From 53dd14e4dc21b1d97224f6b8b5f36285ed72283a Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Fri, 22 Jul 2022 15:35:41 +0900 Subject: Fixes to reflect comments - Rename `decodeExtensions` to `decodeAuthenticatorExtensions` - Mention authenticator extension - Include decoding in `parseAuthenticatorData` - Add tests for `decodeAuthenticatorExtensions` --- packages/server/src/helpers/parseAuthenticatorData.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts') diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index 6bf5b9a..e79580b 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -1,5 +1,6 @@ import cbor from 'cbor'; import { decodeCborFirst } from './decodeCbor'; +import decodeAuthenticatorExtensionData, { AuthenticationExtensionsAuthenticatorOutputs } from './decodeAuthenticatorExtensions'; /** * Make sense of the authData buffer contained in an Attestation @@ -52,11 +53,12 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti pointer += firstEncoded.byteLength; } - let extensionsDataBuffer: Buffer | undefined = undefined; + let extensions: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; + if (flags.ed) { const firstDecoded = decodeCborFirst(authData.slice(pointer)); const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer); - extensionsDataBuffer = firstEncoded; + extensions = decodeAuthenticatorExtensionData(firstEncoded); pointer += firstEncoded.byteLength; } @@ -74,7 +76,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti aaguid, credentialID, credentialPublicKey, - extensionsDataBuffer, + extensions, }; } @@ -95,5 +97,5 @@ export type ParsedAuthenticatorData = { aaguid?: Buffer; credentialID?: Buffer; credentialPublicKey?: Buffer; - extensionsDataBuffer?: Buffer; + extensions?: AuthenticationExtensionsAuthenticatorOutputs; }; -- cgit v1.2.3 From 8cc0d0c9fe9c0e5c978d2a09eb17c4760481ec3f Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Fri, 22 Jul 2022 15:44:32 +0900 Subject: Fix for #230 - Change `extensions` to `extensionsData` and add `extensionsDataBuffer` --- .../src/authentication/verifyAuthenticationResponse.test.ts | 2 +- .../src/authentication/verifyAuthenticationResponse.ts | 6 +++--- packages/server/src/helpers/parseAuthenticatorData.test.ts | 6 +++--- packages/server/src/helpers/parseAuthenticatorData.ts | 12 ++++++++---- .../src/registration/verifyRegistrationResponse.test.ts | 2 +- .../server/src/registration/verifyRegistrationResponse.ts | 6 +++--- 6 files changed, 19 insertions(+), 15 deletions(-) (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts') diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts index 5e9d0c1..96cc4b5 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts @@ -336,7 +336,7 @@ test('should return authenticator extension output', async () => { } }); - expect(verification.authenticationInfo?.extensions).toMatchObject({ + expect(verification.authenticationInfo?.extensionsData).toMatchObject({ 'devicePublicKey': { 'dpk': Buffer.from('A5010203262001215820991AABED9DE4271A9EDEAD8806F9DC96D6DCCD0C476253A5510489EC8379BE5B225820A0973CFDEDBB79E27FEF4EE7481673FB3312504DDCA5434CFD23431D6AD29EDA', 'hex'), 'sig': Buffer.from('3045022049526CD28AEF6B4E621A7D5936D2B504952FC0AE2313A4F0357AAFFFAEA964740221009D513ACAEFB0B32C765AAE6FEBA8C294685EFF63FF1CBF11ECF2107AF4FEB8F8', 'hex'), diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index e938834..341835c 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -135,7 +135,7 @@ export default function verifyAuthenticationResponse( const authDataBuffer = base64url.toBuffer(response.authenticatorData); const parsedAuthData = parseAuthenticatorData(authDataBuffer); - const { rpIdHash, flags, counter, extensions } = parsedAuthData; + const { rpIdHash, flags, counter, extensionsData } = parsedAuthData; // Make sure the response's RP ID is ours if (typeof expectedRPID === 'string') { @@ -190,7 +190,7 @@ export default function verifyAuthenticationResponse( credentialID: authenticator.credentialID, credentialDeviceType, credentialBackedUp, - extensions + extensionsData }, }; @@ -220,6 +220,6 @@ export type VerifiedAuthenticationResponse = { newCounter: number; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; - extensions?: AuthenticationExtensionsAuthenticatorOutputs; + extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; }; }; diff --git a/packages/server/src/helpers/parseAuthenticatorData.test.ts b/packages/server/src/helpers/parseAuthenticatorData.test.ts index 29abf64..e199898 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.test.