webauthn 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -3
  3. data/README.md +23 -5
  4. data/lib/webauthn/authenticator_data.rb +9 -0
  5. data/lib/webauthn/authenticator_response.rb +1 -1
  6. data/lib/webauthn/version.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6d2e58280b0751e346931762bbd6985f7ac0c89dc7a2ac98ae4658e98b6f68c
4
- data.tar.gz: ca2ee35c669f2a31dd7770212deef3712b3089f34e119124977eac70f91cc3d7
3
+ metadata.gz: ae88f2e29c3d4c734f5d7efec59b6dd3824a2976a10c5cb7bc03ff525d79852c
4
+ data.tar.gz: b62bcde957604db6eb660ccd515c66bdb894178a3e6173a783483a0ee0378ac2
5
5
  SHA512:
6
- metadata.gz: df657808c9a692d6f32b1256917dfb9867abd9fa6dc117059cb92f1d8cb80beb652af7d71b9881add353b20a8dad85cd00448ed8d6a9205070ed6d627882ea58
7
- data.tar.gz: 9d417117edd82f9072dad0a98fafe4707121e2fb3cfb62678195e324d9bb68e1f00c35dbe8fc1721abd34ec1d09259decf2c620b4e56af2638cf3ec6ec98e850
6
+ metadata.gz: 6b40ec846092c70e19e79656325e24f1ed43231b911b37fe3fb9be20afbcd276b8d1e46f2e3bd719c92f0f031738f364581514db542c981028369ffbca28afe3
7
+ data.tar.gz: dd26ac18ca8db8ae98007a9f566e521a7d24998f244583099ff7f7bac4a8776d5ab2fa8f76fc2f2c8d7291d3119b21efcb422d46ee892dea6e83045c51b85878
data/CHANGELOG.md CHANGED
@@ -1,13 +1,24 @@
1
1
  # Changelog
2
2
 
3
+ ## [v1.2.0] - 2018-10-08
4
+
5
+ ### Added
6
+
7
+ - _Registration_ ceremony
8
+ - `WebAuthn::AuthenticatorAttestationResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
9
+ - _Authentication_ ceremony
10
+ - `WebAuthn::AuthenticatorAssertionResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
11
+
12
+ Note: Both additions should help making it compatible with Chrome for Android 70+/Android Fingerprint pair.
13
+
3
14
  ## [v1.1.0] - 2018-10-04
4
15
 
5
- ## Added
16
+ ### Added
6
17
 
7
18
  - _Registration_ ceremony
8
- - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionaly accepts rp_id. Thank you @sorah!
19
+ - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionally accepts rp_id. Thank you @sorah!
9
20
  - _Authentication_ ceremony
10
- - `WebAuthn::AuthenticatorAssertionResponse.valid?` optionaly accepts rp_id.
21
+ - `WebAuthn::AuthenticatorAssertionResponse.valid?` optionally accepts rp_id.
11
22
 
12
23
  ## [v1.0.0] - 2018-09-07
13
24
 
@@ -60,6 +71,7 @@
60
71
  - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
61
72
  - Works with ruby 2.5
62
73
 
74
+ [v1.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.1.0...v1.2.0/
63
75
  [v1.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.0.0...v1.1.0/
64
76
  [v1.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.2.0...v1.0.0/
65
77
  [v0.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.1.0...v0.2.0/
data/README.md CHANGED
@@ -68,8 +68,17 @@ credential_creation_options[:challenge]
68
68
  #### Validation phase
69
69
 
70
70
  ```ruby
71
- attestation_object = "..." # As returned by `navigator.credentials.create`
72
- client_data_json = "..." # As returned by `navigator.credentials.create`
71
+ # These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
72
+ #
73
+ # If the user-agent is a web browser, you would use some encoding algorithm to send what
74
+ # `navigator.credentials.create` returned through the wire.
75
+ #
76
+ # Then you need to decode that data before passing it to the `#valid?` method.
77
+ #
78
+ # E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
79
+ # on the user-agent encoded data before calling `#valid`
80
+ attestation_object = "..."
81
+ client_data_json = "..."
73
82
 
74
83
  attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
75
84
  attestation_object: attestation_object,
@@ -117,9 +126,18 @@ credential_request_options[:challenge]
117
126
  Assuming you have the previously stored Credential Public Key, now in variable `credential_public_key`
118
127
 
119
128
  ```ruby
120
- authenticator_data = "..." # As returned by `navigator.credentials.get`
121
- client_data_json = "..." # As returned by `navigator.credentials.get`
122
- signature = "..." # As returned by `navigator.credentials.get`
129
+ # These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
130
+ #
131
+ # If the user-agent is a web browser, you would use some encoding algorithm to send what
132
+ # `navigator.credentials.get` returned through the wire.
133
+ #
134
+ # Then you need to decode that data before passing it to the `#valid?` method.
135
+ #
136
+ # E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
137
+ # on the user-agent encoded data before calling `#valid`
138
+ authenticator_data = "..."
139
+ client_data_json = "..."
140
+ signature = "..."
123
141
 
124
142
  assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
125
143
  authenticator_data: authenticator_data,
data/lib/webauthn/authenticator_data.rb CHANGED
@@ -13,6 +13,7 @@ module WebAuthn
13
13
  SIGN_COUNT_POSITION = RP_ID_HASH_LENGTH + FLAGS_LENGTH
14
14
 
15
15
  USER_PRESENT_FLAG_POSITION = 0
16
+ USER_VERIFIED_FLAG_POSITION = 2
16
17
  ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION = 6
17
18
 
18
19
  def initialize(data)
@@ -29,10 +30,18 @@ module WebAuthn
29
30
  end
30
31
  end
31
32
 
33
+ def user_flagged?
34
+ user_present? || user_verified?
35
+ end
36
+
32
37
  def user_present?
33
38
  flags[USER_PRESENT_FLAG_POSITION] == "1"
34
39
  end
35
40
 
41
+ def user_verified?
42
+ flags[USER_VERIFIED_FLAG_POSITION] == "1"
43
+ end
44
+
36
45
  def attested_credential_data_included?
37
46
  flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1"
38
47
  end
data/lib/webauthn/authenticator_response.rb CHANGED
@@ -12,7 +12,7 @@ module WebAuthn
12
12
  valid_origin?(original_origin) &&
13
13
  valid_rp_id?(rp_id || rp_id_from_origin(original_origin)) &&
14
14
  authenticator_data.valid? &&
15
- authenticator_data.user_present?
15
+ authenticator_data.user_flagged?
16
16
  end
17
17
 
18
18
  def client_data
data/lib/webauthn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module WebAuthn
4
- VERSION = "1.1.0"
4
+ VERSION = "1.2.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: webauthn
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2018-10-05 00:00:00.000000000 Z
12
+ date: 2018-10-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cbor
@@ -167,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
167
167
  version: '0'
168
168
  requirements: []
169
169
  rubyforge_project:
170
- rubygems_version: 2.7.6
170
+ rubygems_version: 2.7.7
171
171
  signing_key:
172
172
  specification_version: 4
173
173
  summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party