webauthn 1.9.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +1 -1
- data/lib/webauthn/authenticator_data.rb +25 -2
- data/lib/webauthn/authenticator_data/attested_credential_data.rb +12 -1
- data/lib/webauthn/fake_authenticator.rb +23 -2
- data/lib/webauthn/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 64d44e8b2917b4301f669f4f736814ab42c27e3541d81404169aedcec18f64c3
|
|
4
|
+
data.tar.gz: aa138c35bdcceaf5d6971ae306c2fb3adb9c0be12ffae3ee2c2ebcb051787521
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 18ce684f6613dd5d399ef413f3d9d0c8dae77e97ba8eaa7cafae0e785ce14cdaa5c852cb44ea1e41dc03a7a9cb78841f0038ad0e228f4579f0d904fdd90601fc
|
|
7
|
+
data.tar.gz: db18d834bbbe2870c8d05db904d4ae2852516b10a786e6c9f7b5b38ea3cbfde9c2cbc7fa9b27b4979e56af892e2fcf019f24821dcc03a13f93e9bf096f1eb198
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [v1.10.0] - 2019-03-05
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
|
|
7
|
+
- Parse and make AuthenticatorData's extensionData available
|
|
8
|
+
|
|
3
9
|
## [v1.9.0] - 2019-02-22
|
|
4
10
|
|
|
5
11
|
### Added
|
|
@@ -121,6 +127,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
|
|
|
121
127
|
- `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
|
|
122
128
|
- Works with ruby 2.5
|
|
123
129
|
|
|
130
|
+
[v1.10.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.9.0...v1.10.0/
|
|
124
131
|
[v1.9.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.8.0...v1.9.0/
|
|
125
132
|
[v1.8.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.7.0...v1.8.0/
|
|
126
133
|
[v1.7.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.6.0...v1.7.0/
|
data/README.md
CHANGED
|
@@ -9,7 +9,7 @@ Easily implement WebAuthn in your ruby/rails app
|
|
|
9
9
|
|
|
10
10
|
- [WebAuthn article with Google IO 2018 talk](https://developers.google.com/web/updates/2018/05/webauthn)
|
|
11
11
|
- [Web Authentication API draft article by Mozilla](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API)
|
|
12
|
-
- [WebAuthn W3C
|
|
12
|
+
- [WebAuthn W3C Recommendation](https://www.w3.org/TR/webauthn/)
|
|
13
13
|
- [WebAuthn W3C Editor's Draft](https://w3c.github.io/webauthn/)
|
|
14
14
|
|
|
15
15
|
## Prerequisites
|
|
@@ -15,6 +15,7 @@ module WebAuthn
|
|
|
15
15
|
USER_PRESENT_FLAG_POSITION = 0
|
|
16
16
|
USER_VERIFIED_FLAG_POSITION = 2
|
|
17
17
|
ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION = 6
|
|
18
|
+
EXTENSION_DATA_INCLUDED_FLAG_POSITION = 7
|
|
18
19
|
|
|
19
20
|
def initialize(data)
|
|
20
21
|
@data = data
|
|
@@ -23,8 +24,10 @@ module WebAuthn
|
|
|
23
24
|
attr_reader :data
|
|
24
25
|
|
|
25
26
|
def valid?
|
|
26
|
-
if attested_credential_data_included?
|
|
27
|
-
data.length > base_length &&
|
|
27
|
+
if attested_credential_data_included? || extension_data_included?
|
|
28
|
+
data.length > base_length &&
|
|
29
|
+
(!attested_credential_data_included? || attested_credential_data.valid?) &&
|
|
30
|
+
(!extension_data_included? || extension_data)
|
|
28
31
|
else
|
|
29
32
|
data.length == base_length
|
|
30
33
|
end
|
|
@@ -46,6 +49,10 @@ module WebAuthn
|
|
|
46
49
|
flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1"
|
|
47
50
|
end
|
|
48
51
|
|
|
52
|
+
def extension_data_included?
|
|
53
|
+
flags[EXTENSION_DATA_INCLUDED_FLAG_POSITION] == "1"
|
|
54
|
+
end
|
|
55
|
+
|
|
49
56
|
def rp_id_hash
|
|
50
57
|
@rp_id_hash ||=
|
|
51
58
|
if valid?
|
|
@@ -66,6 +73,10 @@ module WebAuthn
|
|
|
66
73
|
AttestedCredentialData.new(data_at(attested_credential_data_position))
|
|
67
74
|
end
|
|
68
75
|
|
|
76
|
+
def extension_data
|
|
77
|
+
@extension_data ||= CBOR.decode(data_at(extension_data_position))
|
|
78
|
+
end
|
|
79
|
+
|
|
69
80
|
def flags
|
|
70
81
|
@flags ||= data_at(flags_position, FLAGS_LENGTH).unpack("b*")[0]
|
|
71
82
|
end
|
|
@@ -76,6 +87,18 @@ module WebAuthn
|
|
|
76
87
|
base_length
|
|
77
88
|
end
|
|
78
89
|
|
|
90
|
+
def attested_credential_data_length
|
|
91
|
+
if attested_credential_data_included?