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.test.ts @@ -43,10 +43,10 @@ test('should parse extension data', () => { const parsed = parseAuthenticatorData(authDataWithED); - const { extensions } = parsed; + const { extensionsData } = parsed; - if (extensions) { - expect(extensions).toEqual({ + if (extensionsData) { + expect(extensionsData).toEqual({ 'example.extension': 'This is an example extension! If you read this message, you probably successfully passing conformance tests. Good job!', }); diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index e79580b..439070d 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -53,12 +53,14 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti pointer += firstEncoded.byteLength; } - let extensions: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; + let extensionsData: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; + let extensionsDataBuffer: Buffer | undefined = undefined; if (flags.ed) { const firstDecoded = decodeCborFirst(authData.slice(pointer)); const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer); - extensions = decodeAuthenticatorExtensionData(firstEncoded); + extensionsDataBuffer = firstEncoded; + extensionsData = decodeAuthenticatorExtensionData(extensionsDataBuffer); pointer += firstEncoded.byteLength; } @@ -76,7 +78,8 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti aaguid, credentialID, credentialPublicKey, - extensions, + extensionsData, + extensionsDataBuffer }; } @@ -97,5 +100,6 @@ export type ParsedAuthenticatorData = { aaguid?: Buffer; credentialID?: Buffer; credentialPublicKey?: Buffer; - extensions?: AuthenticationExtensionsAuthenticatorOutputs; + extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; + extensionsDataBuffer?: Buffer; }; diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts index 38896b0..4a966b5 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.test.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts @@ -607,7 +607,7 @@ test('should return authenticator extension output', async () => { expectedRPID: 'try-webauthn.appspot.com', }); - expect(verification.registrationInfo?.extensions).toMatchObject({ + expect(verification.registrationInfo?.extensionsData).toMatchObject({ 'devicePublicKey': { "dpk": Buffer.from('A5010203262001215820991AABED9DE4271A9EDEAD8806F9DC96D6DCCD0C476253A5510489EC8379BE5B225820A0973CFDEDBB79E27FEF4EE7481673FB3312504DDCA5434CFD23431D6AD29EDA', 'hex'), "sig": Buffer.from('3045022100EFB38074BD15B8C82CF09F87FBC6FB3C7169EA4F1806B7E90937374302345B7A02202B7113040731A0E727D338D48542863CE65880AA79E5EA740AC8CCD94347988E', 'hex'), diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts index 4d1796c..2377ea4 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.ts @@ -133,7 +133,7 @@ export default async function verifyRegistrationResponse( const { fmt, authData, attStmt } = decodedAttestationObject; const parsedAuthData = parseAuthenticatorData(authData); - const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey, extensions } = parsedAuthData; + const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey, extensionsData } = parsedAuthData; // Make sure the response's RP ID is ours if (expectedRPID) { @@ -249,7 +249,7 @@ export default async function verifyRegistrationResponse( userVerified: flags.uv, credentialDeviceType, credentialBackedUp, - extensions, + extensionsData, }; } @@ -291,7 +291,7 @@ export type VerifiedRegistrationResponse = { userVerified: boolean; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; - extensions?: AuthenticationExtensionsAuthenticatorOutputs; + extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; }; }; -- cgit v1.2.3 From 32ba282ee26e19625805a08750c8eed063f72214 Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Fri, 22 Jul 2022 23:19:20 +0900 Subject: Rename - `decodeAuthenticatorExtensionData` => `decodeAuthenticatorExtensions` - `exentionsData` => `authenticatorExtensionResults` - Remove test case for malformed extension data --- .../verifyAuthenticationResponse.test.ts | 2 +- .../src/authentication/verifyAuthenticationResponse.ts | 6 +++--- .../src/helpers/decodeAuthenticatorExtensions.test.ts | 9 ++------- .../src/helpers/decodeAuthenticatorExtensions.ts | 2 +- .../server/src/helpers/parseAuthenticatorData.test.ts | 6 +++--- packages/server/src/helpers/parseAuthenticatorData.ts | 18 +++++++++--------- .../registration/verifyRegistrationResponse.test.ts | 2 +- .../src/registration/verifyRegistrationResponse.ts | 14 +++++++++++--- 8 files changed, 31 insertions(+), 28 deletions(-) (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts') diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts