mirror of https://github.com/Yubico/python-fido2
Update tests for webauthn_json_mapping.
This commit is contained in:
parent
8debc41942
commit
709599f98c
|
@ -0,0 +1,3 @@
|
|||
import fido2.features
|
||||
|
||||
fido2.features.webauthn_json_mapping.enabled = True
|
|
@ -30,7 +30,7 @@
|
|||
import unittest
|
||||
from unittest import mock
|
||||
from fido2 import cbor
|
||||
from fido2.utils import sha256
|
||||
from fido2.utils import sha256, websafe_encode
|
||||
from fido2.hid import CAPABILITY
|
||||
from fido2.ctap import CtapError
|
||||
from fido2.ctap1 import RegistrationData
|
||||
|
@ -42,6 +42,7 @@ from fido2.webauthn import (
|
|||
CollectedClientData,
|
||||
)
|
||||
|
||||
|
||||
APP_ID = "https://foo.example.com"
|
||||
REG_DATA = RegistrationData(
|
||||
bytes.fromhex(
|
||||
|
@ -50,7 +51,7 @@ REG_DATA = RegistrationData(
|
|||
)
|
||||
|
||||
rp = {"id": "example.com", "name": "Example RP"}
|
||||
user = {"id": b"user_id", "name": "A. User"}
|
||||
user = {"id": websafe_encode(b"user_id"), "name": "A. User"}
|
||||
challenge = b"Y2hhbGxlbmdl"
|
||||
_INFO_NO_PIN = bytes.fromhex(
|
||||
"a60182665532465f5632684649444f5f325f3002826375766d6b686d61632d7365637265740350f8a011f38c0a4d15800617111f9edc7d04a462726bf5627570f564706c6174f469636c69656e7450696ef4051904b0068101" # noqa E501
|
||||
|
|
|
@ -8,6 +8,7 @@ from fido2.webauthn import (
|
|||
AttestedCredentialData,
|
||||
AuthenticatorData,
|
||||
)
|
||||
from fido2.utils import websafe_encode
|
||||
|
||||
from .test_ctap2 import _ATT_CRED_DATA, _CRED_ID
|
||||
from .utils import U2FDevice
|
||||
|
@ -95,7 +96,7 @@ class TestFido2Server(unittest.TestCase):
|
|||
challenge = b"1234567890123456"
|
||||
request, state = server.register_begin(USER, challenge=challenge)
|
||||
|
||||
self.assertEqual(request["publicKey"]["challenge"], challenge)
|
||||
self.assertEqual(request["publicKey"]["challenge"], websafe_encode(challenge))
|
||||
|
||||
def test_register_begin_custom_challenge_too_short(self):
|
||||
rp = PublicKeyCredentialRpEntity("Example", "example.com")
|
||||
|
|
|
@ -37,8 +37,10 @@ from fido2.webauthn import (
|
|||
PublicKeyCredentialCreationOptions,
|
||||
PublicKeyCredentialRequestOptions,
|
||||
)
|
||||
from fido2.utils import websafe_encode
|
||||
|
||||
import unittest
|
||||
import json
|
||||
|
||||
|
||||
class TestAaguid(unittest.TestCase):
|
||||
|
@ -183,7 +185,12 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
def test_user_entity(self):
|
||||
o = PublicKeyCredentialUserEntity("Example", b"user", display_name="Display")
|
||||
self.assertEqual(
|
||||
o, {"id": b"user", "name": "Example", "displayName": "Display"}
|
||||
o,
|
||||
{
|
||||
"id": websafe_encode(b"user"),
|
||||
"name": "Example",
|
||||
"displayName": "Display",
|
||||
},
|
||||
)
|
||||
self.assertEqual(o.id, b"user")
|
||||
self.assertEqual(o.name, "Example")
|
||||
|
@ -212,7 +219,9 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
|
||||
def test_descriptor(self):
|
||||
o = PublicKeyCredentialDescriptor("public-key", b"credential_id")
|
||||
self.assertEqual(o, {"type": "public-key", "id": b"credential_id"})
|
||||
self.assertEqual(
|
||||
o, {"type": "public-key", "id": websafe_encode(b"credential_id")}
|
||||
)
|
||||
