webauthn 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -3
  3. data/README.md +23 -5
  4. data/lib/webauthn/authenticator_data.rb +9 -0
  5. data/lib/webauthn/authenticator_response.rb +1 -1
  6. data/lib/webauthn/version.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6d2e58280b0751e346931762bbd6985f7ac0c89dc7a2ac98ae4658e98b6f68c
4
- data.tar.gz: ca2ee35c669f2a31dd7770212deef3712b3089f34e119124977eac70f91cc3d7
3
+ metadata.gz: ae88f2e29c3d4c734f5d7efec59b6dd3824a2976a10c5cb7bc03ff525d79852c
4
+ data.tar.gz: b62bcde957604db6eb660ccd515c66bdb894178a3e6173a783483a0ee0378ac2
5
5
  SHA512:
6
- metadata.gz: df657808c9a692d6f32b1256917dfb9867abd9fa6dc117059cb92f1d8cb80beb652af7d71b9881add353b20a8dad85cd00448ed8d6a9205070ed6d627882ea58
7
- data.tar.gz: 9d417117edd82f9072dad0a98fafe4707121e2fb3cfb62678195e324d9bb68e1f00c35dbe8fc1721abd34ec1d09259decf2c620b4e56af2638cf3ec6ec98e850
6
+ metadata.gz: 6b40ec846092c70e19e79656325e24f1ed43231b911b37fe3fb9be20afbcd276b8d1e46f2e3bd719c92f0f031738f364581514db542c981028369ffbca28afe3
7
+ data.tar.gz: dd26ac18ca8db8ae98007a9f566e521a7d24998f244583099ff7f7bac4a8776d5ab2fa8f76fc2f2c8d7291d3119b21efcb422d46ee892dea6e83045c51b85878
data/CHANGELOG.md CHANGED
@@ -1,13 +1,24 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.2.0] - 2018-10-08
4
+
5
+ ### Added
6
+
7
+ - _Registration_ ceremony
8
+ - `WebAuthn::AuthenticatorAttestationResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
9
+ - _Authentication_ ceremony
10
+ - `WebAuthn::AuthenticatorAssertionResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
11
+
12
+ Note: Both additions should help making it compatible with Chrome for Android 70+/Android Fingerprint pair.
13
+
3
14
  ## [v1.1.0] - 2018-10-04
4
15
 
5
- ## Added
16
+ ### Added
6
17
 
7
18
  - _Registration_ ceremony
8
- - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionaly accepts rp_id. Thank you @sorah!
19
+ - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionally accepts rp_id. Thank you @sorah!
9
20
  - _Authentication_ ceremony
10
- - `WebAuthn::AuthenticatorAssertionResponse.valid?` optionaly accepts rp_id.
21
+ - `WebAuthn::AuthenticatorAssertionResponse.valid?` optionally accepts rp_id.
11
22
 
12
23
  ## [v1.0.0] - 2018-09-07
13
24
 
@@ -60,6 +71,7 @@
60
71
  - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
61
72
  - Works with ruby 2.5
62
73
 
74
+ [v1.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.1.0...v1.2.0/
63
75
  [v1.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.0.0...v1.1.0/
64
76
  [v1.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.2.0...v1.0.0/
65
77
  [v0.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.1.0...v0.2.0/
data/README.md CHANGED
@@ -68,8 +68,17 @@ credential_creation_options[:challenge]
68
68
  #### Validation phase
69
69
 
70
70
  ```ruby
71
- attestation_object = "..." # As returned by `navigator.credentials.create`
72
- client_data_json = "..." # As returned by `navigator.credentials.create`
71
+ # These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
72
+ #
73
+ # If the user-agent is a web browser, you would use some encoding algorithm to send what
74
+ # `navigator.credentials.create` returned through the wire.
75
+ #
76
+ # Then you need to decode that data before passing it to the `#valid?` method.
77
+ #
78
+ # E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
79
+ # on the user-agent encoded data before calling `#valid`
80
+ attestation_object = "..."
81
+ client_data_json = "..."
73
82
 
74
83
  attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
75
84
  attestation_object: attestation_object,
@@ -117,9 +126,18 @@ credential_request_options[:challenge]
117
126
  Assuming you have the previously stored Credential Public Key, now in variable `credential_public_key`
118
127
 
119
128
  ```ruby
120
- authenticator_data = "..." # As returned by `navigator.credentials.get`
121
- client_data_json = "..." # As returned by `navigator.credentials.get`
122
- signature = "..." # As returned by `navigator.credentials.get`
129
+ # These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
130
+ #
131
+ # If the user-agent is a web browser, you would use some encoding algorithm to send what
132
+ # `navigator.credentials.get` returned through the wire.
133
+ #
134
+ # Then you need to decode that data before passing it to the `#valid?` method.
135
+ #
136
+ # E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
137
+ # on the user-agent encoded data before calling `#valid`
138
+ authenticator_data = "..."
139
+ client_data_json = "..."
140
+ signature = "..."
123
141
 
124
142
  assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
125
143
  authenticator_data: authenticator_data,
data/lib/webauthn/authenticator_data.rb CHANGED
@@ -13,6 +13,7 @@ module WebAuthn
13
13
  SIGN_COUNT_POSITION = RP_ID_HASH_LENGTH + FLAGS_LENGTH
14
14
 
15
15
  USER_PRESENT_FLAG_POSITION = 0
16
+ USER_VERIFIED_FLAG_POSITION = 2
16
17
  ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION = 6
17
18
 
18
19
  def initialize(data)
@@ -29,10 +30,18 @@ module WebAuthn
29
30
  end
30
31
  end
31
32
 
33
+ def user_flagged?
34
+ user_present? || user_verified?
35
+ end
36
+
32
37
  def user_present?
33
38
  flags[USER_PRESENT_FLAG_POSITION] == "1"
34
39
  end
35
40
 
41
+ def user_verified?
42
+ flags[USER_VERIFIED_FLAG_POSITION] == "1"
43
+ end
44
+
36
45
  def attested_credential_data_included?
37
46
  flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1"
38
47
  end
data/lib/webauthn/authenticator_response.rb CHANGED
@@ -12,7 +12,7 @@ module WebAuthn
12
12
  valid_origin?(original_origin) &&
13
13
  valid_rp_id?(rp_id || rp_id_from_origin(original_origin)) &&
14
14
  authenticator_data.valid? &&
15
- authenticator_data.user_present?
15
+ authenticator_data.user_flagged?
16
16
  end
17
17
 
18
18
  def client_data
data/lib/webauthn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WebAuthn
4
- VERSION = "1.1.0"
4
+ VERSION = "1.2.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: webauthn
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2018-10-05 00:00:00.000000000 Z
12
+ date: 2018-10-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cbor
@@ -167,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
167
167
  version: '0'
168
168
  requirements: []
169
169
  rubyforge_project:
170
- rubygems_version: 2.7.6
170
+ rubygems_version: 2.7.7
171
171
  signing_key:
172
172
  specification_version: 4
173
173
  summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party