fix: add scaffold for WebAuthn test

supabase · Oct 3, 2024 · cc7aab0 · cc7aab0
1 parent 0c65f05
commit cc7aab0
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/internal/api/mfa_test.go b/internal/api/mfa_test.go
@@ -589,6 +589,69 @@ func (ts *MFATestSuite) TestMFAVerifyFactor() {
  }
 }
 
+func (ts *MFATestSuite) TestVerifyWebAuthnFactor() {
+ // Insert corresponding WebAuthn Session as per:
+ // https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/webauthn/types.go#L205
+ // Ensure the challenge, Relying Party ID, and allowed credentials match
+
+ // Two cases, one for credential creation, the other for login
+ // Case 1:
+ // Taken from: https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/protocol/credential_test.go
+ // byteAttObject, _ := base64.RawURLEncoding.DecodeString("o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw")
+ // byteClientDataJSON, _ := base64.RawURLEncoding.DecodeString("eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ")
+ // creationResponse := CredentialCreationResponse{
+ // PublicKeyCredential: PublicKeyCredential{
+ // Credential: Credential{
+ // Type: "public-key",
+ // ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
+ // },
+ // RawID: byteID,
+ // ClientExtensionResults: AuthenticationExtensionsClientOutputs{
+ // "appid": true,
+ // },
+ // AuthenticatorAttachment: "platform",
+ // },
+ // AttestationResponse: AuthenticatorAttestationResponse{
+ // AuthenticatorResponse: AuthenticatorResponse{
+ // ClientDataJSON: byteClientDataJSON,
+ // },
+ // AttestationObject: byteAttObject,
+ // Transports: []string{"usb", "nfc", "fake"},
+ // },
+ // }
+
+ // Case 2:
+ // // Taken from: https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/protocol/assertion_test.go#L74
+ // byteAuthData, _ := base64.RawURLEncoding.DecodeString("dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFXJJiGa3OAAI1vMYKZIsLJfHwVQMANwCOw-atj9C0vhWpfWU-whzNjeQS21Lpxfdk_G-omAtffWztpGoErlNOfuXWRqm9Uj9ANJck1p6lAQIDJiABIVggKAhfsdHcBIc0KPgAcRyAIK_-Vi-nCXHkRHPNaCMBZ-4iWCBxB8fGYQSBONi9uvq0gv95dGWlhJrBwCsj_a4LJQKVHQ")
+ // byteSignature, _ := base64.RawURLEncoding.DecodeString("MEUCIBtIVOQxzFYdyWQyxaLR0tik1TnuPhGVhXVSNgFwLmN5AiEAnxXdCq0UeAVGWxOaFcjBZ_mEZoXqNboY5IkQDdlWZYc")
+ // byteUserHandle, _ := base64.RawURLEncoding.DecodeString("0ToAAAAAAAAAAA")
+ // assertionResponse := CredentialAssertionResponse{
+ // PublicKeyCredential: PublicKeyCredential{
+ // Credential: Credential{
+ // Type: "public-key",
+ // ID: "AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
+ // },
+ // RawID: byteID,
+ // ClientExtensionResults: map[string]any{
+ // "appID": "example.com",
+ // },
+ // },
+ // AssertionResponse: AuthenticatorAssertionResponse{
+ // AuthenticatorResponse: AuthenticatorResponse{
+ // ClientDataJSON: byteClientDataJSON,
+ // },
+ // AuthenticatorData: byteAuthData,
+ // Signature: byteSignature,
+ // UserHandle: byteUserHandle,
+ // },
+ // }
+ // Set up request
+ //
+ // Case 3 and Case 4 should cover registration failure and creation failure respecitvely
+ // Make the corresponding assertion on status code
+ //
+}
+
 func (ts *MFATestSuite) TestUnenrollVerifiedFactor() {
  cases := []struct {
  desc string