test: update specs

Author: santiagorodriguez96

spec/webauthn/authenticator_assertion_response_spec.rb

@@ -502,7 +502,7 @@
   end
 
   describe "migrated U2F credential" do
-    let(:origin) { "https://f69df4d9.ngrok.io" }
+    let(:origin) { seeds[:u2f_migration][:assertion][:origin] }
     let(:app_id) { "#{origin}/appid" }
     let(:migrated_credential) do
       WebAuthn::U2fMigrator.new(
@@ -525,17 +525,47 @@
     end
     let(:original_challenge) { WebAuthn::Encoders::Base64Encoder.decode(assertion_data[:challenge]) }
 
-    context "when correct FIDO AppID is given as rp_id" do
-      it "verifies" do
-        expect(
-          assertion_response.verify(original_challenge, public_key: credential_public_key, sign_count: 0, rp_id: app_id)
-        ).to be_truthy
+    it "verifies" do
+      expect(
+        assertion_response.verify(original_challenge, public_key: credential_public_key, sign_count: 0)
+      ).to be_truthy
+    end
+
+    it "is valid" do
+      expect(
+        assertion_response.valid?(original_challenge, public_key: credential_public_key, sign_count: 0)
+      ).to be_truthy
+    end
+
+    context "when authenticator_data contains FIDO AppID hash instead of rp_id hash" do
+      before do
+        allow(assertion_response.authenticator_data)
+          .to receive(:rp_id_hash)
+          .and_return(OpenSSL::Digest::SHA256.digest(app_id))
       end
 
-      it "is valid" do
-        expect(
-          assertion_response.valid?(original_challenge, public_key: credential_public_key, sign_count: 0, rp_id: app_id)
-        ).to be_truthy
+      context "and FIDO AppID is given as rp_id" do
+        it "verifies" do
+          expect(
+            assertion_response.verify(
+              original_challenge,
+              public_key: credential_public_key,
+              sign_count: 0,
+              rp_id: app_id
+            )
+          ).to be_truthy
+        end
+
+        it "is valid" do
+          expect(
+            assertion_response.valid?(
+              original_challenge,
+              public_key: credential_public_key,
+              sign_count: 0,
+              rp_id: app_id
+            )
+          ).to be_truthy
+        end
       end
     end
   end

spec/webauthn/public_key_credential_with_assertion_spec.rb

@@ -286,6 +286,10 @@
 
         before do
           WebAuthn.configuration.legacy_u2f_appid = legacy_u2f_appid
+
+          allow(assertion_response.authenticator_data)
+            .to receive(:rp_id_hash)
+            .and_return(OpenSSL::Digest::SHA256.digest(legacy_u2f_appid))
         end
 
         it "works" do
@@ -298,7 +302,7 @@
           ).to be_truthy
         end
 
-        context "if appid extension is not requested" do
+        context "if appid extension output is not present" do
           let(:public_key_credential) do
             WebAuthn::PublicKeyCredentialWithAssertion.new(
               type: credential_type,
@@ -331,7 +335,7 @@
           end.to raise_error("Unspecified legacy U2F AppID")
         end
 
-        context "if appid extension is not requested" do
+        context "if appid extension output is not present" do
           let(:public_key_credential) do
             WebAuthn::PublicKeyCredentialWithAssertion.new(
               type: credential_type,
@@ -341,14 +345,14 @@
             )
           end
 
-          it "fails" do
-            expect do
+          it "works" do
+            expect(
               public_key_credential.verify(
                 challenge,
                 public_key: credential_public_key,
                 sign_count: credential_sign_count
               )
-            end.to raise_error(WebAuthn::RpIdVerificationError)
+            ).to be_truthy
           end
         end
       end