summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
authorMatthew Miller <matthew@millerti.me>2022-12-27 21:35:55 -0800
committerMatthew Miller <matthew@millerti.me>2022-12-27 21:35:55 -0800
commit6b1c86f307ea660fa36cf1a949286ba79b64e305 (patch)
tree89b749e039fc1123de15f63636195e5e3fcda42a /packages/server/src
parentcbfa15930382f98e215c2e68103e5ac8770b22fe (diff)
Rename `credential` opt to `response`
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.test.ts40
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.ts24
-rw-r--r--packages/server/src/registration/verifications/tpm/verifyAttestationTPM.test.ts12
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationAndroidKey.test.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationApple.test.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationPacked.test.ts2
-rw-r--r--packages/server/src/registration/verifyRegistrationResponse.test.ts62
-rw-r--r--packages/server/src/registration/verifyRegistrationResponse.ts20
8 files changed, 82 insertions, 82 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
index 89ffdd3..fcd1b4f 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
@@ -24,7 +24,7 @@ afterEach(() => {
test('should verify an assertion response', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -37,7 +37,7 @@ test('should verify an assertion response', async () => {
test('should return authenticator info after verification', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -52,7 +52,7 @@ test('should return authenticator info after verification', async () => {
test('should throw when response challenge is not expected value', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: 'shouldhavebeenthisvalue',
expectedOrigin: 'https://different.address',
expectedRPID: 'dev.dontneeda.pw',
@@ -64,7 +64,7 @@ test('should throw when response challenge is not expected value', async () => {
test('should throw when response origin is not expected value', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: 'https://different.address',
expectedRPID: 'dev.dontneeda.pw',
@@ -83,7 +83,7 @@ test('should throw when assertion type is not webauthn.create', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -100,7 +100,7 @@ test('should throw error if user was not present', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -119,7 +119,7 @@ test('should throw error if previous counter value is not less than in response'
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -137,7 +137,7 @@ test('should throw error if assertion RP ID is unexpected value', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -148,7 +148,7 @@ test('should throw error if assertion RP ID is unexpected value', async () => {
test('should not compare counters if both are 0', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionFirstTimeUsedResponse,
+ response: assertionFirstTimeUsedResponse,
expectedChallenge: assertionFirstTimeUsedChallenge,
expectedOrigin: assertionFirstTimeUsedOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -174,7 +174,7 @@ test('should throw an error if user verification is required but user was not ve
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -189,7 +189,7 @@ test.skip('should verify TPM assertion', async () => {
const expectedChallenge = 'dG90YWxseVVuaXF1ZVZhbHVlRXZlcnlBc3NlcnRpb24';
jest.spyOn(isoBase64URL, 'toString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyAuthenticationResponse({
- credential: {
+ response: {
id: 'YJ8FMM-AmcUt73XPX341WXWd7ypBMylGjjhu0g3VzME',
rawId: 'YJ8FMM-AmcUt73XPX341WXWd7ypBMylGjjhu0g3VzME',
response: {
@@ -218,7 +218,7 @@ test.skip('should verify TPM assertion', async () => {
