summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.test.ts3
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.ts3
-rw-r--r--packages/server/src/registration/verifyRegistrationResponse.test.ts7
-rw-r--r--packages/server/src/registration/verifyRegistrationResponse.ts3
4 files changed, 16 insertions, 0 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
index 30eb9d1..5547224 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts
@@ -44,6 +44,7 @@ test('should return authenticator info after verification', async () => {
expect(verification.authenticationInfo.newCounter).toEqual(144);
expect(verification.authenticationInfo.credentialID).toEqual(authenticator.credentialID);
+ expect(verification.authenticationInfo?.origin).toEqual(assertionOrigin);
});
test('should throw when response challenge is not expected value', async () => {
@@ -224,6 +225,7 @@ test('should support multiple possible origins', async () => {
});
expect(verification.verified).toEqual(true);
+ expect(verification.authenticationInfo?.origin).toEqual(assertionOrigin);
});
test('should throw an error if origin not in list of expected origins', async () => {
@@ -372,6 +374,7 @@ test('should return credential backup info', async () => {
expect(verification.authenticationInfo?.credentialDeviceType).toEqual('singleDevice');
expect(verification.authenticationInfo?.credentialBackedUp).toEqual(false);
+ expect(verification.authenticationInfo?.origin).toEqual(assertionOrigin);
});
/**
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index d95bca5..bfc5bf5 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -215,6 +215,7 @@ export async function verifyAuthenticationResponse(
credentialDeviceType,
credentialBackedUp,
authenticatorExtensionResults: extensionsData,
+ origin: clientDataJSON.origin,
},
};
@@ -236,6 +237,7 @@ export async function verifyAuthenticationResponse(
* @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
* reference!**
+ * @param authenticationInfo.origin The origin of the website that the authentication occurred on
* @param authenticationInfo?.authenticatorExtensionResults The authenticator extensions returned
* by the browser
*/
@@ -247,6 +249,7 @@ export type VerifiedAuthenticationResponse = {
userVerified: boolean;
credentialDeviceType: CredentialDeviceType;
credentialBackedUp: boolean;
+ origin: string;
authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs;
};
};
diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts
index 9fd8a96..2b973e5 100644
--- a/packages/server/src/registration/verifyRegistrationResponse.test.ts
+++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts
@@ -69,6 +69,7 @@ test('should verify FIDO U2F attestation', async () => {
expect(verification.registrationInfo?.attestationObject).toEqual(
isoBase64URL.toBuffer(attestationFIDOU2F.response.attestationObject),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should verify Packed (EC2) attestation', async () => {
@@ -140,6 +141,7 @@ test('should verify None attestation', async () => {
'AdKXJEch1aV5Wo7bj7qLHskVY4OoNaj9qu8TPdJ7kSAgUeRxWNngXlcNIGt4gexZGKVGcqZpqqWordXb_he1izY',
),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should verify None attestation w/RSA public key', async () => {
@@ -174,6 +176,7 @@ test('should verify None attestation w/RSA public key', async () => {
expect(verification.registrationInfo?.credentialID).toEqual(
isoBase64URL.toBuffer('kGXv4RJWLeXRw8Yf3T22K3Gq_GGeDv9OKYmAHLm0Ylo'),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should throw when response challenge is not expected value', async () => {
@@ -415,6 +418,7 @@ test('should validate TPM RSA response (SHA256)', async () => {
expect(verification.registrationInfo?.credentialID).toEqual(
isoBase64URL.toBuffer('lGkWHPe88VpnNYgVBxzon_MRR9-gmgODveQ16uM_bPM'),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should validate TPM RSA response (SHA1)', async () => {
@@ -450,6 +454,7 @@ test('should validate TPM RSA response (SHA1)', async () => {
expect(verification.registrationInfo?.credentialID).toEqual(
isoBase64URL.toBuffer('oELnad0f6-g2BtzEn_78iLNoubarlq0xFtOtAMXnflU'),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should validate Android-Key response', async () => {
@@ -485,6 +490,7 @@ test('should validate Android-Key response', async () => {
expect(verification.registrationInfo?.credentialID).toEqual(
isoBase64URL.toBuffer('PPa1spYTB680cQq5q6qBtFuPLLdG1FQ73EastkT8n0o'),
);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should support multiple possible origins', async () => {
@@ -496,6 +502,7 @@ test('should support multiple possible origins', async () => {
});
expect(verification.verified).toBe(true);
+ expect(verification.registrationInfo?.origin).toEqual('https://dev.dontneeda.pw');
});
test('should throw an error if origin not in list of expected origins', async () => {
diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts
index 2546813..5a52f6a 100644
--- a/packages/server/src/registration/verifyRegistrationResponse.ts
+++ b/packages/server/src/registration/verifyRegistrationResponse.ts
@@ -246,6 +246,7 @@ export async function verifyRegistrationResponse(
userVerified: flags.uv,
credentialDeviceType,
credentialBackedUp,
+ origin: clientDataJSON.origin,
authenticatorExtensionResults: extensionsData,
};
}
@@ -273,6 +274,7 @@ export async function verifyRegistrationResponse(
* @param registrationInfo.credentialBackedUp Whether or not the multi-device credential has been
* backed up. Always `false` for single-device credentials. **Should be kept in a DB for later
* reference!**
+ * @param registrationInfo.origin The origin of the website that the registration occurred on
* @param registrationInfo?.authenticatorExtensionResults The authenticator extensions returned
* by the browser
*/
@@ -289,6 +291,7 @@ export type VerifiedRegistrationResponse = {
userVerified: boolean;
credentialDeviceType: CredentialDeviceType;
credentialBackedUp: boolean;
+ origin: string;
authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs;
};
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-23 23:33:07 +0000