Update tests for webauthn_json_mapping.

2022-08-10 15:43:58 +02:00 · 2022-08-10 15:43:58 +02:00 · 709599f98c
parent 8debc41942
commit 709599f98c
5 changed files with 169 additions and 17 deletions
--- a/tests/init.py
+++ b/tests/init.py
@ -0,0 +1,3 @@
+import fido2.features
+
+fido2.features.webauthn_json_mapping.enabled = True
--- a/tests/test_client.py
+++ b/tests/test_client.py
@ -30,7 +30,7 @@
 import unittest
 from unittest import mock
 from fido2 import cbor
-from fido2.utils import sha256
+from fido2.utils import sha256, websafe_encode
 from fido2.hid import CAPABILITY
 from fido2.ctap import CtapError
 from fido2.ctap1 import RegistrationData
@ -42,6 +42,7 @@ from fido2.webauthn import (
    CollectedClientData,
 )

+
 APP_ID = "https://foo.example.com"
 REG_DATA = RegistrationData(
    bytes.fromhex(
@ -50,7 +51,7 @@ REG_DATA = RegistrationData(
 )

 rp = {"id": "example.com", "name": "Example RP"}
-user = {"id": b"user_id", "name": "A. User"}
+user = {"id": websafe_encode(b"user_id"), "name": "A. User"}
 challenge = b"Y2hhbGxlbmdl"
 _INFO_NO_PIN = bytes.fromhex(
    "a60182665532465f5632684649444f5f325f3002826375766d6b686d61632d7365637265740350f8a011f38c0a4d15800617111f9edc7d04a462726bf5627570f564706c6174f469636c69656e7450696ef4051904b0068101"  # noqa E501
--- a/tests/test_server.py
+++ b/tests/test_server.py
@ -8,6 +8,7 @@ from fido2.webauthn import (
    AttestedCredentialData,
    AuthenticatorData,
 )
+from fido2.utils import websafe_encode

 from .test_ctap2 import _ATT_CRED_DATA, _CRED_ID
 from .utils import U2FDevice
@ -95,7 +96,7 @@ class TestFido2Server(unittest.TestCase):
        challenge = b"1234567890123456"
        request, state = server.register_begin(USER, challenge=challenge)

-        self.assertEqual(request["publicKey"]["challenge"], challenge)
+        self.assertEqual(request["publicKey"]["challenge"], websafe_encode(challenge))

    def test_register_begin_custom_challenge_too_short(self):
        rp = PublicKeyCredentialRpEntity("Example", "example.com")
--- a/tests/test_webauthn.py
+++ b/tests/test_webauthn.py
@ -37,8 +37,10 @@ from fido2.webauthn import (
    PublicKeyCredentialCreationOptions,
    PublicKeyCredentialRequestOptions,
 )
+from fido2.utils import websafe_encode

 import unittest
+import json


 class TestAaguid(unittest.TestCase):
@ -183,7 +185,12 @@ class TestWebAuthnDataTypes(unittest.TestCase):
    def test_user_entity(self):
        o = PublicKeyCredentialUserEntity("Example", b"user", display_name="Display")
        self.assertEqual(
-            o, {"id": b"user", "name": "Example", "displayName": "Display"}
+            o,
+            {
+                "id": websafe_encode(b"user"),
+                "name": "Example",
+                "displayName": "Display",
+            },
        )
        self.assertEqual(o.id, b"user")
        self.assertEqual(o.name, "Example")
@ -212,7 +219,9 @@ class TestWebAuthnDataTypes(unittest.TestCase):

