From cc7aab0f3dba45466924c440ca20462310884268 Mon Sep 17 00:00:00 2001 From: joel Date: Tue, 1 Oct 2024 19:00:13 +0200 Subject: [PATCH] fix: add scaffold for WebAuthn test --- internal/api/mfa_test.go | 63 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/internal/api/mfa_test.go b/internal/api/mfa_test.go index 4e2a79758..f9940f720 100644 --- a/internal/api/mfa_test.go +++ b/internal/api/mfa_test.go @@ -589,6 +589,69 @@ func (ts *MFATestSuite) TestMFAVerifyFactor() { } } +func (ts *MFATestSuite) TestVerifyWebAuthnFactor() { + // Insert corresponding WebAuthn Session as per: + // https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/webauthn/types.go#L205 + // Ensure the challenge, Relying Party ID, and allowed credentials match + + // Two cases, one for credential creation, the other for login + // Case 1: + // Taken from: https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/protocol/credential_test.go + // byteAttObject, _ := base64.RawURLEncoding.DecodeString("o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw") + // byteClientDataJSON, _ := base64.RawURLEncoding.DecodeString("eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ") + // creationResponse := CredentialCreationResponse{ + // PublicKeyCredential: PublicKeyCredential{ + // Credential: Credential{ + // Type: "public-key", + // ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g", + // }, + // RawID: byteID, + // ClientExtensionResults: AuthenticationExtensionsClientOutputs{ + // "appid": true, + // }, + // AuthenticatorAttachment: "platform", + // }, + // AttestationResponse: AuthenticatorAttestationResponse{ + // AuthenticatorResponse: AuthenticatorResponse{ + // ClientDataJSON: byteClientDataJSON, + // }, + // AttestationObject: byteAttObject, + // Transports: []string{"usb", "nfc", "fake"}, + // }, + // } + + // Case 2: + // // Taken from: https://github.com/go-webauthn/webauthn/blob/6fecabdac122f34befe265df131e03e81e57d4e6/protocol/assertion_test.go#L74 + // byteAuthData, _ := base64.RawURLEncoding.DecodeString("dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFXJJiGa3OAAI1vMYKZIsLJfHwVQMANwCOw-atj9C0vhWpfWU-whzNjeQS21Lpxfdk_G-omAtffWztpGoErlNOfuXWRqm9Uj9ANJck1p6lAQIDJiABIVggKAhfsdHcBIc0KPgAcRyAIK_-Vi-nCXHkRHPNaCMBZ-4iWCBxB8fGYQSBONi9uvq0gv95dGWlhJrBwCsj_a4LJQKVHQ") + // byteSignature, _ := base64.RawURLEncoding.DecodeString("MEUCIBtIVOQxzFYdyWQyxaLR0tik1TnuPhGVhXVSNgFwLmN5AiEAnxXdCq0UeAVGWxOaFcjBZ_mEZoXqNboY5IkQDdlWZYc") + // byteUserHandle, _ := base64.RawURLEncoding.DecodeString("0ToAAAAAAAAAAA") + // assertionResponse := CredentialAssertionResponse{ + // PublicKeyCredential: PublicKeyCredential{ + // Credential: Credential{ + // Type: "public-key", + // ID: "AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng", + // }, + // RawID: byteID, + // ClientExtensionResults: map[string]any{ + // "appID": "example.com", + // }, + // }, + // AssertionResponse: AuthenticatorAssertionResponse{ + // AuthenticatorResponse: AuthenticatorResponse{ + // ClientDataJSON: byteClientDataJSON, + // }, + // AuthenticatorData: byteAuthData, + // Signature: byteSignature, + // UserHandle: byteUserHandle, + // }, + // } + // Set up request + // + // Case 3 and Case 4 should cover registration failure and creation failure respecitvely + // Make the corresponding assertion on status code + // +} + func (ts *MFATestSuite) TestUnenrollVerifiedFactor() { cases := []struct { desc string