Add authenticatorInfo after assertion verification

author: Matthew Miller <matthew@millerti.me> 2020-05-22 16:53:38 -0700
committer: Matthew Miller <matthew@millerti.me> 2020-05-22 16:53:38 -0700
commit: 97ab2dbf56c3aa5c0ebb9ab4fb53fb184421e25a (patch)
tree: 60447e213901a66d85bb31622b9777f82f041908
parent: 8611db505392a951007974a85534671d5279521e (diff)
3 files changed, 33 insertions, 16 deletions
diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts
index 81d04b0..99e87d2 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.test.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts
@@ -19,13 +19,24 @@ afterEach(() => {
 test('should verify an assertion response', () => {
   const verification = verifyAssertionResponse(
     assertionResponse,
-    'https://dev.dontneeda.pw',
+    assertionOrigin,
     authenticator,
   );
 
   expect(verification.verified).toEqual(true);
 });
 
+test('should return authenticator info after verification', () => {
+  const verification = verifyAssertionResponse(
+    assertionResponse,
+    assertionOrigin,
+    authenticator,
+  );
+
+  expect(verification.authenticatorInfo.counter).toEqual(144);
+  expect(verification.authenticatorInfo.base64CredentialID).toEqual(authenticator.base64CredentialID);
+});
+
 test('should throw when response origin is not expected value', () => {
   expect(() => {
     verifyAssertionResponse(
@@ -68,18 +79,18 @@ test('should throw error if user was not present', () => {
 
 test('should throw error if previous counter value is not less than in response', () => {
   // This'll match the `counter` value in `assertionResponse`, simulating a potential replay attack
-  const badCounter = 135;
+  const badCounter = 144;
   const badDevice = {
     ...authenticator,
     counter: badCounter,
   };
 
   expect(() => {
-    verifyAssertionResponse(
+    console.log(verifyAssertionResponse(
       assertionResponse,
       assertionOrigin,
       badDevice,
-    );
+    ));
   }).toThrow();
 });
 
@@ -93,19 +104,21 @@ test('should throw error if previous counter value is not less than in response'
  * }
  */
 const assertionResponse = {
-  base64AuthenticatorData: 'PdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KABAAAAhw',
-  base64ClientDataJSON: 'eyJjaGFsbGVuZ2UiOiJXRzVRU21RM1oyOTROR2gyTVROUk56WnViVmhMTlZZMWMwOHRP' +
-    'V3BLVG5JIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoi' +
-    'aHR0cHM6Ly9kZXYuZG9udG5lZWRhLnB3IiwidHlwZSI6IndlYmF1dGhuLmdldCJ9',
-  base64Signature: 'MEQCIHZYFY3LsKzI0T9XRwEACl7YsYZysZ2HUw3q9f7tlq3wAiBNbyBbQMNM56P6Z00tBEZ6v' +
-    'II4f9Al-p4pZw7OBpSaog',
+  base64CredentialID: 'KEbWNCc7NgaYnUyrNeFGX9_3Y-8oJ3KwzjnaiD1d1LVTxR7v3CaKfCz2Vy_g_MHSh7yJ8yL0Px' +
+    'g6jo_o0hYiew',
+  base64AuthenticatorData: 'PdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KABAAAAkA==',
+  base64ClientDataJSON: 'eyJjaGFsbGVuZ2UiOiJkRzkwWVd4c2VWVnVhWEYxWlZaaGJIVmxSWFpsY25sVWFXMWwiLCJj' +
+    'bGllbnRFeHRlbnNpb25zIjp7fSwiaGFzaEFsZ29yaXRobSI6IlNIQS0yNTYiLCJvcmlnaW4iOiJodHRwczovL2Rldi5k' +
+    'b250bmVlZGEucHciLCJ0eXBlIjoid2ViYXV0aG4uZ2V0In0=',
+  base64Signature: 'MEUCIQDYXBOpCWSWq2Ll4558GJKD2RoWg958lvJSB_GdeokxogIgWuEVQ7ee6AswQY0OsuQ6y8Ks6' +
+    'jhd45bDx92wjXKs900='
 };
 const assertionOrigin = 'https://dev.dontneeda.pw';
 
 const authenticator = {
-  base64PublicKey: 'BBMQEnZRfg4ASys9kfGUj99Xlsa028wqYJZw8xuGahPQJWN3K9D9DajLxzKlY7uf_ulA5D6gh' +
-    'UJ9hrouDX84S_I',
-  base64CredentialID: 'wJZRtQbYjKlpiRnzet7yyVizdsj_oUhi11kFbKyO0hc5gIg-4xeaTC9YC9y9sfow6gO3jE' +
-    'MoONBKNX4SmSclmQ',
-  counter: 134,
+  base64PublicKey: 'BIheFp-u6GvFT2LNGovf3ZrT0iFVBsA_76rRysxRG9A18WGeA6hPmnab0HAViUYVRkwTNcN77QBf_' +
+    'RR0dv3lIvQ',
+  base64CredentialID: 'KEbWNCc7NgaYnUyrNeFGX9_3Y-8oJ3KwzjnaiD1d1LVTxR7v3CaKfCz2Vy_g_MHSh7yJ8yL0Px' +
+    'g6jo_o0hYiew',
+  counter: 0,
 };
diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts
index a4831aa..a3b631b 100644
--- a/packages/server/src/assertion/verifyAssertionResponse.ts
+++ b/packages/server/src/assertion/verifyAssertionResponse.ts
@@ -75,6 +75,10 @@ export default function verifyAssertionResponse(
 
   const toReturn = {
     verified: verifySignature(signature, signatureBase, publicKey),
+    authenticatorInfo: {
+      counter,
+      base64CredentialID: response.base64CredentialID,
+    },
   };
 
   return toReturn;
diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts
index ee714ff..f9bf561 100644
--- a/packages/typescript-types/src/index.ts
+++ b/packages/typescript-types/src/index.ts
@@ -172,7 +172,7 @@ export type VerifiedAttestation = {
  */
 export type VerifiedAssertion = {
   verified: boolean;
-  authenticatorInfo?: {
+  authenticatorInfo: {
     counter: number,
     base64CredentialID: string,
   },
author	Matthew Miller <matthew@millerti.me>	2020-05-22 16:53:38 -0700
committer	Matthew Miller <matthew@millerti.me>	2020-05-22 16:53:38 -0700
commit	97ab2dbf56c3aa5c0ebb9ab4fb53fb184421e25a (patch)
tree	60447e213901a66d85bb31622b9777f82f041908
parent	8611db505392a951007974a85534671d5279521e (diff)