RubyGems - webauthn - Versions diffs - 2.3.0 → 2.4.0 - Mend

webauthn 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.rubocop.yml +48 -0
data/CHANGELOG.md +9 -0
data/SECURITY.md +4 -2
data/lib/cose/rsapkcs1_algorithm.rb +7 -0
data/lib/webauthn/credential_creation_options.rb +2 -0
data/lib/webauthn/credential_request_options.rb +2 -0
data/lib/webauthn/fake_client.rb +3 -2
data/lib/webauthn/version.rb +1 -1
data/webauthn.gemspec +3 -3
metadata +8 -8

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4094023fc463d77a38548e294121f819e874bfb1c075ca43b1fb38e41cfd53a2
-  data.tar.gz: f410f8d7e000822943be953265a32e8f81423908e6aff282486d5afa4ab62eb4
+  metadata.gz: 9559be20982322786ccb5877f0d109c85d046a802675f84e286311e111a1101f
+  data.tar.gz: f002920190dae5c10f1b74ca69e901e70fcb18b7e4eb574e65088cc068cec21b
 SHA512:
-  metadata.gz: 23ea57e2264cc45024174e8d7a54bc3d4f373cca916c4453079d5cfccf46caa4dbc5aa4013a54404121274a35e71f97f90a061062a21ca270a8b58d474345fb8
-  data.tar.gz: 3b49c5b5b845fdcfc3b0b647a16aeab07ad219210e8e29835d171e387d6bcc4ac5fe08a4f9d2978ee6db1022363d1c2b06fe0a163a8625038aca51e1d274e903
+  metadata.gz: 387eec78c72ab4abf441a29d24a98c919ecc65e3e71928d4beb9987d7e30052812ba180d95fb7c2915e6423a4aa99ab501086defbb0ac21f81cb5d5ec2cc49ed
+  data.tar.gz: 9b393ced5e4c46d6266f673d104a53c4b41331938ae86f84116162c46aeb22e6156752843e0818f143957ea2d1d40ef157b46eb4d2c5a13371e8bec24b5313e3

data/.rubocop.yml CHANGED

@@ -24,6 +24,9 @@ Layout:
 Layout/ClassStructure:
   Enabled: true
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
 Layout/FirstMethodArgumentLineBreak:
   Enabled: true
@@ -38,9 +41,54 @@ Layout/MultilineAssignmentLayout:
 Layout/MultilineMethodArgumentLineBreaks:
   Enabled: true
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
 Lint:
   Enabled: true
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Lint/BinaryOperatorWithIdenticalOperands:
+  Enabled: true
+Lint/DuplicateElsifCondition:
+  Enabled: true
+Lint/DuplicateRescueException:
+  Enabled: true
+Lint/EmptyConditionalBody:
+  Enabled: true
+Lint/FloatComparison:
+  Enabled: true
+Lint/MissingSuper:
+  Enabled: true
+Lint/OutOfRangeRegexpRef:
+  Enabled: true
+Lint/SelfAssignment:
+  Enabled: true
+Lint/TopLevelReturnWithArgument:
+  Enabled: true
+Lint/UnreachableLoop:
+  Enabled: true
 Naming:
   Enabled: true

data/CHANGELOG.md CHANGED

@@ -1,5 +1,12 @@
 # Changelog
+## [v2.4.0] - 2020-09-03
+### Added
+- Support for ES256K credentials
+- `FakeClient#get` accepts `user_handle:` keyword argument ([@lgarron])
 ## [v2.3.0] - 2020-06-27
 ### Added
@@ -294,6 +301,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
+[v2.4.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.3.0...v2.4.0/
 [v2.3.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.2.1...v2.3.0/
 [v2.2.1]: https://github.com/cedarcode/webauthn-ruby/compare/v2.2.0...v2.2.1/
 [v2.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.1.0...v2.2.0/
@@ -329,3 +337,4 @@ Note: Both additions should help making it compatible with Chrome for Android 70
 [@ssuttner]: https://github.com/ssuttner
 [@padulafacundo]: https://github.com/padulafacundo
 [@santiagorodriguez96]: https://github.com/santiagorodriguez96
+[@lgarron]: https://github.com/lgarron

