby 2.5
296
303
 
304
+ [v2.4.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.3.0...v2.4.0/
297
305
  [v2.3.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.2.1...v2.3.0/
298
306
  [v2.2.1]: https://github.com/cedarcode/webauthn-ruby/compare/v2.2.0...v2.2.1/
299
307
  [v2.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.1.0...v2.2.0/
@@ -329,3 +337,4 @@ Note: Both additions should help making it compatible with Chrome for Android 70
329
337
  [@ssuttner]: https://github.com/ssuttner
330
338
  [@padulafacundo]: https://github.com/padulafacundo
331
339
  [@santiagorodriguez96]: https://github.com/santiagorodriguez96
340
+ [@lgarron]: https://github.com/lgarron
data/SECURITY.md CHANGED
@@ -4,9 +4,11 @@
4
4
 
5
5
  | Version | Supported |
6
6
  | ------- | ------------------ |
7
+ | 2.4.z | :white_check_mark: |
8
+ | 2.3.z | :white_check_mark: |
7
9
  | 2.2.z | :white_check_mark: |
8
- | 2.1.z | :white_check_mark: |
9
- | 2.0.z | :white_check_mark: |
10
+ | 2.1.z | :x: |
11
+ | 2.0.z | :x: |
10
12
  | 1.18.z | :white_check_mark: |
11
13
  | < 1.18 | :x: |
12
14
 
data/lib/cose/rsapkcs1_algorithm.rb CHANGED
@@ -40,4 +40,11 @@ end
40
40
  COSE::Algorithm.register(RSAPKCS1Algorithm.new(-257, "RS256", hash_function: "SHA256"))
41
41
  COSE::Algorithm.register(RSAPKCS1Algorithm.new(-258, "RS384", hash_function: "SHA384"))
42
42
  COSE::Algorithm.register(RSAPKCS1Algorithm.new(-259, "RS512", hash_function: "SHA512"))
43
+
44
+ # Patch openssl-signature_algorithm gem to support discouraged/deprecated RSA-PKCS#1 with SHA-1
45
+ # (RS1 in JOSE/COSE terminology) algorithm needed for WebAuthn.
46
+ OpenSSL::SignatureAlgorithm::RSAPKCS1.const_set(
47
+ :ACCEPTED_HASH_FUNCTIONS,
48
+ OpenSSL::SignatureAlgorithm::RSAPKCS1::ACCEPTED_HASH_FUNCTIONS + ["SHA1"]
49
+ )
43
50
  COSE::Algorithm.register(RSAPKCS1Algorithm.new(-65535, "RS1", hash_function: "SHA1"))
data/lib/webauthn/credential_creation_options.rb CHANGED
@@ -32,6 +32,8 @@ module WebAuthn
32
32
  user_display_name: nil,
33
33
  rp_name: nil
34
34
  )
35
+ super()
36
+
35
37
  @attestation = attestation
36
38
  @authenticator_selection = authenticator_selection
37
39
  @exclude_credentials = exclude_credentials
data/lib/webauthn/credential_request_options.rb CHANGED
@@ -16,6 +16,8 @@ module WebAuthn
16
16
  attr_accessor :allow_credentials, :extensions, :user_verification
17
17
 
18
18
  def initialize(allow_credentials: [], extensions: nil, user_verification: nil)
19
+ super()
20
+
19
21
  @allow_credentials = allow_credentials
20
22
  @extensions = extensions
21
23
  @user_verification = user_verification
data/lib/webauthn/fake_client.rb CHANGED
@@ -73,7 +73,8 @@ module WebAuthn
73
73
  user_present: true,
74
74
  user_verified: false,
75
75
  sign_count: nil,
76
- extensions: nil)
76
+ extensions: nil,
77
+ user_handle: nil)
77
78
  rp_id ||= URI.parse(origin).host
78
79
 
