Suppressing unexpected error with WebAuthn::PublicKeyCredentialWithAttestation#verify (#413)

soartec-lab · web-flow · commit 6a5d7e998df0 · 2023-11-21T11:45:32.000-03:00
* Suppressing unexpected errors with `WebAuthn::PublicKeyCredentialWithAttestation#verify`

* Fix `rubocop` offense `Layout/LineLength`

* Made `challenge` check a common process in `WebAuthn::PublicKeyCredential`
diff --git a/lib/webauthn/public_key_credential.rb b/lib/webauthn/public_key_credential.rb
@@ -4,6 +4,8 @@
 
 module WebAuthn
   class PublicKeyCredential
+    class InvalidChallengeError < Error; end
+
     attr_reader :type, :id, :raw_id, :client_extension_outputs, :authenticator_attachment, :response
 
     def self.from_client(credential, relying_party: WebAuthn.configuration.relying_party)
@@ -36,7 +38,13 @@ def initialize(
       @relying_party = relying_party
     end
 
-    def verify(*_args)
+    def verify(challenge, *_args)
+      unless valid_class?(challenge)
+        msg = "challenge must be a String. input challenge class: #{challenge.class}"
+
+        raise(InvalidChallengeError, msg)
+      end
+
       valid_type? || raise("invalid type")
       valid_id? || raise("invalid id")
 
@@ -71,6 +79,10 @@ def valid_id?
       raw_id && id && raw_id == WebAuthn.standard_encoder.decode(id)
     end
 
+    def valid_class?(challenge)
+      challenge.is_a?(String)
+    end
+
     def authenticator_data
       response&.authenticator_data
     end
diff --git a/spec/webauthn/public_key_credential_with_assertion_spec.rb b/spec/webauthn/public_key_credential_with_assertion_spec.rb
@@ -119,6 +119,18 @@
       end
     end
 
+    context "when challenge class is invalid" do
+      it "raise error" do
+        expect do
+          public_key_credential.verify(
+            nil,
+            public_key: credential_public_key,
+            sign_count: credential_sign_count
+          )
+        end.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
+      end
+    end
+
     context "when challenge is invalid" do
       let(:challenge) { Base64.urlsafe_encode64("another challenge") }
 
diff --git a/spec/webauthn/public_key_credential_with_attestation_spec.rb b/spec/webauthn/public_key_credential_with_attestation_spec.rb
@@ -87,7 +87,15 @@
       end
     end
 
-    context "when challenge is invalid" do
+    context "when challenge class is invalid" do
+      it "raise error" do
+        expect {
+          public_key_credential.verify(nil)
+        }.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
+      end
+    end
+
+    context "when challenge value is invalid" do
       it "fails" do
         expect {
           public_key_credential.verify(Base64.urlsafe_encode64("another challenge"))