test('should support multiple possible origins', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: ['https://simplewebauthn.dev', assertionOrigin],
expectedRPID: 'dev.dontneeda.pw',
@@ -232,7 +232,7 @@ test('should support multiple possible origins', async () => {
test('should throw an error if origin not in list of expected origins', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: ['https://simplewebauthn.dev', 'https://fizz.buzz'],
expectedRPID: 'dev.dontneeda.pw',
@@ -243,7 +243,7 @@ test('should throw an error if origin not in list of expected origins', async ()
test('should support multiple possible RP IDs', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: ['dev.dontneeda.pw', 'simplewebauthn.dev'],
@@ -257,7 +257,7 @@ test('should support multiple possible RP IDs', async () => {
test('should throw an error if RP ID not in list of possible RP IDs', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: ['simplewebauthn.dev'],
@@ -268,7 +268,7 @@ test('should throw an error if RP ID not in list of possible RP IDs', async () =
test('should pass verification if custom challenge verifier returns true', async () => {
const verification = await verifyAuthenticationResponse({
- credential: {
+ response: {
id: 'AaIBxnYfL2pDWJmIii6CYgHBruhVvFGHheWamphVioG_TnEXxKA9MW4FWnJh21zsbmRpRJso9i2JmAtWOtXfVd4oXTgYVusXwhWWsA',
rawId:
'AaIBxnYfL2pDWJmIii6CYgHBruhVvFGHheWamphVioG_TnEXxKA9MW4FWnJh21zsbmRpRJso9i2JmAtWOtXfVd4oXTgYVusXwhWWsA',
@@ -308,7 +308,7 @@ test('should pass verification if custom challenge verifier returns true', async
test('should fail verification if custom challenge verifier returns false', async () => {
await expect(
verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: challenge => challenge === 'willNeverMatch',
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -319,7 +319,7 @@ test('should fail verification if custom challenge verifier returns false', asyn
test('should return authenticator extension output', async () => {
const verification = await verifyAuthenticationResponse({
- credential: {
+ response: {
response: {
clientDataJSON:
'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiaVpzVkN6dHJEVzdEMlVfR0hDSWxZS0x3VjJiQ3NCVFJxVlFVbkpYbjlUayIsIm9yaWdpbiI6ImFuZHJvaWQ6YXBrLWtleS1oYXNoOmd4N3NxX3B4aHhocklRZEx5ZkcwcHhLd2lKN2hPazJESlE0eHZLZDQzOFEiLCJhbmRyb2lkUGFja2FnZU5hbWUiOiJjb20uZmlkby5leGFtcGxlLmZpZG8yYXBpZXhhbXBsZSJ9',
@@ -365,7 +365,7 @@ test('should return authenticator extension output', async () => {
test('should return credential backup info', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
@@ -440,7 +440,7 @@ const authenticatorFirstTimeUsed: AuthenticatorDevice = {
test('should return user verified flag after successful auth', async () => {
const verification = await verifyAuthenticationResponse({
- credential: assertionResponse,
+ response: assertionResponse,
expectedChallenge: assertionChallenge,
expectedOrigin: assertionOrigin,
expectedRPID: 'dev.dontneeda.pw',
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index 81b2878..d95bca5 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -15,7 +15,7 @@ import { matchExpectedRPID } from '../helpers/matchExpectedRPID';
import { isoUint8Array, isoBase64URL } from '../helpers/iso';
export type VerifyAuthenticationResponseOpts = {
- credential: AuthenticationResponseJSON;
+ response: AuthenticationResponseJSON;
expectedChallenge: string | ((challenge: string) => boolean);
expectedOrigin: string | string[];
expectedRPID: string | string[];
@@ -31,7 +31,7 @@ export type VerifyAuthenticationResponseOpts = {
*
* **Options:**
*