index 96cc4b5..dbaa946 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts @@ -336,7 +336,7 @@ test('should return authenticator extension output', async () => { } }); - expect(verification.authenticationInfo?.extensionsData).toMatchObject({ + expect(verification.authenticationInfo?.authenticatorExtensionResults).toMatchObject({ 'devicePublicKey': { 'dpk': Buffer.from('A5010203262001215820991AABED9DE4271A9EDEAD8806F9DC96D6DCCD0C476253A5510489EC8379BE5B225820A0973CFDEDBB79E27FEF4EE7481673FB3312504DDCA5434CFD23431D6AD29EDA', 'hex'), 'sig': Buffer.from('3045022049526CD28AEF6B4E621A7D5936D2B504952FC0AE2313A4F0357AAFFFAEA964740221009D513ACAEFB0B32C765AAE6FEBA8C294685EFF63FF1CBF11ECF2107AF4FEB8F8', 'hex'), diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index 341835c..8ee7f85 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -135,7 +135,7 @@ export default function verifyAuthenticationResponse( const authDataBuffer = base64url.toBuffer(response.authenticatorData); const parsedAuthData = parseAuthenticatorData(authDataBuffer); - const { rpIdHash, flags, counter, extensionsData } = parsedAuthData; + const { rpIdHash, flags, counter, authenticatorExtensionResults } = parsedAuthData; // Make sure the response's RP ID is ours if (typeof expectedRPID === 'string') { @@ -190,7 +190,7 @@ export default function verifyAuthenticationResponse( credentialID: authenticator.credentialID, credentialDeviceType, credentialBackedUp, - extensionsData + authenticatorExtensionResults }, }; @@ -220,6 +220,6 @@ export type VerifiedAuthenticationResponse = { newCounter: number; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; - extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; + authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; }; }; diff --git a/packages/server/src/helpers/decodeAuthenticatorExtensions.test.ts b/packages/server/src/helpers/decodeAuthenticatorExtensions.test.ts index b6af487..5c184a8 100644 --- a/packages/server/src/helpers/decodeAuthenticatorExtensions.test.ts +++ b/packages/server/src/helpers/decodeAuthenticatorExtensions.test.ts @@ -1,7 +1,7 @@ -import decodeAuthenticatorExtensionData from "./decodeAuthenticatorExtensions"; +import { decodeAuthenticatorExtensions } from "./decodeAuthenticatorExtensions"; test('should decode authenticator extensions', () => { - const extensions = decodeAuthenticatorExtensionData(Buffer.from( + const extensions = decodeAuthenticatorExtensions(Buffer.from( 'A16F6465766963655075626C69634B6579A56364706B584DA5010203262001215820991A' + 'ABED9DE4271A9EDEAD8806F9DC96D6DCCD0C476253A5510489EC8379BE5B225820A0973C' + 'FDEDBB79E27FEF4EE7481673FB3312504DDCA5434CFD23431D6AD29EDA63736967584730' + @@ -20,8 +20,3 @@ test('should decode authenticator extensions', () => { } }) }); - -test('should return undefined decoding authenticator extensions', () => { - const extensions = decodeAuthenticatorExtensionData(Buffer.from('A16F')); - expect(extensions).toEqual(undefined); -}); diff --git a/packages/server/src/helpers/decodeAuthenticatorExtensions.ts b/packages/server/src/helpers/decodeAuthenticatorExtensions.ts index 41a907d..a0dc5c2 100644 --- a/packages/server/src/helpers/decodeAuthenticatorExtensions.ts +++ b/packages/server/src/helpers/decodeAuthenticatorExtensions.ts @@ -5,7 +5,7 @@ import cbor from 'cbor'; * * @param extensionData Authenticator Extension Data buffer */ -export default function decodeAuthenticatorExtensionData( +export function decodeAuthenticatorExtensions( extensionData: Buffer ): AuthenticationExtensionsAuthenticatorOutputs | undefined { let toCBOR: AuthenticationExtensionsAuthenticatorOutputs | undefined; diff --git a/packages/server/src/helpers/parseAuthenticatorData.test.ts b/packages/server/src/helpers/parseAuthenticatorData.test.ts index e199898..bc86969 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.test.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.test.ts @@ -43,10 +43,10 @@ test('should parse extension data', () => { const parsed = parseAuthenticatorData(authDataWithED); - const { extensionsData } = parsed; + const { authenticatorExtensionResults } = parsed; - if (extensionsData) { - expect(extensionsData).toEqual({ + if (authenticatorExtensionResults) { + expect(authenticatorExtensionResults).toEqual({ 'example.extension': 'This is an example extension! If you read this message, you probably successfully passing conformance tests. Good job!', }); diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index 439070d..c092e68 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -1,6 +1,6 @@ import cbor from 'cbor'; import { decodeCborFirst } from './decodeCbor'; -import decodeAuthenticatorExtensionData, { AuthenticationExtensionsAuthenticatorOutputs } from './decodeAuthenticatorExtensions'; +import { decodeAuthenticatorExtensions, AuthenticationExtensionsAuthenticatorOutputs } from './decodeAuthenticatorExtensions'; /** * Make sense of the authData buffer contained in an Attestation @@ -53,14 +53,14 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti pointer += firstEncoded.byteLength; } - let extensionsData: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; - let extensionsDataBuffer: Buffer | undefined = undefined; + let authenticatorExtensionResults: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; + let authenticatorExtensionsDataBuffer: Buffer | undefined = undefined; if (flags.ed) { const firstDecoded = decodeCborFirst(authData.slice(pointer)); const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer); - extensionsDataBuffer = firstEncoded; - extensionsData = decodeAuthenticatorExtensionData(extensionsDataBuffer); + authenticatorExtensionsDataBuffer = firstEncoded; + authenticatorExtensionResults = decodeAuthenticatorExtensions(authenticatorExtensionsDataBuffer); pointer += firstEncoded.byteLength; } @@ -78,8 +78,8 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti aaguid, credentialID, credentialPublicKey, - extensionsData, - extensionsDataBuffer + authenticatorExtensionResults, + authenticatorExtensionsDataBuffer }; } @@ -100,6 +100,6 @@ export type ParsedAuthenticatorData = { aaguid?: Buffer; credentialID?: Buffer; credentialPublicKey?: Buffer; - extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; - extensionsDataBuffer?: Buffer; + authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; + authenticatorExtensionsDataBuffer?: Buffer; }; diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts index 4a966b5..d4c4f20 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.test.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts @@ -607,7 +607,7 @@ test('should return authenticator extension output', async () => { expectedRPID: 'try-webauthn.appspot.com', }); - expect(verification.registrationInfo?.extensionsData).toMatchObject({ + expect(verification.registrationInfo?.authenticatorExtensionResults).toMatchObject({ 'devicePublicKey': { "dpk": Buffer.from('A5010203262001215820991AABED9DE4271A9EDEAD8806F9DC96D6DCCD0C476253A5510489EC8379BE5B225820A0973CFDEDBB79E27FEF4EE7481673FB3312504DDCA5434CFD23431D6AD29EDA', 'hex'), "sig": Buffer.from('3045022100EFB38074BD15B8C82CF09F87FBC6FB3C7169EA4F1806B7E90937374302345B7A02202B7113040731A0E727D338D48542863CE65880AA79E5EA740AC8CCD94347988E', 'hex'), diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts index 2377ea4..78228ef 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.ts @@ -133,7 +133,15 @@ export default async function verifyRegistrationResponse( const { fmt, authData, attStmt } = decodedAttestationObject; const parsedAuthData = parseAuthenticatorData(authData); - const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey, extensionsData } = parsedAuthData; + const { + aaguid, + rpIdHash, + flags, + credentialID, + counter, + credentialPublicKey, + authenticatorExtensionResults + } = parsedAuthData; // Make sure the response's RP ID is ours if (expectedRPID) { @@ -249,7 +257,7 @@ export default async function verifyRegistrationResponse( userVerified: flags.uv, credentialDeviceType, credentialBackedUp, - extensionsData, + authenticatorExtensionResults, }; } @@ -291,7 +299,7 @@ export type VerifiedRegistrationResponse = { userVerified: boolean; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; - extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; + authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; }; }; -- cgit v1.2.3 From c532f52e265ab272762f872f70346ce2f66f0199 Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Sat, 23 Jul 2022 00:58:27 +0900 Subject: Revert - `authenticatorExtensionResults` => `extensionsData` - `authenticatorExtensionsDataBuffer` => `extensionsDataBuffer` --- .../src/authentication/verifyAuthenticationResponse.ts | 6 ++++-- .../server/src/helpers/parseAuthenticatorData.test.ts | 6 +++--- packages/server/src/helpers/parseAuthenticatorData.ts | 16 ++++++++-------- .../src/registration/verifyRegistrationResponse.ts | 7 ++++--- 4 files changed, 19 insertions(+), 16 deletions(-) (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts') diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index 8ee7f85..ebc1dca 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -135,7 +135,7 @@ export default function verifyAuthenticationResponse( const