summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/authentication/verifyAuthenticationResponse.test.ts')
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.test.ts109
1 files changed, 109 insertions, 0 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
index ecd3c24..8a5b2fa 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
@@ -372,6 +372,115 @@ test('should return credential backup info', async () => {
expect(verification.authenticationInfo?.credentialBackedUp).toEqual(false);
});
+test('[FIDO Conformance] should verify if user verification is required and user was verified but not present', () => {
+ const actualData = esmParseAuthenticatorData.parseAuthenticatorData(
+ base64url.toBuffer(assertionResponse.response.authenticatorData),
+ );
+
+ mockParseAuthData.mockReturnValue({
+ ...actualData,
+ flags: {
+ up: false,
+ uv: true,
+ },
+ });
+
+ const verification = verifyAuthenticationResponse({
+ credential: assertionResponse,
+ expectedChallenge: assertionChallenge,
+ expectedOrigin: assertionOrigin,
+ expectedRPID: 'dev.dontneeda.pw',
+ authenticator: authenticator,
+ advancedFIDOConfig: {
+ userVerification: 'required',
+ }
+ });
+
+ expect(verification.verified).toEqual(true);
+});
+
+test('[FIDO Conformance] should verify if user verification is preferred and user was not verified or present', () => {
+ const actualData = esmParseAuthenticatorData.parseAuthenticatorData(
+ base64url.toBuffer(assertionResponse.response.authenticatorData),
+ );
+
+ mockParseAuthData.mockReturnValue({
+ ...actualData,
+ flags: {
+ up: false,
+ uv: false,
+ },
+ });
+
+ const verification = verifyAuthenticationResponse({
+ credential: assertionResponse,
+ expectedChallenge: assertionChallenge,
+ expectedOrigin: assertionOrigin,
+ expectedRPID: 'dev.dontneeda.pw',
+ authenticator: authenticator,
+ requireUserVerification: false,
+ advancedFIDOConfig: {
+ userVerification: 'preferred',
+ },
+ });
+
+ expect(verification.verified).toEqual(true);
+});
+
+test('[FIDO Conformance] should verify if user verification is discouraged and user was verified but not present', () => {
+ const actualData = esmParseAuthenticatorData.parseAuthenticatorData(
+ base64url.toBuffer(assertionResponse.response.authenticatorData),
+ );
+
+ mockParseAuthData.mockReturnValue({
+ ...actualData,
+ flags: {
+ up: false,
+ uv: true,
+ },
+ });
+
+ const verification = verifyAuthenticationResponse({
+ credential: assertionResponse,
+ expectedChallenge: assertionChallenge,
+ expectedOrigin: assertionOrigin,
+ expectedRPID: 'dev.dontneeda.pw',
+ authenticator: authenticator,
+ advancedFIDOConfig: {
+ userVerification: 'discouraged',
+ },
+ });
+
+ expect(verification.verified).toEqual(true);
+});
+
+test('[FIDO Conformance] should verify if user verification is discouraged and user was not verified or present', () => {
+ const actualData = esmParseAuthenticatorData.parseAuthenticatorData(
+ base64url.toBuffer(assertionResponse.response.authenticatorData),
+ );
+
+ mockParseAuthData.mockReturnValue({
+ ...actualData,
+ flags: {
+ up: false,
+ uv: false,
+ },
+ });
+
+ const verification = verifyAuthenticationResponse({
+ credential: assertionResponse,
+ expectedChallenge: assertionChallenge,
+ expectedOrigin: assertionOrigin,
+ expectedRPID: 'dev.dontneeda.pw',
+ authenticator: authenticator,
+ advancedFIDOConfig: {
+ userVerification: 'discouraged',
+ },
+ });
+
+ expect(verification.verified).toEqual(true);
+});
+
/**
* Assertion examples below
*/
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-24 22:44:00 +0000