- * @param credential Authenticator credential returned by browser's `startAssertion()`
+ * @param response Response returned by **@simplewebauthn/browser**'s `startAssertion()`
* @param expectedChallenge The base64url-encoded `options.challenge` returned by
* `generateAuthenticationOptions()`
* @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
@@ -49,7 +49,7 @@ export async function verifyAuthenticationResponse(
options: VerifyAuthenticationResponseOpts,
): Promise<VerifiedAuthenticationResponse> {
const {
- credential,
+ response,
expectedChallenge,
expectedOrigin,
expectedRPID,
@@ -57,7 +57,7 @@ export async function verifyAuthenticationResponse(
requireUserVerification = true,
advancedFIDOConfig,
} = options;
- const { id, rawId, type: credentialType, response } = credential;
+ const { id, rawId, type: credentialType, response: assertionResponse } = response;
// Ensure credential specified an ID
if (!id) {
@@ -78,11 +78,11 @@ export async function verifyAuthenticationResponse(
throw new Error('Credential missing response');
}
- if (typeof response?.clientDataJSON !== 'string') {
+ if (typeof assertionResponse?.clientDataJSON !== 'string') {
throw new Error('Credential response clientDataJSON was not a string');
}
- const clientDataJSON = decodeClientDataJSON(response.clientDataJSON);
+ const clientDataJSON = decodeClientDataJSON(assertionResponse.clientDataJSON);
const { type, origin, challenge, tokenBinding } = clientDataJSON;
@@ -120,15 +120,15 @@ export async function verifyAuthenticationResponse(
}
}
- if (!isoBase64URL.isBase64url(response.authenticatorData)) {
+ if (!isoBase64URL.isBase64url(assertionResponse.authenticatorData)) {
throw new Error('Credential response authenticatorData was not a base64url string');
}
- if (!isoBase64URL.isBase64url(response.signature)) {
+ if (!isoBase64URL.isBase64url(assertionResponse.signature)) {
throw new Error('Credential response signature was not a base64url string');
}
- if (response.userHandle && typeof response.userHandle !== 'string') {
+ if (assertionResponse.userHandle && typeof assertionResponse.userHandle !== 'string') {
throw new Error('Credential response userHandle was not a string');
}
@@ -142,7 +142,7 @@ export async function verifyAuthenticationResponse(
}
}
- const authDataBuffer = isoBase64URL.toBuffer(response.authenticatorData);
+ const authDataBuffer = isoBase64URL.toBuffer(assertionResponse.authenticatorData);
const parsedAuthData = parseAuthenticatorData(authDataBuffer);
const { rpIdHash, flags, counter, extensionsData } = parsedAuthData;
@@ -185,10 +185,10 @@ export async function verifyAuthenticationResponse(
}
}
- const clientDataHash = await toHash(isoBase64URL.toBuffer(response.clientDataJSON));
+ const clientDataHash = await toHash(isoBase64URL.toBuffer(assertionResponse.clientDataJSON));
const signatureBase = isoUint8Array.concat([authDataBuffer, clientDataHash]);
- const signature = isoBase64URL.toBuffer(response.signature);
+ const signature = isoBase64URL.toBuffer(assertionResponse.signature);
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
// Error out when the counter in the DB is greater than or equal to the counter in the
diff --git a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.test.ts b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.test.ts
index 0480d15..a2f282b 100644
--- a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.test.ts
+++ b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.test.ts
@@ -5,7 +5,7 @@ test('should verify TPM response', async () => {
const expectedChallenge = 'a4de0d36-057d-4e9d-831a-2c578fa89170';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'SErwRhxIzjPowcnM3e-D-u89EQXLUe1NYewpshd7Mc0',