79
80
  client_data_json = data_json_for(:get, encoder.decode(challenge))
@@ -97,7 +98,7 @@ module WebAuthn
97
98
  "clientDataJSON" => encoder.encode(client_data_json),
98
99
  "authenticatorData" => encoder.encode(assertion[:authenticator_data]),
99
100
  "signature" => encoder.encode(assertion[:signature]),
100
- "userHandle" => nil
101
+ "userHandle" => user_handle ? encoder.encode(user_handle) : nil
101
102
  }
102
103
  }
103
104
  end
data/lib/webauthn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WebAuthn
4
- VERSION = "2.3.0"
4
+ VERSION = "2.4.0"
5
5
  end
data/webauthn.gemspec CHANGED
@@ -37,17 +37,17 @@ Gem::Specification.new do |spec|
37
37
  spec.add_dependency "awrence", "~> 1.1"
38
38
  spec.add_dependency "bindata", "~> 2.4"
39
39
  spec.add_dependency "cbor", "~> 0.5.9"
40
- spec.add_dependency "cose", "~> 1.0"
40
+ spec.add_dependency "cose", "~> 1.1"
41
41
  spec.add_dependency "openssl", "~> 2.0"
42
42
  spec.add_dependency "safety_net_attestation", "~> 0.4.0"
43
43
  spec.add_dependency "securecompare", "~> 1.0"
44
- spec.add_dependency "tpm-key_attestation", "~> 0.9.0"
44
+ spec.add_dependency "tpm-key_attestation", "~> 0.10.0"
45
45
 
46
46
  spec.add_development_dependency "appraisal", "~> 2.3.0"
47
47
  spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
48
48
  spec.add_development_dependency "byebug", "~> 11.0"
49
49
  spec.add_development_dependency "rake", "~> 13.0"
50
50
  spec.add_development_dependency "rspec", "~> 3.8"
51
- spec.add_development_dependency "rubocop", "0.80.1"
51
+ spec.add_development_dependency "rubocop", "0.89"
52
52
  spec.add_development_dependency "rubocop-rspec", "~> 1.38.1"
53
53
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: webauthn
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-06-27 00:00:00.000000000 Z
12
+ date: 2020-09-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: android_key_attestation
@@ -73,14 +73,14 @@ dependencies:
73
73
  requirements:
74
74
  - - "~>"
75
75
  - !ruby/object:Gem::Version
76
- version: '1.0'
76
+ version: '1.1'
77
77
  type: :runtime
78
78
  prerelease: false
79
79
  version_requirements: !ruby/object:Gem::Requirement
80
80
  requirements:
81
81
  - - "~>"
82
82
  - !ruby/object:Gem::Version
83
- version: '1.0'
83
+ version: '1.1'
84
84
  - !ruby/object:Gem::Dependency
85
85
  name: openssl
86
86
  requirement: !ruby/object:Gem::Requirement
@@ -129,14 +129,14 @@ dependencies:
129
129
  requirements:
130
130
  - - "~>"
131
131
  - !ruby/object:Gem::Version
132
- version: 0.9.0
132
+ version: 0.10.0
133
133
  type: :runtime
134
134
  prerelease: false
135
135
  version_requirements: !ruby/object:Gem::Requirement
136
136
  requirements:
137
137
  - - "~>"
138
138
  - !ruby/object:Gem::Version
139
- version: 0.9.0
139
+ version: 0.10.0
140
140
  - !ruby/object:Gem::Dependency
141
141
  name: appraisal
142
142
  requirement: !ruby/object:Gem::Requirement
@@ -219,14 +219,14 @@ dependencies:
219
219
  requirements:
220
220
  - - '='
221
221
  - !ruby/object:Gem::Version
222
- version: 0.80.1
222
+ version: '0.89'
223
223
  type: :development
224
224
  prerelease: false
225
225
  version_requirements: !ruby/object:Gem::Requirement
226
226
  requirements:
227
227
  - - '='
228
228
  - !ruby/object:Gem::Version
229
- version: 0.80.1
229
+ version: '0.89'
230
230
  - !ruby/object:Gem::Dependency
231
231
  name: rubocop-rspec
232
232
  requirement: !ruby/object:Gem::Requirement