    def test_descriptor(self):
        o = PublicKeyCredentialDescriptor("public-key", b"credential_id")
-        self.assertEqual(o, {"type": "public-key", "id": b"credential_id"})
+        self.assertEqual(
+            o, {"type": "public-key", "id": websafe_encode(b"credential_id")}
+        )
        self.assertEqual(o.type, "public-key")
        self.assertEqual(o.id, b"credential_id")
        self.assertIsNone(o.transports)
@ -224,7 +233,7 @@ class TestWebAuthnDataTypes(unittest.TestCase):
            o,
            {
                "type": "public-key",
-                "id": b"credential_id",
+                "id": websafe_encode(b"credential_id"),
                "transports": ["usb", "nfc"],
            },
        )
@ -243,12 +252,12 @@ class TestWebAuthnDataTypes(unittest.TestCase):

    def test_creation_options(self):
        o = PublicKeyCredentialCreationOptions(
-            {"id": "example.com", "name": "Example"},
-            {"id": b"user_id", "name": "A. User"},
+            PublicKeyCredentialRpEntity(id="example.com", name="Example"),
+            PublicKeyCredentialUserEntity(id=b"user_id", name="A. User"),
            b"request_challenge",
            [{"type": "public-key", "alg": -7}],
            10000,
-            [{"type": "public-key", "id": b"credential_id"}],
+            [{"type": "public-key", "id": websafe_encode(b"credential_id")}],
            {
                "authenticatorAttachment": "platform",
                "residentKey": "required",
@ -257,15 +266,23 @@ class TestWebAuthnDataTypes(unittest.TestCase):
            "direct",
        )
        self.assertEqual(o.rp, {"id": "example.com", "name": "Example"})
-        self.assertEqual(o.user, {"id": b"user_id", "name": "A. User"})
+        self.assertEqual(o.user, {"id": websafe_encode(b"user_id"), "name": "A. User"})
        self.assertIsNone(o.extensions)

-        o = PublicKeyCredentialCreationOptions(
-            {"id": "example.com", "name": "Example"},
-            {"id": b"user_id", "name": "A. User"},
-            b"request_challenge",
-            [{"type": "public-key", "alg": -7}],
+        js = json.dumps(dict(o))
+        o2 = PublicKeyCredentialCreationOptions.from_dict(json.loads(js))
+        self.assertEqual(o, o2)
+
+        o = PublicKeyCredentialCreationOptions.from_dict(
+            {
+                "rp": {"id": "example.com", "name": "Example"},
+                "user": {"id": websafe_encode(b"user_id"), "name": "A. User"},
+                "challenge": websafe_encode(b"request_challenge"),
+                "pubKeyCredParams": [{"type": "public-key", "alg": -7}],
+            }
        )
+        self.assertEqual(o.user.id, b"user_id")
+        self.assertEqual(o.challenge, b"request_challenge"),
        self.assertIsNone(o.timeout)
        self.assertIsNone(o.authenticator_selection)
        self.assertIsNone(o.attestation)
@ -273,19 +290,24 @@ class TestWebAuthnDataTypes(unittest.TestCase):
        self.assertIsNone(
            PublicKeyCredentialCreationOptions(
                {"id": "example.com", "name": "Example"},
-                {"id": b"user_id", "name": "A. User"},
+                {"id": websafe_encode(b"user_id"), "name": "A. User"},
                b"request_challenge",
                [{"type": "public-key", "alg": -7}],
                attestation="invalid",
            ).attestation
        )

+        js = json.dumps(dict(o))
+        o2 = PublicKeyCredentialCreationOptions.from_dict(json.loads(js))
+
+        self.assertEqual(o, o2)
+
    def test_request_options(self):
        o = PublicKeyCredentialRequestOptions(
            b"request_challenge",
            10000,
            "example.com",
-            [{"type": "public-key", "id": b"credential_id"}],
+            [PublicKeyCredentialDescriptor(type="public-key", id=b"credential_id")],
            "discouraged",
        )
        self.assertEqual(o.challenge, b"request_challenge")
@ -293,6 +315,10 @@ class TestWebAuthnDataTypes(unittest.TestCase):
        self.assertEqual(o.timeout, 10000)
        self.assertIsNone(o.extensions)