rawId: 'SErwRhxIzjPowcnM3e-D-u89EQXLUe1NYewpshd7Mc0',
response: {
@@ -37,7 +37,7 @@ test('should verify SHA1 TPM response', async () => {
'9JyUfJkg8PqoKZuD7FHzOE9dbyculC9urGTpGqBnEwnhKmni4rGRXxm3-ZBHK8x6riJQqIpC8qEa-T0qIFTKTQ';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
rawId: 'UJDoUJoGiDQF_EEZ3G_z9Lfq16_KFaXtMTjwTUrrRlc',
id: 'UJDoUJoGiDQF_EEZ3G_z9Lfq16_KFaXtMTjwTUrrRlc',
response: {
@@ -69,7 +69,7 @@ test('should verify SHA256 TPM response', async () => {
'gHrAk4pNe2VlB0HLeKclI2P6QEa83PuGeijTHMtpbhY9KlybyhlwF_VzRe7yhabXagWuY6rkDWfvvhNqgh2o7A';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
rawId: 'h9XMhkVePN1Prq9Ks_VfwIsVZvt-jmSRTEnevTc-KB8',
id: 'h9XMhkVePN1Prq9Ks_VfwIsVZvt-jmSRTEnevTc-KB8',
response: {
@@ -108,7 +108,7 @@ test('should verify TPM response with spec-compliant tcgAtTpm SAN structure', as
const expectedChallenge = 'VfmZXKDxqdoXFMHXO3SE2Q2b8u5Ki64OL_XICELcGKg';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'LVwzXx0fStkvsos_jdl9DTd6O3-6be8Ua4tcdXc5XeM',
rawId: 'LVwzXx0fStkvsos_jdl9DTd6O3-6be8Ua4tcdXc5XeM',
response: {
@@ -142,7 +142,7 @@ test('should verify TPM response with non-spec-compliant tcgAtTpm SAN structure'
const expectedChallenge = '4STWgmXrgJxzigqe6nFuIg';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'X7TPi7o8WfiIz1bP0Vciz1xRvSMyiitgOR1sUqY724s',
rawId: 'X7TPi7o8WfiIz1bP0Vciz1xRvSMyiitgOR1sUqY724s',
response: {
@@ -167,7 +167,7 @@ test('should verify TPM response with ECC public area type', async () => {
const expectedChallenge = 'uzn9u0Tx-LBdtGgERsbkHRBjiUt5i2rvm2BBTZrWqEo';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'hsS2ywFz_LWf9-lC35vC9uJTVD3ZCVdweZvESUbjXnQ',
rawId: 'hsS2ywFz_LWf9-lC35vC9uJTVD3ZCVdweZvESUbjXnQ',
type: 'public-key',
diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.test.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.test.ts
index 1acbb59..864a642 100644
--- a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.test.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.test.ts
@@ -13,7 +13,7 @@ test('should verify Android KeyStore response', async () => {
const expectedChallenge = '4ab7dfd1-a695-4777-985f-ad2993828e99';
jest.spyOn(isoBase64URL, 'fromString').mockReturnValueOnce(expectedChallenge);
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'V51GE29tGbhby7sbg1cZ_qL8V8njqEsXpAnwQBobvgw',
rawId: 'V51GE29tGbhby7sbg1cZ_qL8V8njqEsXpAnwQBobvgw',
response: {
diff --git a/packages/server/src/registration/verifications/verifyAttestationApple.test.ts b/packages/server/src/registration/verifications/verifyAttestationApple.test.ts
index 95be220..a16b264 100644
--- a/packages/server/src/registration/verifications/verifyAttestationApple.test.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationApple.test.ts
@@ -2,7 +2,7 @@ import { verifyRegistrationResponse } from '../verifyRegistrationResponse';
test('should verify Apple attestation', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'J4lAqPXhefDrUD7oh5LQMbBH5TE',
rawId: 'J4lAqPXhefDrUD7oh5LQMbBH5TE',
response: {
diff --git a/packages/server/src/registration/verifications/verifyAttestationPacked.test.ts b/packages/server/src/registration/verifications/verifyAttestationPacked.test.ts
index c99936e..8b93af3 100644
--- a/packages/server/src/registration/verifications/verifyAttestationPacked.test.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationPacked.test.ts
@@ -12,7 +12,7 @@ test('should verify (broken) Packed response from Chrome virtual authenticator',
* This unit test will remain for now in case this issue comes up again.
