From 2c51287bec3592ebf7d40d886c41da8fb51cbc21 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 20 May 2020 08:44:12 -0700 Subject: Initialize lerna project and move code to `server` --- .../src/assertion/verifyAssertionResponse.test.ts | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 packages/server/src/assertion/verifyAssertionResponse.test.ts (limited to 'packages/server/src/assertion/verifyAssertionResponse.test.ts') diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts new file mode 100644 index 0000000..ba76943 --- /dev/null +++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts @@ -0,0 +1,25 @@ +import verifyAssertionResponse from './verifyAssertionResponse'; + +test('', () => { + const verification = verifyAssertionResponse( + { + base64AuthenticatorData: 'PdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KABAAAAhw', + base64ClientDataJSON: 'eyJjaGFsbGVuZ2UiOiJXRzVRU21RM1oyOTROR2gyTVROUk56WnViVmhMTlZZMWMwOHRP' + + 'V3BLVG5JIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoi' + + 'aHR0cHM6Ly9kZXYuZG9udG5lZWRhLnB3IiwidHlwZSI6IndlYmF1dGhuLmdldCJ9', + base64Signature: 'MEQCIHZYFY3LsKzI0T9XRwEACl7YsYZysZ2HUw3q9f7tlq3wAiBNbyBbQMNM56P6Z00tBEZ6v' + + 'II4f9Al-p4pZw7OBpSaog', + userHandle: null, + }, + 'https://dev.dontneeda.pw', + { + base64PublicKey: 'BBMQEnZRfg4ASys9kfGUj99Xlsa028wqYJZw8xuGahPQJWN3K9D9DajLxzKlY7uf_ulA5D6gh' + + 'UJ9hrouDX84S_I', + base64CredentialID: 'wJZRtQbYjKlpiRnzet7yyVizdsj_oUhi11kFbKyO0hc5gIg-4xeaTC9YC9y9sfow6gO3jE' + + 'MoONBKNX4SmSclmQ', + counter: 134, + }, + ); + + expect(verification.verified).toEqual(true); +}); -- cgit v1.2.3 From c5cfaf6d3375c21d1bc32a8cbc943665b58a3c1b Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 21 May 2020 11:55:22 -0700 Subject: Remove null userHandle from server test --- packages/server/src/assertion/verifyAssertionResponse.test.ts | 1 - 1 file changed, 1 deletion(-) (limited to 'packages/server/src/assertion/verifyAssertionResponse.test.ts') diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts index ba76943..04adc5c 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.test.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts @@ -9,7 +9,6 @@ test('', () => { 'aHR0cHM6Ly9kZXYuZG9udG5lZWRhLnB3IiwidHlwZSI6IndlYmF1dGhuLmdldCJ9', base64Signature: 'MEQCIHZYFY3LsKzI0T9XRwEACl7YsYZysZ2HUw3q9f7tlq3wAiBNbyBbQMNM56P6Z00tBEZ6v' + 'II4f9Al-p4pZw7OBpSaog', - userHandle: null, }, 'https://dev.dontneeda.pw', { -- cgit v1.2.3 From 26846168b4d64b1be098c22a825a6e1b80fce48a Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 21 May 2020 16:23:47 -0700 Subject: Finish testing verifyAssertionResponse --- .../src/assertion/verifyAssertionResponse.test.ts | 119 ++++++++++++++++++--- 1 file changed, 103 insertions(+), 16 deletions(-) (limited to 'packages/server/src/assertion/verifyAssertionResponse.test.ts') diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts index 04adc5c..ffd05f5 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.test.