data/SECURITY.md CHANGED

@@ -4,9 +4,11 @@
 | Version | Supported          |
 | ------- | ------------------ |
+| 2.4.z    | :white_check_mark: |
+| 2.3.z    | :white_check_mark: |
 | 2.2.z    | :white_check_mark: |
-| 2.1.z    | :white_check_mark: |
-| 2.0.z    | :white_check_mark: |
+| 2.1.z    | :x: |
+| 2.0.z    | :x: |
 | 1.18.z   | :white_check_mark: |
 | < 1.18   | :x:                |

data/lib/cose/rsapkcs1_algorithm.rb CHANGED

@@ -40,4 +40,11 @@ end
 COSE::Algorithm.register(RSAPKCS1Algorithm.new(-257, "RS256", hash_function: "SHA256"))
 COSE::Algorithm.register(RSAPKCS1Algorithm.new(-258, "RS384", hash_function: "SHA384"))
 COSE::Algorithm.register(RSAPKCS1Algorithm.new(-259, "RS512", hash_function: "SHA512"))
+# Patch openssl-signature_algorithm gem to support discouraged/deprecated RSA-PKCS#1 with SHA-1
+# (RS1 in JOSE/COSE terminology) algorithm needed for WebAuthn.
+OpenSSL::SignatureAlgorithm::RSAPKCS1.const_set(
+  :ACCEPTED_HASH_FUNCTIONS,
+  OpenSSL::SignatureAlgorithm::RSAPKCS1::ACCEPTED_HASH_FUNCTIONS + ["SHA1"]
+)
 COSE::Algorithm.register(RSAPKCS1Algorithm.new(-65535, "RS1", hash_function: "SHA1"))

data/lib/webauthn/credential_creation_options.rb CHANGED

@@ -32,6 +32,8 @@ module WebAuthn
       user_display_name: nil,
       rp_name: nil
     )
+      super()
       @attestation = attestation
       @authenticator_selection = authenticator_selection
       @exclude_credentials = exclude_credentials

data/lib/webauthn/credential_request_options.rb CHANGED

@@ -16,6 +16,8 @@ module WebAuthn
     attr_accessor :allow_credentials, :extensions, :user_verification
     def initialize(allow_credentials: [], extensions: nil, user_verification: nil)
+      super()
       @allow_credentials = allow_credentials
       @extensions = extensions
       @user_verification = user_verification

data/lib/webauthn/fake_client.rb CHANGED

@@ -73,7 +73,8 @@ module WebAuthn
             user_present: true,
             user_verified: false,
             sign_count: nil,
-            extensions: nil)
+            extensions: nil,
+            user_handle: nil)
       rp_id ||= URI.parse(origin).host
       client_data_json = data_json_for(:get, encoder.decode(challenge))
@@ -97,7 +98,7 @@ module WebAuthn
           "clientDataJSON" => encoder.encode(client_data_json),
           "authenticatorData" => encoder.encode(assertion[:authenticator_data]),
           "signature" => encoder.encode(assertion[:signature]),
-          "userHandle" => nil
+          "userHandle" => user_handle ? encoder.encode(user_handle) : nil
         }
       }
     end

data/lib/webauthn/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module WebAuthn
-  VERSION = "2.3.0"
+  VERSION = "2.4.0"
 end

data/webauthn.gemspec CHANGED

@@ -37,17 +37,17 @@ Gem::Specification.new do |spec|
   spec.add_dependency "awrence", "~> 1.1"
   spec.add_dependency "bindata", "~> 2.4"
   spec.add_dependency "cbor", "~> 0.5.9"
-  spec.add_dependency "cose", "~> 1.0"
+  spec.add_dependency "cose", "~> 1.1"
   spec.add_dependency "openssl", "~> 2.0"
   spec.add_dependency "safety_net_attestation", "~> 0.4.0"
   spec.add_dependency "securecompare", "~> 1.0"
-  spec.add_dependency "tpm-key_attestation", "~> 0.9.0"
+  spec.add_dependency "tpm-key_attestation", "~> 0.10.0"
   spec.add_development_dependency "appraisal", "~> 2.3.0"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
   spec.add_development_dependency "byebug", "~> 11.0"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rubocop", "0.80.1"
+  spec.add_development_dependency "rubocop", "0.89"
   spec.add_development_dependency "rubocop-rspec", "~> 1.38.1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-06-27 00:00:00.000000000 Z
+date: 2020-09-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: android_key_attestation
@@ -73,14 +73,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -129,14 +129,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -219,14 +219,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.80.1
+        version: '0.89'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.80.1
+        version: '0.89'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement