Consolidate some webauthn-framework logic between handlers using a BaseHandlerTrait, add more tests
Showing 3 of 5 files from the diff.
src/BaseHandlerTrait.php
created.
src/VerifyHandler.php
changed.
src/RegisterHandler.php
changed.
Other files ignored by Codecov
tests/RegisterHandlerTest.php
has changed.
tests/MethodTest.php
is new.
@@ -0,0 +1,63 @@
Loading
1 | + | <?php declare(strict_types=1); |
|
2 | + | ||
3 | + | namespace SilverStripe\WebAuthn; |
|
4 | + | ||
5 | + | use CBOR\Decoder; |
|
6 | + | use CBOR\OtherObject\OtherObjectManager; |
|
7 | + | use CBOR\Tag\TagObjectManager; |
|
8 | + | use Webauthn\AttestationStatement\AttestationObjectLoader; |
|
9 | + | use Webauthn\AttestationStatement\AttestationStatementSupportManager; |
|
10 | + | use Webauthn\AttestationStatement\FidoU2FAttestationStatementSupport; |
|
11 | + | use Webauthn\AttestationStatement\NoneAttestationStatementSupport; |
|
12 | + | use Webauthn\PublicKeyCredentialLoader; |
|
13 | + | ||
14 | + | /** |
|
15 | + | * Contains logic which is shared between both WebAuthn's RegisterHandler and VerifyHandler, such as |
|
16 | + | * the attestation configuration options. |
|
17 | + | */ |
|
18 | + | trait BaseHandlerTrait |
|
19 | + | { |
|
20 | + | /** |
|
21 | + | * @return Decoder |
|
22 | + | */ |
|
23 | + | protected function getDecoder(): Decoder |
|
24 | + | { |
|
25 | + | return new Decoder(new TagObjectManager(), new OtherObjectManager()); |
|
26 | + | } |
|
27 | + | ||
28 | + | /** |
|
29 | + | * @param Decoder $decoder |
|
30 | + | * @return AttestationStatementSupportManager |
|
31 | + | */ |
|
32 | + | protected function getAttestationStatementSupportManager(Decoder $decoder): AttestationStatementSupportManager |
|
33 | + | { |
|
34 | + | $manager = new AttestationStatementSupportManager(); |
|
35 | + | $manager->add(new NoneAttestationStatementSupport()); |
|
36 | + | $manager->add(new FidoU2FAttestationStatementSupport($decoder)); |
|
37 | + | return $manager; |
|
38 | + | } |
|
39 | + | ||
40 | + | /** |
|
41 | + | * @param AttestationStatementSupportManager $attestationStatementSupportManager |
|
42 | + | * @param Decoder $decoder |
|
43 | + | * @return AttestationObjectLoader |
|
44 | + | */ |
|
45 | + | protected function getAttestationObjectLoader( |
|
46 | + | AttestationStatementSupportManager $attestationStatementSupportManager, |
|
47 | + | Decoder $decoder |
|
48 | + | ): AttestationObjectLoader { |
|
49 | + | return new AttestationObjectLoader($attestationStatementSupportManager, $decoder); |
|
50 | + | } |
|
51 | + | ||
52 | + | /** |
|
53 | + | * @param AttestationObjectLoader $attestationObjectLoader |
|
54 | + | * @param Decoder $decoder |
|
55 | + | * @return PublicKeyCredentialLoader |
|
56 | + | */ |
|
57 | + | protected function getPublicKeyCredentialLoader( |
|
58 | + | AttestationObjectLoader $attestationObjectLoader, |
|
59 | + | Decoder $decoder |
|
60 | + | ): PublicKeyCredentialLoader { |
|
61 | + | return new PublicKeyCredentialLoader($attestationObjectLoader, $decoder); |
|
62 | + | } |
|
63 | + | } |
@@ -2,9 +2,6 @@
Loading
2 | 2 | ||
3 | 3 | namespace SilverStripe\WebAuthn; |
|
4 | 4 | ||
5 | - | use CBOR\Decoder; |
|
6 | - | use CBOR\OtherObject\OtherObjectManager; |
|
7 | - | use CBOR\Tag\TagObjectManager; |
|
8 | 5 | use Exception; |
|
9 | 6 | use GuzzleHttp\Psr7\ServerRequest; |
|
10 | 7 | use Psr\Log\LoggerInterface; |
@@ -13,20 +10,17 @@
Loading
13 | 10 | use SilverStripe\MFA\Model\RegisteredMethod; |
|
14 | 11 | use SilverStripe\MFA\State\Result; |
|
15 | 12 | use SilverStripe\MFA\Store\StoreInterface; |
|
16 | - | use Webauthn\AttestationStatement\AttestationObjectLoader; |
|
17 | - | use Webauthn\AttestationStatement\AttestationStatementSupportManager; |
|
18 | - | use Webauthn\AttestationStatement\FidoU2FAttestationStatementSupport; |
|
19 | - | use Webauthn\AttestationStatement\NoneAttestationStatementSupport; |
|
20 | 13 | use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler; |
|
21 | 14 | use Webauthn\AuthenticatorAssertionResponse; |
|
22 | 15 | use Webauthn\AuthenticatorAssertionResponseValidator; |
|
23 | 16 | use Webauthn\PublicKeyCredentialDescriptor; |
|
24 | - | use Webauthn\PublicKeyCredentialLoader; |
