RubyGems - webauthn - Versions diffs - 2.0.0.beta1 → 2.0.0 - Mend

webauthn 2.0.0.beta1 → 2.0.0

Files changed (8) hide show

checksums.yaml +4 -4
data/.travis.yml +4 -6
data/CHANGELOG.md +7 -6
data/README.md +96 -5
data/lib/webauthn/attestation_statement/base.rb +1 -1
data/lib/webauthn/version.rb +1 -1
data/webauthn.gemspec +2 -2
metadata +9 -9

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6181693e3c34f1ca289fb2056df36c35a5e144076288eef34e774e2dfc1794b5
-  data.tar.gz: 87883fa3fe7c7bd5da885025b7a571dfedfdfe1c27c6a5c8edeee54956bd98bc
+  metadata.gz: 2bd2d85eb0ce4769f5c4fe9529dedb4cd8bb25c4322bfb95bd4d9d623ab58b00
+  data.tar.gz: 6b0a3a7c524d7bd4db88d6c94968a165801374708ceac00f24e981c8599cbfe4
 SHA512:
-  metadata.gz: a69f7870a89344a5d00b1c75b55dd6e25741719bf2fd79d03e83348530a964ef237f8330dea55edbb58b9fe5ee0522f2f41b5d9d46f7d975112b9dd8a05889bd
-  data.tar.gz: 19b32618b9e83e2618abe361aca398933030fe2963502c8a9054dc291b22678107e3257be5d7a711bdf0d826dc1d444e28d726282fa6306abf336f675e3794df
+  metadata.gz: ebf401f24d784c4beb0adbcb98203de34612eb47bd6af002dc5cb02709bc258078ca92439d5917fef28f8ff869de6e02c41bbe3301f16f2472d76b0cf93662ec
+  data.tar.gz: 8e1d8f03cad6d75658c4116d7b6117539ba828cbfea07dbb9a584a29387f55519c9a8eed332b4602a75ed0d7691a9bd412e7f9241b9993b0dff123b69cec086c

data/.travis.yml CHANGED

@@ -1,13 +1,12 @@
-dist: xenial
+dist: bionic
 language: ruby
 cache: bundler
 rvm:
   - ruby-head
-  - 2.7.0-preview1
-  - 2.6.4
-  - 2.5.6
-  - 2.4.7
+  - 2.6.5
+  - 2.5.7
+  - 2.4.9
   - 2.3.8
 gemfile:
@@ -20,7 +19,6 @@ matrix:
   fast_finish: true
   allow_failures:
     - rvm: ruby-head
-    - rvm: 2.7.0-preview1
     - gemfile: gemfiles/cose_head.gemfile
     - gemfile: gemfiles/openssl_head.gemfile

data/CHANGELOG.md CHANGED

@@ -1,6 +1,6 @@
 # Changelog
-## [v2.0.0.beta1] - 2019-09-16
+## [v2.0.0] - 2019-10-03
 ### Added
@@ -21,8 +21,9 @@
 Please replace with `public_key:` and `sign_count:` keyword arguments. If you're not performing sign count
 verification, signal opt-out with `sign_count: false`.
-- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using camelBack string
-keys instead of snake_case symbol keys in the returned hash.
+- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using lowerCamelCase
+string keys instead of snake_case symbol keys in the returned hash.
 - `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by not padding the
 returned base64url-encoded `id` value.
@@ -45,8 +46,8 @@ pass it.
 Please replace with `public_key:` and `sign_count:` keyword arguments. If you're not performing sign count
 verification, signal opt-out with `sign_count: false`.
-- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using camelBack string
-keys instead of snake_case symbol keys in the returned hash.
+- `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by using lowerCamelCase
+string keys instead of snake_case symbol keys in the returned hash.
 - `WebAuthn::FakeClient#create` and `WebAuthn::FakeClient#get` better fakes a real client by not padding the
 returned base64url-encoded `id` value.
@@ -260,7 +261,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
-[v2.0.0.beta1]: https://github.com/cedarcode/webauthn-ruby/compare/v1.18.0...v2.0.0.beta1/
+[v2.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.18.0...v2.0.0/
 [v1.18.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.17.0...v1.18.0/
 [v1.17.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.16.0...v1.17.0/
 [v1.16.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.15.0...v1.16.0/