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts @@ -1,24 +1,111 @@ import verifyAssertionResponse from './verifyAssertionResponse'; -test('', () => { +import * as decodeClientDataJSON from '../helpers/decodeClientDataJSON'; +import * as parseAssertionAuthData from './parseAssertionAuthData'; + +let mockDecodeClientData: jest.SpyInstance; +let mockParseAuthData: jest.SpyInstance; + +beforeEach(() => { + mockDecodeClientData = jest.spyOn(decodeClientDataJSON, 'default'); + mockParseAuthData = jest.spyOn(parseAssertionAuthData, 'default'); +}); + +afterEach(() => { + mockDecodeClientData.mockRestore(); + mockParseAuthData.mockRestore(); +}); + +test('should verify an assertion response', () => { const verification = verifyAssertionResponse( - { - base64AuthenticatorData: 'PdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KABAAAAhw', - base64ClientDataJSON: 'eyJjaGFsbGVuZ2UiOiJXRzVRU21RM1oyOTROR2gyTVROUk56WnViVmhMTlZZMWMwOHRP' + - 'V3BLVG5JIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoi' + - 'aHR0cHM6Ly9kZXYuZG9udG5lZWRhLnB3IiwidHlwZSI6IndlYmF1dGhuLmdldCJ9', - base64Signature: 'MEQCIHZYFY3LsKzI0T9XRwEACl7YsYZysZ2HUw3q9f7tlq3wAiBNbyBbQMNM56P6Z00tBEZ6v' + - 'II4f9Al-p4pZw7OBpSaog', - }, + assertionResponse, 'https://dev.dontneeda.pw', - { - base64PublicKey: 'BBMQEnZRfg4ASys9kfGUj99Xlsa028wqYJZw8xuGahPQJWN3K9D9DajLxzKlY7uf_ulA5D6gh' + - 'UJ9hrouDX84S_I', - base64CredentialID: 'wJZRtQbYjKlpiRnzet7yyVizdsj_oUhi11kFbKyO0hc5gIg-4xeaTC9YC9y9sfow6gO3jE' + - 'MoONBKNX4SmSclmQ', - counter: 134, - }, + authenticator, ); expect(verification.verified).toEqual(true); }); + +test('should throw when response origin is not expected value', () => { + expect(() => { + verifyAssertionResponse( + assertionResponse, + 'https://different.address', + authenticator, + ); + }).toThrow('Assertion origin was an unexpected value'); +}); + +test('should throw when assertion type is not webauthn.create', () => { + // @ts-ignore 2345 + mockDecodeClientData.mockReturnValue({ + origin: assertionOrigin, + type: 'webauthn.badtype', + }); + + expect(() => { + verifyAssertionResponse( + assertionResponse, + assertionOrigin, + authenticator, + ); + }).toThrow('Assertion type was an unexpected value'); +}); + +test('should throw error if user was not present', () => { + mockParseAuthData.mockReturnValue({ + flags: 0, + }); + + expect(() => { + verifyAssertionResponse( + assertionResponse, + assertionOrigin, + authenticator, + ); + }).toThrow('User was NOT present during assertion!'); +}); + +test('should throw error if previous counter value is not less than in response', () => { + // This'll match the `counter` value in `assertionResponse`, simulating a potential replay attack + const badCounter = 135; + const badDevice = { + ...authenticator, + counter: badCounter, + }; + + expect(() => { + verifyAssertionResponse( + assertionResponse, + assertionOrigin, + badDevice, + ); + }).toThrow(`Counter in response did not increment from ${badCounter}`); +}); + +/** + * parsed authData: { + * rpIdHash: , + * flagsBuf: , + * flags: 1, + * counter: 135, + * counterBuf: + * } + */ +const assertionResponse = { + base64AuthenticatorData: 'PdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KABAAAAhw', + base64ClientDataJSON: 'eyJjaGFsbGVuZ2UiOiJXRzVRU21RM1oyOTROR2gyTVROUk56WnViVmhMTlZZMWMwOHRP' + + 'V3BLVG5JIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoi' + + 'aHR0cHM6Ly9kZXYuZG9udG5lZWRhLnB3IiwidHlwZSI6IndlYmF1dGhuLmdldCJ9', + base64Signature: 'MEQCIHZYFY3LsKzI0T9XRwEACl7YsYZysZ2HUw3q9f7tlq3wAiBNbyBbQMNM56P6Z00tBEZ6v' + + 'II4f9Al-p4pZw7OBpSaog', +}; +const assertionOrigin = 'https://dev.dontneeda.pw'; + +const authenticator = { + base64PublicKey: 'BBMQEnZRfg4ASys9kfGUj99Xlsa028wqYJZw8xuGahPQJWN3K9D9DajLxzKlY7uf_ulA5D6gh' + + 'UJ9hrouDX84S_I', + base64CredentialID: 'wJZRtQbYjKlpiRnzet7yyVizdsj_oUhi11kFbKyO0hc5gIg-4xeaTC9YC9y9sfow6gO3jE' + + 'MoONBKNX4SmSclmQ', + counter: 134, +}; -- cgit