|
|
92
|
+
attested_credential_data.length
|
|
93
|
+
else
|
|
94
|
+
0
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def extension_data_position
|
|
99
|
+
base_length + attested_credential_data_length
|
|
100
|
+
end
|
|
101
|
+
|
|
79
102
|
def base_length
|
|
80
103
|
RP_ID_HASH_LENGTH + FLAGS_LENGTH + SIGN_COUNT_LENGTH
|
|
81
104
|
end
|
|
@@ -40,6 +40,12 @@ module WebAuthn
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def length
|
|
44
|
+
if valid?
|
|
45
|
+
public_key_position + public_key_length
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
43
49
|
private
|
|
44
50
|
|
|
45
51
|
attr_reader :data
|
|
@@ -51,7 +57,7 @@ module WebAuthn
|
|
|
51
57
|
end
|
|
52
58
|
|
|
53
59
|
def public_key
|
|
54
|
-
@public_key ||= PublicKeyU2f.new(data_at(public_key_position))
|
|
60
|
+
@public_key ||= PublicKeyU2f.new(data_at(public_key_position, public_key_length))
|
|
55
61
|
end
|
|
56
62
|
|
|
57
63
|
def id_position
|
|
@@ -70,6 +76,11 @@ module WebAuthn
|
|
|
70
76
|
id_position + id_length
|
|
71
77
|
end
|
|
72
78
|
|
|
79
|
+
def public_key_length
|
|
80
|
+
@public_key_length ||=
|
|
81
|
+
CBOR.encode(CBOR::Unpacker.new(StringIO.new(data_at(public_key_position))).each.first).length
|
|
82
|
+
end
|
|
83
|
+
|
|
73
84
|
def data_at(position, length = nil)
|
|
74
85
|
length ||= data.size - position
|
|
75
86
|
|
|
@@ -15,7 +15,7 @@ module WebAuthn
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def authenticator_data
|
|
18
|
-
@authenticator_data ||= rp_id_hash + raw_flags + raw_sign_count + attested_credential_data
|
|
18
|
+
@authenticator_data ||= rp_id_hash + raw_flags + raw_sign_count + attested_credential_data + extension_data
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def client_data_json
|
|
@@ -39,7 +39,16 @@ module WebAuthn
|
|
|
39
39
|
attr_reader :challenge, :context, :rp_id
|
|
40
40
|
|
|
41
41
|
def raw_flags
|
|
42
|
-
[
|
|
42
|
+
[
|
|
43
|
+
[
|
|
44
|
+
bit(:user_present),
|
|
45
|
+
"0",
|
|
46
|
+
bit(:user_verified),
|
|
47
|
+
"000",
|
|
48
|
+
attested_credential_data_present_bit,
|
|
49
|
+
extension_data_present_bit
|
|
50
|
+
].join
|
|
51
|
+
].pack("b*")
|
|
43
52
|
end
|
|
44
53
|
|
|
45
54
|
def attested_credential_data_present_bit
|
|
@@ -50,10 +59,22 @@ module WebAuthn
|
|
|
50
59
|
end
|
|
51
60
|
end
|
|
52
61
|
|
|
62
|
+
def extension_data_present_bit
|
|
63
|
+
if extension_data.empty?
|
|
64
|
+
"0"
|
|
65
|
+
else
|
|
66
|
+
"1"
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
53
70
|
def attested_credential_data
|
|
54
71
|
""
|
|
55
72
|
end
|
|
56
73
|
|
|
74
|
+
def extension_data
|
|
75
|
+
CBOR.encode("fakeExtension" => "fakeValue")
|
|
76
|
+
end
|
|
77
|
+
|
|
57
78
|
def raw_sign_count
|
|
58
79
|
[@sign_count].pack('L>')
|
|
59
80
|
end
|
data/lib/webauthn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: webauthn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Rodriguez
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2019-
|
|
12
|
+
date: 2019-03-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: cbor
|
|
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
224
224
|
- !ruby/object:Gem::Version
|
|
225
225
|
version: '0'
|
|
226
226
|
requirements: []
|
|
227
|
-
rubygems_version: 3.0.
|
|
227
|
+
rubygems_version: 3.0.3
|
|
228
228
|
signing_key:
|
|
229
229
|
specification_version: 4
|
|
230
230
|
summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party
|