From 694e092b7eb390b75e6fb34b2fcce7da59d42f7c Mon Sep 17 00:00:00 2001 From: Santiago Rodriguez <46354312+santiagorodriguez96@users.noreply.github.com> Date: Thu, 9 Oct 2025 13:06:08 -0300 Subject: [PATCH 1/4] test: add tests for `RelyingParty#origin=` --- spec/webauthn/relying_party_spec.rb | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/spec/webauthn/relying_party_spec.rb b/spec/webauthn/relying_party_spec.rb index b15d6392..04ceac0f 100644 --- a/spec/webauthn/relying_party_spec.rb +++ b/spec/webauthn/relying_party_spec.rb @@ -135,6 +135,36 @@ end end + describe '#origin' do + subject { admin_rp.origin } + + context 'when relying party has only one allowed origin' do + let(:rp) do + WebAuthn::RelyingParty.new(allowed_origins: ["https://admin.example.test"]) + end + + it 'returns that allowed origin' do + is_expected.to eq("https://admin.example.test") + end + end + + context 'when relying party has multiple allowed origins' do + let(:rp) do + WebAuthn::RelyingParty.new(allowed_origins: ["https://admin.example.test", "https://newadmin.example.test"]) + end + + it { is_expected.to be_nil } + end + + context 'when relying party has not set its allowed origins' do + let(:rp) do + WebAuthn::RelyingParty.new(allowed_origins: nil) + end + + it { is_expected.to be_nil } + end + end + context "without having any global configuration" do let(:consumer_rp) do WebAuthn::RelyingParty.new( From 1e94e659d7cac1b61beb6fafe34f77de06c1944a Mon Sep 17 00:00:00 2001 From: Santiago Rodriguez <46354312+santiagorodriguez96@users.noreply.github.com> Date: Thu, 9 Oct 2025 13:06:15 -0300 Subject: [PATCH 2/4] test: disable deprecation warnings --- spec/webauthn/relying_party_spec.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/spec/webauthn/relying_party_spec.rb b/spec/webauthn/relying_party_spec.rb index 04ceac0f..a8c46a78 100644 --- a/spec/webauthn/relying_party_spec.rb +++ b/spec/webauthn/relying_party_spec.rb @@ -136,7 +136,13 @@ end describe '#origin' do - subject { admin_rp.origin } + subject do + old_verbose, $VERBOSE = $VERBOSE, nil # Silence warnings to avoid deprecation warnings + + rp.origin + ensure + $VERBOSE = old_verbose + end context 'when relying party has only one allowed origin' do let(:rp) do From a9275f77711054a2e2970da82da98a1c218dbc8c Mon Sep 17 00:00:00 2001 From: Santiago Rodriguez <46354312+santiagorodriguez96@users.noreply.github.com> Date: Thu, 9 Oct 2025 15:29:01 -0300 Subject: [PATCH 3/4] fix: update `RelyingParty#origin` to return allowed origin when there's only one Attempts to fix #481. --- lib/webauthn/relying_party.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/webauthn/relying_party.rb b/lib/webauthn/relying_party.rb index 06589d9f..9d2b84d1 100644 --- a/lib/webauthn/relying_party.rb +++ b/lib/webauthn/relying_party.rb @@ -54,7 +54,7 @@ def initialize( :acceptable_attestation_types, :legacy_u2f_appid - attr_reader :attestation_root_certificates_finders, :origin + attr_reader :attestation_root_certificates_finders # This is the user-data encoder. # Used to decode user input and to encode data provided to the user. @@ -121,6 +121,17 @@ def verify_authentication( end end + # DEPRECATED: This method will be removed in future. + def origin + warn( + "DEPRECATION WARNING: `WebAuthn.origin` is deprecated and will be removed in future. "\ + "Please use `WebAuthn.allowed_origins` instead "\ + "that also allows configuring multiple origins per Relying Party" + ) + + allowed_origins.first if allowed_origins&.size == 1 + end + # DEPRECATED: This method will be removed in future. def origin=(new_origin) return if new_origin.nil? From 16db8697b6627228b2529300fcdeab7aea0db194 Mon Sep 17 00:00:00 2001 From: Santiago Rodriguez <46354312+santiagorodriguez96@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:17:25 -0300 Subject: [PATCH 4/4] docs: update `CHANGELOG.md` --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6db6734f..bf60d00f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## Unreleased + +### Fixed + +- Update `RelyingParty#origin` and `WebAuthn.configuration.origin` to return the allowed origin if allowed origins has only one element. + ## [v3.4.2] - 2025-09-22 ### Added