diff options
Diffstat (limited to 'packages/server/src/authentication')
| -rw-r--r-- | packages/server/src/authentication/verifyAuthenticationResponse.test.ts | 4 | ||||
| -rw-r--r-- | packages/server/src/authentication/verifyAuthenticationResponse.ts | 8 |
2 files changed, 11 insertions, 1 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts index 30eb9d1..5a760e4 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts @@ -44,6 +44,8 @@ test('should return authenticator info after verification', async () => { expect(verification.authenticationInfo.newCounter).toEqual(144); expect(verification.authenticationInfo.credentialID).toEqual(authenticator.credentialID); + expect(verification.authenticationInfo?.origin).toEqual(assertionOrigin); + expect(verification.authenticationInfo?.rpID).toEqual('dev.dontneeda.pw'); }); test('should throw when response challenge is not expected value', async () => { @@ -224,6 +226,7 @@ test('should support multiple possible origins', async () => { }); expect(verification.verified).toEqual(true); + expect(verification.authenticationInfo?.origin).toEqual(assertionOrigin); }); test('should throw an error if origin not in list of expected origins', async () => { @@ -249,6 +252,7 @@ test('should support multiple possible RP IDs', async () => { }); expect(verification.verified).toEqual(true); + expect(verification.authenticationInfo?.rpID).toEqual('dev.dontneeda.pw'); }); test('should throw an error if RP ID not in list of possible RP IDs', async () => { diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index d95bca5..c9f23ca 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -154,7 +154,7 @@ export async function verifyAuthenticationResponse( expectedRPIDs = expectedRPID; } - await matchExpectedRPID(rpIdHash, expectedRPIDs); + const matchedRPID = await matchExpectedRPID(rpIdHash, expectedRPIDs); if (advancedFIDOConfig !== undefined) { const { userVerification: fidoUserVerification } = advancedFIDOConfig; @@ -215,6 +215,8 @@ export async function verifyAuthenticationResponse( credentialDeviceType, credentialBackedUp, authenticatorExtensionResults: extensionsData, + origin: clientDataJSON.origin, + rpID: matchedRPID, }, }; @@ -236,6 +238,8 @@ export async function verifyAuthenticationResponse( * @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been * backed up. Always `false` for single-device credentials. **Should be kept in a DB for later * reference!** + * @param authenticationInfo.origin The origin of the website that the authentication occurred on + * @param authenticationInfo.rpID The RP ID that the authentication occurred on * @param authenticationInfo?.authenticatorExtensionResults The authenticator extensions returned * by the browser */ @@ -247,6 +251,8 @@ export type VerifiedAuthenticationResponse = { userVerified: boolean; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; + origin: string; + rpID: string; authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; }; }; |