Merge pull request #8 from ruby-passkeys/7-make-authenticator-selecti…

…on-customizable Add `RegistrationHelpers.authenticator_selection_options`
ruby-passkeys · Jul 25, 2023 · f37ef3c · f37ef3c
2 parents 634b747 + 44425fe
commit f37ef3c
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## [0.3.0]- 2023-07-24
+
+- Add `RegistrationHelpers.authenticator_selection_options`
+  - https://github.com/ruby-passkeys/warden-webauthn/pull/8
+
 ## [0.2.1]- 2023-06-24
 
 - Refactor `relying_party_key` into `Warden::WebAuthn::RackHelpers`

diff --git a/lib/warden/webauthn/registration_helpers.rb b/lib/warden/webauthn/registration_helpers.rb
@@ -8,7 +8,7 @@ def generate_registration_options(relying_party:, user_details:, exclude: [], op
         relying_party.options_for_registration(**{
           user: user_details,
           exclude: exclude,
-          authenticator_selection: { user_verification: "required" }
+          authenticator_selection: authenticator_selection_options
         }.merge(options))
       end
 
@@ -47,6 +47,10 @@ def raw_credential_key
       def registration_challenge_key
         "current_webauthn_registration_challenge"
       end
+
+      def authenticator_selection_options
+        { resident_key: "required", user_verification: "required" }
+      end
     end
   end
 end
diff --git a/test/warden/test_registration_helpers.rb b/test/warden/test_registration_helpers.rb
@@ -49,7 +49,7 @@ def test_generate_registration_options
     assert_equal 120_000, options_for_registration.timeout
     assert_equal relying_party, options_for_registration.relying_party
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -83,7 +83,7 @@ def test_generate_registration_options_with_overrides
     assert_equal extensions, options_for_registration.extensions
     assert_equal expected_exclude_credentials, options_for_registration.exclude_credentials
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -110,7 +110,7 @@ def test_generate_registration_options_with_customized_relying_party_id
     assert_equal 120_000, options_for_registration.timeout
     assert_equal relying_party, options_for_registration.relying_party
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -297,6 +297,10 @@ def test_registration_challenge
 
     assert_equal challenge, @test_class.registration_challenge
   end
+
+  def test_authenticator_selection_options
+    assert_equal ({ resident_key: "required", user_verification: "required" }), @test_class.authenticator_selection_options
+  end
 end
 
 class Warden::TestRegistrationHelpersCustomChallengeKey < Minitest::Test
@@ -353,7 +357,7 @@ def test_generate_registration_options
     assert_equal 120_000, options_for_registration.timeout
     assert_equal relying_party, options_for_registration.relying_party
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -387,7 +391,7 @@ def test_generate_registration_options_with_overrides
     assert_equal extensions, options_for_registration.extensions
     assert_equal expected_exclude_credentials, options_for_registration.exclude_credentials
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -414,7 +418,7 @@ def test_generate_registration_options_with_customized_relying_party_id
     assert_equal 120_000, options_for_registration.timeout
     assert_equal relying_party, options_for_registration.relying_party
 
-    assert_equal ({user_verification: "required"}), options_for_registration.authenticator_selection
+    assert_equal ({ resident_key: "required", user_verification: "required" }), options_for_registration.authenticator_selection
 
     assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
 
@@ -600,4 +604,55 @@ def test_registration_challenge
 
     assert_equal challenge, @test_class.registration_challenge
   end
-end
+end
+
+class Warden::TestRegistrationHelpersCustomAuthenticatorSelection < Minitest::Test
+  include WebAuthnTestHelpers
+
+  class TestClass
+    include Warden::WebAuthn::RegistrationHelpers
+
+    attr_accessor :session, :params
+
+    def initialize
+      self.session = {}
+      self.params = {}
+    end
+
+    def authenticator_selection_options
+      { resident_key: "preferred", user_verification: "preferred" }
+    end
+  end
+
+  def setup
+    @test_class = TestClass.new
+  end
+
+  def test_authenticator_selection_options
+    assert_equal ({ resident_key: "preferred", user_verification: "preferred" }), @test_class.authenticator_selection_options
+  end
+
+  def test_generate_registration_options
+    relying_party = example_relying_party
+    user_details = {name: "Test User", id: WebAuthn.generate_user_id}
+    options_for_registration = @test_class.generate_registration_options(relying_party: relying_party, user_details: user_details)
+
+    assert_kind_of WebAuthn::PublicKeyCredential::CreationOptions, options_for_registration
+    assert_empty options_for_registration.exclude
+    assert_empty options_for_registration.exclude_credentials
+    assert_equal ({}), options_for_registration.extensions
+    assert_nil options_for_registration.rp.id
+
+    assert_equal 120_000, options_for_registration.timeout
+    assert_equal relying_party, options_for_registration.relying_party
+
+    assert_equal ({ resident_key: "preferred", user_verification: "preferred" }), options_for_registration.authenticator_selection
+
+    assert_kind_of WebAuthn::PublicKeyCredential::UserEntity, options_for_registration.user
+
+    assert_equal "Test User", options_for_registration.user.name
+    assert_equal "Test User", options_for_registration.user.display_name
+    refute_nil options_for_registration.user.id
+    refute_nil options_for_registration.challenge
+  end
+end