*/
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: '5Hwc78jGjXrzOS8Mke9KhFZEtX54iYD-UEBKgvMXM64',
rawId: '5Hwc78jGjXrzOS8Mke9KhFZEtX54iYD-UEBKgvMXM64',
response: {
diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts
index 38c538d..850e51e 100644
--- a/packages/server/src/registration/verifyRegistrationResponse.test.ts
+++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts
@@ -43,7 +43,7 @@ afterEach(() => {
test('should verify FIDO U2F attestation', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationFIDOU2F,
+ response: attestationFIDOU2F,
expectedChallenge: attestationFIDOU2FChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -73,7 +73,7 @@ test('should verify FIDO U2F attestation', async () => {
test('should verify Packed (EC2) attestation', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationPacked,
+ response: attestationPacked,
expectedChallenge: attestationPackedChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -97,7 +97,7 @@ test('should verify Packed (EC2) attestation', async () => {
test('should verify Packed (X5C) attestation', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationPackedX5C,
+ response: attestationPackedX5C,
expectedChallenge: attestationPackedX5CChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -121,7 +121,7 @@ test('should verify Packed (X5C) attestation', async () => {
test('should verify None attestation', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -145,7 +145,7 @@ test('should verify None attestation', async () => {
test('should verify None attestation w/RSA public key', async () => {
const expectedChallenge = 'pYZ3VX2yb8dS9yplNxJChiXhPGBk8gZzTAyJ2iU5x1k';
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'kGXv4RJWLeXRw8Yf3T22K3Gq_GGeDv9OKYmAHLm0Ylo',
rawId: 'kGXv4RJWLeXRw8Yf3T22K3Gq_GGeDv9OKYmAHLm0Ylo',
response: {
@@ -179,7 +179,7 @@ test('should verify None attestation w/RSA public key', async () => {
test('should throw when response challenge is not expected value', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: 'shouldhavebeenthisvalue',
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -190,7 +190,7 @@ test('should throw when response challenge is not expected value', async () => {
test('should throw when response origin is not expected value', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://different.address',
expectedRPID: 'dev.dontneeda.pw',
@@ -211,7 +211,7 @@ test('should throw when attestation type is not webauthn.create', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: challenge,
expectedOrigin: origin,
expectedRPID: 'dev.dontneeda.pw',
@@ -230,7 +230,7 @@ test('should throw if an unexpected attestation format is specified', async () =
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -251,7 +251,7 @@ test('should throw error if assertion RP ID is unexpected value', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -269,7 +269,7 @@ test('should throw error if user was not present', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -288,7 +288,7 @@ test('should throw if the authenticator does not give back credential ID', async
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -309,7 +309,7 @@ test('should throw if the authenticator does not give back credential public key
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -324,7 +324,7 @@ test('should throw error if no alg is specified in public key', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -339,7 +339,7 @@ test('should throw error if unsupported alg is used', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -351,7 +351,7 @@ test('should not include authenticator info if not verified', async () => {
mockVerifyFIDOU2F.mockReturnValue(false);
const verification = await verifyRegistrationResponse({
- credential: attestationFIDOU2F,
+ response: attestationFIDOU2F,
expectedChallenge: attestationFIDOU2FChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -373,7 +373,7 @@ test('should throw an error if user verification is required but user was not ve
await expect(
verifyRegistrationResponse({
- credential: attestationFIDOU2F,
+ response: attestationFIDOU2F,