authDataBuffer = base64url.toBuffer(response.authenticatorData); const parsedAuthData = parseAuthenticatorData(authDataBuffer); - const { rpIdHash, flags, counter, authenticatorExtensionResults } = parsedAuthData; + const { rpIdHash, flags, counter, extensionsData } = parsedAuthData; // Make sure the response's RP ID is ours if (typeof expectedRPID === 'string') { @@ -190,7 +190,7 @@ export default function verifyAuthenticationResponse( credentialID: authenticator.credentialID, credentialDeviceType, credentialBackedUp, - authenticatorExtensionResults + authenticatorExtensionResults: extensionsData, }, }; @@ -212,6 +212,8 @@ export default function verifyAuthenticationResponse( * @param authenticationInfo.credentialBackedUp Whether or not the multi-device credential has been * backed up. Always `false` for single-device credentials. **Should be kept in a DB for later * reference!** + * @param authenticationInfo?.authenticatorExtensionResults The authenticator extensions returned + * by the browser */ export type VerifiedAuthenticationResponse = { verified: boolean; diff --git a/packages/server/src/helpers/parseAuthenticatorData.test.ts b/packages/server/src/helpers/parseAuthenticatorData.test.ts index bc86969..e199898 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.test.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.test.ts @@ -43,10 +43,10 @@ test('should parse extension data', () => { const parsed = parseAuthenticatorData(authDataWithED); - const { authenticatorExtensionResults } = parsed; + const { extensionsData } = parsed; - if (authenticatorExtensionResults) { - expect(authenticatorExtensionResults).toEqual({ + if (extensionsData) { + expect(extensionsData).toEqual({ 'example.extension': 'This is an example extension! If you read this message, you probably successfully passing conformance tests. Good job!', }); diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index c092e68..199513a 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -53,14 +53,14 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti pointer += firstEncoded.byteLength; } - let authenticatorExtensionResults: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; - let authenticatorExtensionsDataBuffer: Buffer | undefined = undefined; + let extensionsData: AuthenticationExtensionsAuthenticatorOutputs | undefined = undefined; + let extensionsDataBuffer: Buffer | undefined = undefined; if (flags.ed) { const firstDecoded = decodeCborFirst(authData.slice(pointer)); const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer); - authenticatorExtensionsDataBuffer = firstEncoded; - authenticatorExtensionResults = decodeAuthenticatorExtensions(authenticatorExtensionsDataBuffer); + extensionsDataBuffer = firstEncoded; + extensionsData = decodeAuthenticatorExtensions(extensionsDataBuffer); pointer += firstEncoded.byteLength; } @@ -78,8 +78,8 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti aaguid, credentialID, credentialPublicKey, - authenticatorExtensionResults, - authenticatorExtensionsDataBuffer + extensionsData, + extensionsDataBuffer, }; } @@ -100,6 +100,6 @@ export type ParsedAuthenticatorData = { aaguid?: Buffer; credentialID?: Buffer; credentialPublicKey?: Buffer; - authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; - authenticatorExtensionsDataBuffer?: Buffer; + extensionsData?: AuthenticationExtensionsAuthenticatorOutputs; + extensionsDataBuffer?: Buffer; }; diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts index 78228ef..8829db1 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.ts @@ -140,7 +140,7 @@ export default async function verifyRegistrationResponse( credentialID, counter, credentialPublicKey, - authenticatorExtensionResults + extensionsData, } = parsedAuthData; // Make sure the response's RP ID is ours @@ -257,7 +257,7 @@ export default async function verifyRegistrationResponse( userVerified: flags.uv, credentialDeviceType, credentialBackedUp, - authenticatorExtensionResults, + authenticatorExtensionResults: extensionsData, }; } @@ -284,7 +284,8 @@ export default async function verifyRegistrationResponse( * @param registrationInfo.credentialBackedUp Whether or not the multi-device credential has been * backed up. Always `false` for single-device credentials. **Should be kept in a DB for later * reference!** - * @param registrationInfo?.extensions The extensions returned by the browser + * @param registrationInfo?.authenticatorExtensionResults The authenticator extensions returned + * by the browser */ export type VerifiedRegistrationResponse = { verified: boolean; -- cgit v1.2.3