diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/services/webauthn | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) | |
download | gitlab-ce-85dc423f7090da0a52c73eb66faf22ddb20efff9.tar.gz |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/services/webauthn')
-rw-r--r-- | spec/services/webauthn/authenticate_service_spec.rb | 48 | ||||
-rw-r--r-- | spec/services/webauthn/register_service_spec.rb | 36 |
2 files changed, 84 insertions, 0 deletions
diff --git a/spec/services/webauthn/authenticate_service_spec.rb b/spec/services/webauthn/authenticate_service_spec.rb new file mode 100644 index 00000000000..61f64f24f5e --- /dev/null +++ b/spec/services/webauthn/authenticate_service_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require 'spec_helper' +require 'webauthn/fake_client' + +RSpec.describe Webauthn::AuthenticateService do + let(:client) { WebAuthn::FakeClient.new(origin) } + let(:user) { create(:user) } + let(:challenge) { Base64.strict_encode64(SecureRandom.random_bytes(32)) } + + let(:origin) { 'http://localhost' } + + before do + create_result = client.create(challenge: challenge) # rubocop:disable Rails/SaveBang + + webauthn_credential = WebAuthn::Credential.from_create(create_result) + + registration = WebauthnRegistration.new(credential_xid: Base64.strict_encode64(webauthn_credential.raw_id), + public_key: webauthn_credential.public_key, + counter: 0, + name: 'name', + user_id: user.id) + registration.save! + end + + describe '#execute' do + it 'returns true if the response is valid and a matching stored credential is present' do + get_result = client.get(challenge: challenge) + + get_result['clientExtensionResults'] = {} + service = Webauthn::AuthenticateService.new(user, get_result.to_json, challenge) + + expect(service.execute).to be_truthy + end + + it 'returns false if the response is valid but no matching stored credential is present' do + other_client = WebAuthn::FakeClient.new(origin) + other_client.create(challenge: challenge) # rubocop:disable Rails/SaveBang + + get_result = other_client.get(challenge: challenge) + + get_result['clientExtensionResults'] = {} + service = Webauthn::AuthenticateService.new(user, get_result.to_json, challenge) + + expect(service.execute).to be_falsey + end + end +end diff --git a/spec/services/webauthn/register_service_spec.rb b/spec/services/webauthn/register_service_spec.rb new file mode 100644 index 00000000000..bb9fa2080d2 --- /dev/null +++ b/spec/services/webauthn/register_service_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'spec_helper' +require 'webauthn/fake_client' + +RSpec.describe Webauthn::RegisterService do + let(:client) { WebAuthn::FakeClient.new(origin) } + let(:user) { create(:user) } + let(:challenge) { Base64.strict_encode64(SecureRandom.random_bytes(32)) } + + let(:origin) { 'http://localhost' } + + describe '#execute' do + it 'returns a registration if challenge matches' do + create_result = client.create(challenge: challenge) # rubocop:disable Rails/SaveBang + webauthn_credential = WebAuthn::Credential.from_create(create_result) + + params = { device_response: create_result.to_json, name: 'abc' } + service = Webauthn::RegisterService.new(user, params, challenge) + + registration = service.execute + expect(registration.credential_xid).to eq(Base64.strict_encode64(webauthn_credential.raw_id)) + expect(registration.errors.size).to eq(0) + end + + it 'returns an error if challenge does not match' do + create_result = client.create(challenge: Base64.strict_encode64(SecureRandom.random_bytes(16))) # rubocop:disable Rails/SaveBang + + params = { device_response: create_result.to_json, name: 'abc' } + service = Webauthn::RegisterService.new(user, params, challenge) + + registration = service.execute + expect(registration.errors.size).to eq(1) + end + end +end |