class WebAuthn::AuthenticatorResponse

Attributes

client_data_json[R]

Public Class Methods

new(client_data_json:) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 23
def initialize(client_data_json:)
  @client_data_json = client_data_json
end

Public Instance Methods

client_data() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 55
def client_data
  @client_data ||= WebAuthn::ClientData.new(client_data_json)
end
valid?(*args, **keyword_arguments) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 49
def valid?(*args, **keyword_arguments)
  verify(*args, **keyword_arguments)
rescue WebAuthn::VerificationError
  false
end
verify(expected_challenge, expected_origin = nil, user_verification: nil, rp_id: nil) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 27
def verify(expected_challenge, expected_origin = nil, user_verification: nil, rp_id: nil)
  expected_origin ||= WebAuthn.configuration.origin || raise("Unspecified expected origin")
  rp_id ||= WebAuthn.configuration.rp_id

  verify_item(:type)
  verify_item(:token_binding)
  verify_item(:challenge, expected_challenge)
  verify_item(:origin, expected_origin)
  verify_item(:authenticator_data)
  verify_item(:rp_id, rp_id || rp_id_from_origin(expected_origin))

  if !WebAuthn.configuration.silent_authentication
    verify_item(:user_presence)
  end

  if user_verification
    verify_item(:user_verified)
  end

  true
end

Private Instance Methods

rp_id_from_origin(expected_origin) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 107
def rp_id_from_origin(expected_origin)
  URI.parse(expected_origin).host
end
type() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 111
def type
  raise NotImplementedError, "Please define #type method in subclass"
end
valid_authenticator_data?() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 93
def valid_authenticator_data?
  authenticator_data.valid?
rescue WebAuthn::AuthenticatorDataFormatError
  false
end
valid_challenge?(expected_challenge) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 81
def valid_challenge?(expected_challenge)
  WebAuthn::SecurityUtils.secure_compare(client_data.challenge, expected_challenge)
end
valid_origin?(expected_origin) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 85
def valid_origin?(expected_origin)
  expected_origin && (client_data.origin == expected_origin)
end
valid_rp_id?(rp_id) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 89
def valid_rp_id?(rp_id)
  OpenSSL::Digest::SHA256.digest(rp_id) == authenticator_data.rp_id_hash
end
valid_token_binding?() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 77
def valid_token_binding?
  client_data.valid_token_binding_format?
end
valid_type?() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 73
def valid_type?
  client_data.type == type
end
valid_user_presence?() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 99
def valid_user_presence?
  authenticator_data.user_flagged?
end
valid_user_verified?() click to toggle source
# File lib/webauthn/authenticator_response.rb, line 103
def valid_user_verified?
  authenticator_data.user_verified?
end
verify_item(item, *args) click to toggle source
# File lib/webauthn/authenticator_response.rb, line 63
def verify_item(item, *args)
  if send("valid_#{item}?", *args)
    true
  else
    camelized_item = item.to_s.split('_').map { |w| w.capitalize }.join
    error_const_name = "WebAuthn::#{camelized_item}VerificationError"
    raise Object.const_get(error_const_name)
  end
end