expectedChallenge: attestationFIDOU2FChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -385,7 +385,7 @@ test('should throw an error if user verification is required but user was not ve
test('should validate TPM RSA response (SHA256)', async () => {
const expectedChallenge = '3a07cf85-e7b6-447f-8270-b25433f6018e';
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'lGkWHPe88VpnNYgVBxzon_MRR9-gmgODveQ16uM_bPM',
rawId: 'lGkWHPe88VpnNYgVBxzon_MRR9-gmgODveQ16uM_bPM',
response: {
@@ -420,7 +420,7 @@ test('should validate TPM RSA response (SHA256)', async () => {
test('should validate TPM RSA response (SHA1)', async () => {
const expectedChallenge = 'f4e8d87b-d363-47cc-ab4d-1a84647bf245';
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'oELnad0f6-g2BtzEn_78iLNoubarlq0xFtOtAMXnflU',
rawId: 'oELnad0f6-g2BtzEn_78iLNoubarlq0xFtOtAMXnflU',
response: {
@@ -455,7 +455,7 @@ test('should validate TPM RSA response (SHA1)', async () => {
test('should validate Android-Key response', async () => {
const expectedChallenge = '14e0d1b6-9c36-4849-aeec-ea64676449ef';
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'PPa1spYTB680cQq5q6qBtFuPLLdG1FQ73EastkT8n0o',
rawId: 'PPa1spYTB680cQq5q6qBtFuPLLdG1FQ73EastkT8n0o',
response: {
@@ -489,7 +489,7 @@ test('should validate Android-Key response', async () => {
test('should support multiple possible origins', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: ['https://dev.dontneeda.pw', 'https://different.address'],
expectedRPID: 'dev.dontneeda.pw',
@@ -501,7 +501,7 @@ test('should support multiple possible origins', async () => {
test('should throw an error if origin not in list of expected origins', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: ['https://different.address'],
expectedRPID: 'dev.dontneeda.pw',
@@ -511,7 +511,7 @@ test('should throw an error if origin not in list of expected origins', async ()
test('should support multiple possible RP IDs', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: ['dev.dontneeda.pw', 'simplewebauthn.dev'],
@@ -523,7 +523,7 @@ test('should support multiple possible RP IDs', async () => {
test('should throw an error if RP ID not in list of possible RP IDs', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: ['simplewebauthn.dev'],
@@ -533,7 +533,7 @@ test('should throw an error if RP ID not in list of possible RP IDs', async () =
test('should pass verification if custom challenge verifier returns true', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'AUywDsPYEOoucI3-o-jB1J6Kt6QAxLMa1WwFKj1bNi4pAakWAsZX-pJ4gAeDmocL7SXnl8vzUfLkfrOGIVmds1RhjU1DYIWlxcGhAA',
rawId:
'AUywDsPYEOoucI3-o-jB1J6Kt6QAxLMa1WwFKj1bNi4pAakWAsZX-pJ4gAeDmocL7SXnl8vzUfLkfrOGIVmds1RhjU1DYIWlxcGhAA',
@@ -563,7 +563,7 @@ test('should pass verification if custom challenge verifier returns true', async
test('should fail verification if custom challenge verifier returns false', async () => {
await expect(
verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: (challenge: string) => challenge === 'thisWillneverMatch',
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -573,7 +573,7 @@ test('should fail verification if custom challenge verifier returns false', asyn
test('should return credential backup info', async () => {
const verification = await verifyRegistrationResponse({
- credential: attestationNone,
+ response: attestationNone,
expectedChallenge: attestationNoneChallenge,
expectedOrigin: 'https://dev.dontneeda.pw',
expectedRPID: 'dev.dontneeda.pw',
@@ -585,7 +585,7 @@ test('should return credential backup info', async () => {
test('should return authenticator extension output', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'E_Pko4wN1BXE23S0ftN3eQ',
rawId: 'E_Pko4wN1BXE23S0ftN3eQ',
response: {
@@ -623,7 +623,7 @@ test('should return authenticator extension output', async () => {
test('should verify FIDO U2F attestation that specifies SHA-1 in its leaf cert public key', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: '7wQcUWO9gG6mi2IktoZUogs8opnghY01DPYwaerMZms',
rawId: '7wQcUWO9gG6mi2IktoZUogs8opnghY01DPYwaerMZms',
response: {
@@ -647,7 +647,7 @@ test('should verify FIDO U2F attestation that specifies SHA-1 in its leaf cert p