v1.2.3 From a7a3b488e9604014b370363a80e3e2f6f1e7ca21 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 21 May 2020 17:17:07 -0700 Subject: Update throw tests in server --- packages/server/src/assertion/verifyAssertionResponse.test.ts | 8 ++++---- packages/server/src/attestation/verifyAttestationResponse.test.ts | 6 +++--- packages/server/src/setupTests.ts | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) (limited to 'packages/server/src/assertion/verifyAssertionResponse.test.ts') diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts index ffd05f5..9e5b083 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.test.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts @@ -33,7 +33,7 @@ test('should throw when response origin is not expected value', () => { 'https://different.address', authenticator, ); - }).toThrow('Assertion origin was an unexpected value'); + }).toThrow(); }); test('should throw when assertion type is not webauthn.create', () => { @@ -49,7 +49,7 @@ test('should throw when assertion type is not webauthn.create', () => { assertionOrigin, authenticator, ); - }).toThrow('Assertion type was an unexpected value'); + }).toThrow(); }); test('should throw error if user was not present', () => { @@ -63,7 +63,7 @@ test('should throw error if user was not present', () => { assertionOrigin, authenticator, ); - }).toThrow('User was NOT present during assertion!'); + }).toThrow(); }); test('should throw error if previous counter value is not less than in response', () => { @@ -80,7 +80,7 @@ test('should throw error if previous counter value is not less than in response' assertionOrigin, badDevice, ); - }).toThrow(`Counter in response did not increment from ${badCounter}`); + }).toThrow(); }); /** diff --git a/packages/server/src/attestation/verifyAttestationResponse.test.ts b/packages/server/src/attestation/verifyAttestationResponse.test.ts index 16763ce..2b314cf 100644 --- a/packages/server/src/attestation/verifyAttestationResponse.test.ts +++ b/packages/server/src/attestation/verifyAttestationResponse.test.ts @@ -91,7 +91,7 @@ test('should throw when response origin is not expected value', () => { attestationNone, 'https://different.address' ); - }).toThrow('Attestation origin was an unexpected value'); + }).toThrow(); }); test('should throw when attestation type is not webauthn.create', () => { @@ -105,7 +105,7 @@ test('should throw when attestation type is not webauthn.create', () => { attestationNone, origin, ); - }).toThrow('Attestation type was an unexpected value'); + }).toThrow(); }); test('should throw if an unexpected attestation format is specified', () => { @@ -121,7 +121,7 @@ test('should throw if an unexpected attestation format is specified', () => { attestationNone, 'https://dev.dontneeda.pw', ); - }).toThrow(`Unsupported Attestation Format: ${fmt}`); + }).toThrow(); }); const attestationFIDOU2F = { diff --git a/packages/server/src/setupTests.ts b/packages/server/src/setupTests.ts index d515122..103e5fa 100644 --- a/packages/server/src/setupTests.ts +++ b/packages/server/src/setupTests.ts @@ -1,4 +1,4 @@ // Silence some console output -jest.spyOn(console, 'log').mockImplementation(); -jest.spyOn(console, 'debug').mockImplementation(); -jest.spyOn(console, 'error').mockImplementation(); +// jest.spyOn(console, 'log').mockImplementation(); +// jest.spyOn(console, 'debug').mockImplementation(); +// jest.spyOn(console, 'error').mockImplementation(); -- cgit v1.2.3