+        js = json.dumps(dict(o))
+        o2 = PublicKeyCredentialRequestOptions.from_dict(json.loads(js))
+        self.assertEqual(o, o2)
+
        o = PublicKeyCredentialRequestOptions(b"request_challenge")
        self.assertIsNone(o.timeout)
        self.assertIsNone(o.rp_id)
--- a/tests/test_webauthn_legacy_mapping.py
+++ b/tests/test_webauthn_legacy_mapping.py
@ -0,0 +1,121 @@
+# Copyright (c) 2019 Yubico AB
+# All rights reserved.
+#
+#   Redistribution and use in source and binary forms, with or
+#   without modification, are permitted provided that the following
+#   conditions are met:
+#
+#    1. Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#    2. Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+from fido2.webauthn import (
+    PublicKeyCredentialUserEntity,
+    PublicKeyCredentialCreationOptions,
+    PublicKeyCredentialRequestOptions,
+)
+
+from fido2.features import webauthn_json_mapping
+import unittest
+
+
+class TestLegacyMapping(unittest.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        webauthn_json_mapping._enabled = False
+
+    @classmethod
+    def tearDownClass(cls):
+        webauthn_json_mapping._enabled = True
+
+    def test_user_entity(self):
+        o = PublicKeyCredentialUserEntity("Example", b"user", display_name="Display")
+        self.assertEqual(
+            o, {"id": b"user", "name": "Example", "displayName": "Display"}
+        )
+        self.assertEqual(o.id, b"user")
+        self.assertEqual(o.name, "Example")
+        self.assertEqual(o.display_name, "Display")
+
+    def test_creation_options(self):
+        o = PublicKeyCredentialCreationOptions(
+            {"id": "example.com", "name": "Example"},
+            {"id": b"user_id", "name": "A. User"},
+            b"request_challenge",
+            [{"type": "public-key", "alg": -7}],
+            10000,
+            [{"type": "public-key", "id": b"credential_id"}],
+            {
+                "authenticatorAttachment": "platform",
+                "residentKey": "required",
+                "userVerification": "required",
+            },
+            "direct",
+        )
+        self.assertEqual(o.rp, {"id": "example.com", "name": "Example"})
+        self.assertEqual(o.user, {"id": b"user_id", "name": "A. User"})
+        self.assertIsNone(o.extensions)
+
+        o2 = PublicKeyCredentialCreationOptions.from_dict(dict(o))
+        self.assertEqual(o, o2)
+
+        o = PublicKeyCredentialCreationOptions(
+            {"id": "example.com", "name": "Example"},
+            {"id": b"user_id", "name": "A. User"},
+            b"request_challenge",
+            [{"type": "public-key", "alg": -7}],
+        )
+        self.assertIsNone(o.timeout)
+        self.assertIsNone(o.authenticator_selection)
+        self.assertIsNone(o.attestation)
+
+        self.assertIsNone(
+            PublicKeyCredentialCreationOptions(
+                {"id": "example.com", "name": "Example"},
+                {"id": b"user_id", "name": "A. User"},
+                b"request_challenge",
+                [{"type": "public-key", "alg": -7}],
+                attestation="invalid",
+            ).attestation
+        )
+
+    def test_request_options(self):
+        o = PublicKeyCredentialRequestOptions(
+            b"request_challenge",
+            10000,
+            "example.com",
+            [{"type": "public-key", "id": b"credential_id"}],
+            "discouraged",
+        )
+        self.assertEqual(o.challenge, b"request_challenge")
+        self.assertEqual(o.rp_id, "example.com")
+        self.assertEqual(o.timeout, 10000)
+        self.assertIsNone(o.extensions)
+
+        o = PublicKeyCredentialRequestOptions(b"request_challenge")
+        self.assertIsNone(o.timeout)
+        self.assertIsNone(o.rp_id)
+        self.assertIsNone(o.allow_credentials)
+        self.assertIsNone(o.user_verification)
+
+        self.assertIsNone(
+            PublicKeyCredentialRequestOptions(
+                b"request_challenge", user_verification="invalid"
+            ).user_verification
+        )