test('should verify Packed attestation with RSA-PSS SHA-256 public key', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'n_dmFmW9UL7678vS4A3XSQLXvxWjefEkYVzEB5cNc_Q',
rawId: 'n_dmFmW9UL7678vS4A3XSQLXvxWjefEkYVzEB5cNc_Q',
response: {
@@ -671,7 +671,7 @@ test('should verify Packed attestation with RSA-PSS SHA-256 public key', async (
test('should verify Packed attestation with RSA-PSS SHA-384 public key', async () => {
const verification = await verifyRegistrationResponse({
- credential: {
+ response: {
id: 'BCwirFmTkTdTUjVqn_uSy-UOSK-iMBgzpfFunE-Hnb0',
rawId: 'BCwirFmTkTdTUjVqn_uSy-UOSK-iMBgzpfFunE-Hnb0',
response: {
diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts
index 665ef6b..29f6025 100644
--- a/packages/server/src/registration/verifyRegistrationResponse.ts
+++ b/packages/server/src/registration/verifyRegistrationResponse.ts
@@ -30,7 +30,7 @@ import { verifyAttestationAndroidKey } from './verifications/verifyAttestationAn
import { verifyAttestationApple } from './verifications/verifyAttestationApple';
export type VerifyRegistrationResponseOpts = {
- credential: RegistrationResponseJSON;
+ response: RegistrationResponseJSON;
expectedChallenge: string | ((challenge: string) => boolean);
expectedOrigin: string | string[];
expectedRPID?: string | string[];
@@ -43,7 +43,7 @@ export type VerifyRegistrationResponseOpts = {
*
* **Options:**
*
- * @param credential Authenticator credential returned by browser's `startAuthentication()`
+ * @param response Response returned by **@simplewebauthn/browser**'s `startAuthentication()`
* @param expectedChallenge The base64url-encoded `options.challenge` returned by
* `generateRegistrationOptions()`
* @param expectedOrigin Website URL (or array of URLs) that the registration should have occurred on
@@ -57,14 +57,14 @@ export async function verifyRegistrationResponse(
options: VerifyRegistrationResponseOpts,
): Promise<VerifiedRegistrationResponse> {
const {
- credential,
+ response,
expectedChallenge,
expectedOrigin,
expectedRPID,
requireUserVerification = true,
supportedAlgorithmIDs = supportedCOSEAlgorithmIdentifiers,
} = options;
- const { id, rawId, type: credentialType, response } = credential;
+ const { id, rawId, type: responseType, response: attestationResponse } = response;
// Ensure credential specified an ID
if (!id) {
@@ -77,11 +77,11 @@ export async function verifyRegistrationResponse(
}
// Make sure credential type is public-key
- if (credentialType !== 'public-key') {
- throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
+ if (responseType !== 'public-key') {
+ throw new Error(`Unexpected credential type ${responseType}, expected "public-key"`);
}
- const clientDataJSON = decodeClientDataJSON(response.clientDataJSON);
+ const clientDataJSON = decodeClientDataJSON(attestationResponse.clientDataJSON);
const { type, origin, challenge, tokenBinding } = clientDataJSON;
@@ -130,7 +130,7 @@ export async function verifyRegistrationResponse(
}
}
- const attestationObject = isoBase64URL.toBuffer(response.attestationObject);
+ const attestationObject = isoBase64URL.toBuffer(attestationResponse.attestationObject);
const decodedAttestationObject = decodeAttestationObject(attestationObject);
const fmt = decodedAttestationObject.get('fmt');
const authData = decodedAttestationObject.get('authData');
@@ -187,7 +187,7 @@ export async function verifyRegistrationResponse(
throw new Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`);
}
- const clientDataHash = await toHash(isoBase64URL.toBuffer(response.clientDataJSON));
+ const clientDataHash = await toHash(isoBase64URL.toBuffer(attestationResponse.clientDataJSON));
const rootCertificates = SettingsService.getRootCertificates({ identifier: fmt });
// Prepare arguments to pass to the relevant verification method
@@ -241,7 +241,7 @@ export async function verifyRegistrationResponse(
aaguid: convertAAGUIDToString(aaguid),
credentialID,
credentialPublicKey,
- credentialType,
+ credentialType: responseType,
attestationObject,
userVerified: flags.uv,
credentialDeviceType,
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 22:09:31 +0000