data/README.md CHANGED

@@ -108,11 +108,11 @@ WebAuthn.configure do |config|
   config.rp_name = "Example Inc."
   # Optionally configure a client timeout hint, in milliseconds.
-  # This hint specifies how long the browser should wait for an
-  # attestation or an assertion response.
+  # This hint specifies how long the browser should wait for any
+  # interaction with the user.
   # This hint may be overridden by the browser.
   # https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-timeout
-  config.credential_options_timeout = 120000
+  # config.credential_options_timeout = 120_000
   # You can optionally specify a different Relying Party ID
   # (https://www.w3.org/TR/webauthn/#relying-party-identifier)
@@ -127,7 +127,12 @@ WebAuthn.configure do |config|
   # used in your client-side (user agent) code before sending the credential to the server.
   # Supported values: `:base64url` (default), `:base64` or `false` to disable all encoding.
   #
-  # config.encoding = false
+  # config.encoding = :base64url
+  # Possible values: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "RS1"
+  # Default: ["ES256", "PS256", "RS256"]
+  #
+  # config.algorithms << "ES384"
 end
 ```
@@ -249,7 +254,93 @@ end
 ## API
-_Pending_
+#### `WebAuthn.generate_user_id`
+Generates a [WebAuthn User Handle](https://www.w3.org/TR/webauthn-2/#user-handle) that follows the WebAuthn spec recommendations.
+```ruby
+WebAuthn.generate_user_id # "lWoMZTGf_ml2RoY5qPwbwrkxrvTqWjGOxEoYBgxft3zG-LlrICvE-y8bxFi06zMyIOyNsJoWx4Fa2TOqoRmnxA"
+```
+#### `WebAuthn::Credential.options_for_create(options)`
+Helper method to build the necessary [PublicKeyCredentialCreationOptions](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions)
+to be used in the client-side code to call `navigator.credentials.create({ "publicKey": publicKeyCredentialCreationOptions })`.
+```ruby
+creation_options = WebAuthn::Credential.options_for_create(
+  user: { id: user.webauthn_id, name: user.name }
+  exclude: user.credentials.map { |c| c.webauthn_id }
+)
+# Store the newly generated challenge somewhere so you can have it
+# for the verification phase.
+session[:creation_challenge] = creation_options.challenge
+# Send `creation_options` back to the browser, so that they can be used
+# to call `navigator.credentials.create({ "publicKey": creationOptions })`
+#
+# You can call `creation_options.as_json` to get a ruby hash with a JSON representation if needed.
+# If inside a Rails controller, `render json: creation_options` will just work.
+# I.e. it will encode and convert the options to JSON automatically.
+```
+#### `WebAuthn::Credential.options_for_get([options])`
+Helper method to build the necessary [PublicKeyCredentialRequestOptions](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrequestoptions)
+to be used in the client-side code to call `navigator.credentials.get({ "publicKey": publicKeyCredentialRequestOptions })`.
+```ruby
+request_options = WebAuthn::Credential.options_for_get(allow: user.credentials.map { |c| c.webauthn_id })
+# Store the newly generated challenge somewhere so you can have it
+# for the verification phase.
+session[:authentication_challenge] = request_options.challenge
+# Send `request_options` back to the browser, so that they can be used
+# to call `navigator.credentials.get({ "publicKey": requestOptions })`
+# You can call `request_options.as_json` to get a ruby hash with a JSON representation if needed.
+# If inside a Rails controller, `render json: request_options` will just work.
+# I.e. it will encode and convert the options to JSON automatically.
+```
+#### `WebAuthn::Credential.from_create(credential_create_result)`
+```ruby
+credential_with_attestation = WebAuthn::Credential.from_create(params[:publicKeyCredential])
+```
+#### `WebAuthn::Credential.from_get(credential_get_result)`
+```ruby
+credential_with_assertion = WebAuthn::Credential.from_get(params[:publicKeyCredential])
+```
+#### `PublicKeyCredentialWithAttestation#verify(challenge)`
+Verifies the created WebAuthn credential is [valid](https://www.w3.org/TR/webauthn-2/#sctn-registering-a-new-credential).
+```ruby
+credential_with_attestation.verify(session[:creation_challenge])
+```
+#### `PublicKeyCredentialWithAssertion#verify(challenge, public_key:, sign_count:)`
+Verifies the asserted WebAuthn credential is [valid](https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion).
+Mainly, that the client provided a valid cryptographic signature for the corresponding stored credential public
+key, among other extra validations.
+```ruby
+credential_with_assertion.verify(
+  session[:authentication_challenge],
+  public_key: stored_credential.public_key,
+  sign_count: stored_credential.sign_count
+)
+```
 ## Attestation Statement Formats

data/lib/webauthn/attestation_statement/base.rb CHANGED

@@ -23,7 +23,7 @@ module WebAuthn
       end
       def valid?(_authenticator_data, _client_data_hash)
-        raise NotImpelementedError
+        raise NotImplementedError
       end
       def attestation_certificate

data/lib/webauthn/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module WebAuthn
-  VERSION = "2.0.0.beta1"
+  VERSION = "2.0.0"
 end

data/webauthn.gemspec CHANGED

@@ -42,7 +42,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "appraisal", "~> 2.2.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
   spec.add_development_dependency "byebug", "~> 11.0"
-  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rubocop", "0.73.0"
+  spec.add_development_dependency "rubocop", "0.75.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 2.0.0.beta1
+  version: 2.0.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 2019-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: awrence
@@ -169,14 +169,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -197,14 +197,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.73.0
+        version: 0.75.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.73.0
+        version: 0.75.0
 description: |-
   WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
       Relying Party and allow your users to authenticate with U2F and FIDO2 authenticators.
@@ -309,11 +309,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: WebAuthn ruby server library