webauthn 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -3
- data/README.md +23 -5
- data/lib/webauthn/authenticator_data.rb +9 -0
- data/lib/webauthn/authenticator_response.rb +1 -1
- data/lib/webauthn/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae88f2e29c3d4c734f5d7efec59b6dd3824a2976a10c5cb7bc03ff525d79852c
|
4
|
+
data.tar.gz: b62bcde957604db6eb660ccd515c66bdb894178a3e6173a783483a0ee0378ac2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6b40ec846092c70e19e79656325e24f1ed43231b911b37fe3fb9be20afbcd276b8d1e46f2e3bd719c92f0f031738f364581514db542c981028369ffbca28afe3
|
7
|
+
data.tar.gz: dd26ac18ca8db8ae98007a9f566e521a7d24998f244583099ff7f7bac4a8776d5ab2fa8f76fc2f2c8d7291d3119b21efcb422d46ee892dea6e83045c51b85878
|
data/CHANGELOG.md
CHANGED
@@ -1,13 +1,24 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v1.2.0] - 2018-10-08
|
4
|
+
|
5
|
+
### Added
|
6
|
+
|
7
|
+
- _Registration_ ceremony
|
8
|
+
- `WebAuthn::AuthenticatorAttestationResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
|
9
|
+
- _Authentication_ ceremony
|
10
|
+
- `WebAuthn::AuthenticatorAssertionResponse.valid?` returns `true` if either UP or UV authenticator flags are present.
|
11
|
+
|
12
|
+
Note: Both additions should help making it compatible with Chrome for Android 70+/Android Fingerprint pair.
|
13
|
+
|
3
14
|
## [v1.1.0] - 2018-10-04
|
4
15
|
|
5
|
-
|
16
|
+
### Added
|
6
17
|
|
7
18
|
- _Registration_ ceremony
|
8
|
-
- `WebAuthn::AuthenticatorAttestationResponse.valid?`
|
19
|
+
- `WebAuthn::AuthenticatorAttestationResponse.valid?` optionally accepts rp_id. Thank you @sorah!
|
9
20
|
- _Authentication_ ceremony
|
10
|
-
- `WebAuthn::AuthenticatorAssertionResponse.valid?`
|
21
|
+
- `WebAuthn::AuthenticatorAssertionResponse.valid?` optionally accepts rp_id.
|
11
22
|
|
12
23
|
## [v1.0.0] - 2018-09-07
|
13
24
|
|
@@ -60,6 +71,7 @@
|
|
60
71
|
- `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
|
61
72
|
- Works with ruby 2.5
|
62
73
|
|
74
|
+
[v1.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.1.0...v1.2.0/
|
63
75
|
[v1.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.0.0...v1.1.0/
|
64
76
|
[v1.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.2.0...v1.0.0/
|
65
77
|
[v0.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.1.0...v0.2.0/
|
data/README.md
CHANGED
@@ -68,8 +68,17 @@ credential_creation_options[:challenge]
|
|
68
68
|
#### Validation phase
|
69
69
|
|
70
70
|
```ruby
|
71
|
-
|
72
|
-
|
71
|
+
# These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
|
72
|
+
#
|
73
|
+
# If the user-agent is a web browser, you would use some encoding algorithm to send what
|
74
|
+
# `navigator.credentials.create` returned through the wire.
|
75
|
+
#
|
76
|
+
# Then you need to decode that data before passing it to the `#valid?` method.
|
77
|
+
#
|
78
|
+
# E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
|
79
|
+
# on the user-agent encoded data before calling `#valid`
|
80
|
+
attestation_object = "..."
|
81
|
+
client_data_json = "..."
|
73
82
|
|
74
83
|
attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
|
75
84
|
attestation_object: attestation_object,
|
@@ -117,9 +126,18 @@ credential_request_options[:challenge]
|
|
117
126
|
Assuming you have the previously stored Credential Public Key, now in variable `credential_public_key`
|
118
127
|
|
119
128
|
```ruby
|
120
|
-
|
121
|
-
|
122
|
-
|
129
|
+
# These should be ruby `String`s encoded as binary data, e.g. `Encoding:ASCII-8BIT`.
|
130
|
+
#
|
131
|
+
# If the user-agent is a web browser, you would use some encoding algorithm to send what
|
132
|
+
# `navigator.credentials.get` returned through the wire.
|
133
|
+
#
|
134
|
+
# Then you need to decode that data before passing it to the `#valid?` method.
|
135
|
+
#
|
136
|
+
# E.g. in https://github.com/cedarcode/webauthn-rails-demo-app we use `Base64.strict_decode64`
|
137
|
+
# on the user-agent encoded data before calling `#valid`
|
138
|
+
authenticator_data = "..."
|
139
|
+
client_data_json = "..."
|
140
|
+
signature = "..."
|
123
141
|
|
124
142
|
assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
|
125
143
|
authenticator_data: authenticator_data,
|
@@ -13,6 +13,7 @@ module WebAuthn
|
|
13
13
|
SIGN_COUNT_POSITION = RP_ID_HASH_LENGTH + FLAGS_LENGTH
|
14
14
|
|
15
15
|
USER_PRESENT_FLAG_POSITION = 0
|
16
|
+
USER_VERIFIED_FLAG_POSITION = 2
|
16
17
|
ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION = 6
|
17
18
|
|
18
19
|
def initialize(data)
|
@@ -29,10 +30,18 @@ module WebAuthn
|
|
29
30
|
end
|
30
31
|
end
|
31
32
|
|
33
|
+
def user_flagged?
|
34
|
+
user_present? || user_verified?
|
35
|
+
end
|
36
|
+
|
32
37
|
def user_present?
|
33
38
|
flags[USER_PRESENT_FLAG_POSITION] == "1"
|
34
39
|
end
|
35
40
|
|
41
|
+
def user_verified?
|
42
|
+
flags[USER_VERIFIED_FLAG_POSITION] == "1"
|
43
|
+
end
|
44
|
+
|
36
45
|
def attested_credential_data_included?
|
37
46
|
flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1"
|
38
47
|
end
|
data/lib/webauthn/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: webauthn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gonzalo Rodriguez
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-10-
|
12
|
+
date: 2018-10-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: cbor
|
@@ -167,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
167
167
|
version: '0'
|
168
168
|
requirements: []
|
169
169
|
rubyforge_project:
|
170
|
-
rubygems_version: 2.7.
|
170
|
+
rubygems_version: 2.7.7
|
171
171
|
signing_key:
|
172
172
|
specification_version: 4
|
173
173
|
summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party
|