self.assertEqual(o.type, "public-key")
|
||||
self.assertEqual(o.id, b"credential_id")
|
||||
self.assertIsNone(o.transports)
|
||||
|
@ -224,7 +233,7 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
o,
|
||||
{
|
||||
"type": "public-key",
|
||||
"id": b"credential_id",
|
||||
"id": websafe_encode(b"credential_id"),
|
||||
"transports": ["usb", "nfc"],
|
||||
},
|
||||
)
|
||||
|
@ -243,12 +252,12 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
|
||||
def test_creation_options(self):
|
||||
o = PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
PublicKeyCredentialRpEntity(id="example.com", name="Example"),
|
||||
PublicKeyCredentialUserEntity(id=b"user_id", name="A. User"),
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
10000,
|
||||
[{"type": "public-key", "id": b"credential_id"}],
|
||||
[{"type": "public-key", "id": websafe_encode(b"credential_id")}],
|
||||
{
|
||||
"authenticatorAttachment": "platform",
|
||||
"residentKey": "required",
|
||||
|
@ -257,15 +266,23 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
"direct",
|
||||
)
|
||||
self.assertEqual(o.rp, {"id": "example.com", "name": "Example"})
|
||||
self.assertEqual(o.user, {"id": b"user_id", "name": "A. User"})
|
||||
self.assertEqual(o.user, {"id": websafe_encode(b"user_id"), "name": "A. User"})
|
||||
self.assertIsNone(o.extensions)
|
||||
|
||||
o = PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
js = json.dumps(dict(o))
|
||||
o2 = PublicKeyCredentialCreationOptions.from_dict(json.loads(js))
|
||||
self.assertEqual(o, o2)
|
||||
|
||||
o = PublicKeyCredentialCreationOptions.from_dict(
|
||||
{
|
||||
"rp": {"id": "example.com", "name": "Example"},
|
||||
"user": {"id": websafe_encode(b"user_id"), "name": "A. User"},
|
||||
"challenge": websafe_encode(b"request_challenge"),
|
||||
"pubKeyCredParams": [{"type": "public-key", "alg": -7}],
|
||||
}
|
||||
)
|
||||
self.assertEqual(o.user.id, b"user_id")
|
||||
self.assertEqual(o.challenge, b"request_challenge"),
|
||||
self.assertIsNone(o.timeout)
|
||||
self.assertIsNone(o.authenticator_selection)
|
||||
self.assertIsNone(o.attestation)
|
||||
|
@ -273,19 +290,24 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
self.assertIsNone(
|
||||
PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
{"id": websafe_encode(b"user_id"), "name": "A. User"},
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
attestation="invalid",
|
||||
).attestation
|
||||
)
|
||||
|
||||
js = json.dumps(dict(o))
|
||||
o2 = PublicKeyCredentialCreationOptions.from_dict(json.loads(js))
|
||||
|
||||
self.assertEqual(o, o2)
|
||||
|
||||
def test_request_options(self):
|
||||
o = PublicKeyCredentialRequestOptions(
|
||||
b"request_challenge",
|
||||
10000,
|
||||
"example.com",
|
||||
[{"type": "public-key", "id": b"credential_id"}],
|
||||
[PublicKeyCredentialDescriptor(type="public-key", id=b"credential_id")],
|
||||
"discouraged",
|
||||
)
|
||||
self.assertEqual(o.challenge, b"request_challenge")
|
||||
|
@ -293,6 +315,10 @@ class TestWebAuthnDataTypes(unittest.TestCase):
|
|||
self.assertEqual(o.timeout, 10000)
|
||||
self.assertIsNone(o.extensions)
|
||||
|
||||
js = json.dumps(dict(o))
|
||||
o2 = PublicKeyCredentialRequestOptions.from_dict(json.loads(js))
|
||||
self.assertEqual(o, o2)
|
||||
|
||||
o = PublicKeyCredentialRequestOptions(b"request_challenge")
|
||||
self.assertIsNone(o.timeout)
|
||||
self.assertIsNone(o.rp_id)
|
||||
|
|
|
@ -0,0 +1,121 @@
|
|||
# Copyright (c) 2019 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or
|
||||
# without modification, are permitted provided that the following
|
||||
# conditions are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
from fido2.webauthn import (
|
||||
PublicKeyCredentialUserEntity,
|
||||
PublicKeyCredentialCreationOptions,
|
||||
PublicKeyCredentialRequestOptions,
|
||||
)
|
||||
|
||||
from fido2.features import webauthn_json_mapping
|
||||
import unittest
|
||||
|
||||
|
||||
class TestLegacyMapping(unittest.TestCase):
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
webauthn_json_mapping._enabled = False
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
webauthn_json_mapping._enabled = True
|
||||
|
||||
def test_user_entity(self):
|
||||
o = PublicKeyCredentialUserEntity("Example", b"user", display_name="Display")
|
||||
self.assertEqual(
|
||||
o, {"id": b"user", "name": "Example", "displayName": "Display"}
|
||||
)
|
||||
self.assertEqual(o.id, b"user")
|
||||
self.assertEqual(o.name, "Example")
|
||||
self.assertEqual(o.display_name, "Display")
|
||||
|
||||
def test_creation_options(self):
|
||||
o = PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
10000,
|
||||
[{"type": "public-key", "id": b"credential_id"}],
|
||||
{
|
||||
"authenticatorAttachment": "platform",
|
||||
"residentKey": "required",
|
||||
"userVerification": "required",
|
||||
},
|
||||
"direct",
|
||||
)
|
||||
self.assertEqual(o.rp, {"id": "example.com", "name": "Example"})
|
||||
self.assertEqual(o.user, {"id": b"user_id", "name": "A. User"})
|
||||
self.assertIsNone(o.extensions)
|
||||
|
||||
o2 = PublicKeyCredentialCreationOptions.from_dict(dict(o))
|
||||
self.assertEqual(o, o2)
|
||||
|
||||
o = PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
)
|
||||
self.assertIsNone(o.timeout)
|
||||
self.assertIsNone(o.authenticator_selection)
|
||||
self.assertIsNone(o.attestation)
|
||||
|
||||
self.assertIsNone(
|
||||
PublicKeyCredentialCreationOptions(
|
||||
{"id": "example.com", "name": "Example"},
|
||||
{"id": b"user_id", "name": "A. User"},
|
||||
b"request_challenge",
|
||||
[{"type": "public-key", "alg": -7}],
|
||||
attestation="invalid",
|
||||
).attestation
|
||||
)
|
||||
|
||||
def test_request_options(self):
|
||||
o = PublicKeyCredentialRequestOptions(
|
||||
b"request_challenge",
|
||||
10000,
|
||||
"example.com",
|
||||
[{"type": "public-key", "id": b"credential_id"}],
|
||||
"discouraged",
|
||||
)
|
||||
self.assertEqual(o.challenge, b"request_challenge")
|
||||
self.assertEqual(o.rp_id, "example.com")
|
||||
self.assertEqual(o.timeout, 10000)
|
||||
self.assertIsNone(o.extensions)
|
||||
|
||||
o = PublicKeyCredentialRequestOptions(b"request_challenge")
|
||||
self.assertIsNone(o.timeout)
|
||||
self.assertIsNone(o.rp_id)
|
||||
self.assertIsNone(o.allow_credentials)
|
||||
self.assertIsNone(o.user_verification)
|
||||
|
||||
self.assertIsNone(
|
||||
PublicKeyCredentialRequestOptions(
|
||||
b"request_challenge", user_verification="invalid"
|
||||
).user_verification
|
||||
)
|
Loading…
Reference in New Issue