|
25 | 17 | use Webauthn\PublicKeyCredentialRequestOptions; |
|
26 | 18 | use Webauthn\TokenBinding\TokenBindingNotSupportedHandler; |
|
27 | 19 | ||
28 | 20 | class VerifyHandler implements VerifyHandlerInterface |
|
29 | 21 | { |
|
22 | + | use BaseHandlerTrait; |
|
23 | + | ||
30 | 24 | /** |
|
31 | 25 | * Dependency injection configuration |
|
32 | 26 | * |
@@ -85,18 +79,10 @@
Loading
85 | 79 | ||
86 | 80 | $data = json_decode($request->getBody(), true); |
|
87 | 81 | ||
88 | - | // CBOR |
|
89 | - | $decoder = new Decoder(new TagObjectManager(), new OtherObjectManager()); |
|
90 | - | ||
91 | - | // Attestation statement support manager |
|
92 | - | $attestationStatementSupportManager = new AttestationStatementSupportManager(); |
|
93 | - | $attestationStatementSupportManager->add(new NoneAttestationStatementSupport()); |
|
94 | - | $attestationStatementSupportManager->add(new FidoU2FAttestationStatementSupport($decoder)); |
|
95 | - | ||
96 | - | // Attestation object loader |
|
97 | - | $attestationObjectLoader = new AttestationObjectLoader($attestationStatementSupportManager, $decoder); |
|
98 | - | ||
99 | - | $publicKeyCredentialLoader = new PublicKeyCredentialLoader($attestationObjectLoader, $decoder); |
|
82 | + | $decoder = $this->getDecoder(); |
|
83 | + | $attestationStatementSupportManager = $this->getAttestationStatementSupportManager($decoder); |
|
84 | + | $attestationObjectLoader = $this->getAttestationObjectLoader($attestationStatementSupportManager, $decoder); |
|
85 | + | $publicKeyCredentialLoader = $this->getPublicKeyCredentialLoader($attestationObjectLoader, $decoder); |
|
100 | 86 | ||
101 | 87 | $credentialRepository = new CredentialRepository($store->getMember(), $registeredMethod); |
|
102 | 88 |
@@ -155,6 +141,13 @@
Loading
155 | 141 | return 'WebAuthnVerify'; |
|
156 | 142 | } |
|
157 | 143 | ||
144 | + | /** |
|
145 | + | * @param StoreInterface $store |
|
146 | + | * @param RegisteredMethod $registeredMethod |
|
147 | + | * @param bool $reset |
|
148 | + | * @return PublicKeyCredentialRequestOptions |
|
149 | + | * @throws Exception |
|
150 | + | */ |
|
158 | 151 | protected function getCredentialRequestOptions( |
|
159 | 152 | StoreInterface $store, |
|
160 | 153 | RegisteredMethod $registeredMethod, |
@@ -2,9 +2,6 @@
Loading
2 | 2 | ||
3 | 3 | namespace SilverStripe\WebAuthn; |
|
4 | 4 | ||
5 | - | use CBOR\Decoder; |
|
6 | - | use CBOR\OtherObject\OtherObjectManager; |
|
7 | - | use CBOR\Tag\TagObjectManager; |
|
8 | 5 | use Cose\Algorithms; |
|
9 | 6 | use Exception; |
|
10 | 7 | use GuzzleHttp\Psr7\ServerRequest; |
@@ -18,17 +15,12 @@
Loading
18 | 15 | use SilverStripe\MFA\Store\StoreInterface; |
|
19 | 16 | use SilverStripe\Security\Member; |
|
20 | 17 | use SilverStripe\SiteConfig\SiteConfig; |
|
21 | - | use Webauthn\AttestationStatement\AttestationObjectLoader; |
|
22 | - | use Webauthn\AttestationStatement\AttestationStatementSupportManager; |
|
23 | - | use Webauthn\AttestationStatement\FidoU2FAttestationStatementSupport; |
|
24 | - | use Webauthn\AttestationStatement\NoneAttestationStatementSupport; |
|
25 | 18 | use Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientInputs; |
|
26 | 19 | use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler; |
|
27 | 20 | use Webauthn\AuthenticatorAttestationResponse; |
|
28 | 21 | use Webauthn\AuthenticatorAttestationResponseValidator; |
|
29 | 22 | use Webauthn\AuthenticatorSelectionCriteria; |
|
30 | 23 | use Webauthn\PublicKeyCredentialCreationOptions; |
|
31 | - | use Webauthn\PublicKeyCredentialLoader; |
|
32 | 24 | use Webauthn\PublicKeyCredentialParameters; |
|
33 | 25 | use Webauthn\PublicKeyCredentialRpEntity; |
|
34 | 26 | use Webauthn\PublicKeyCredentialUserEntity; |
@@ -36,6 +28,7 @@
Loading
36 | 28 | ||
37 | 29 | class RegisterHandler implements RegisterHandlerInterface |
|
38 | 30 | { |
|
31 | + | use BaseHandlerTrait; |
|
39 | 32 | use Extensible; |
|
40 | 33 | use Configurable; |
|
41 | 34 |
@@ -115,18 +108,10 @@
Loading
115 | 108 | $options = $this->getCredentialCreationOptions($store); |
|
116 | 109 | $data = json_decode($request->getBody(), true); |
|
117 | 110 | ||
118 | - | // CBOR |
|
119 | - | $decoder = new Decoder(new TagObjectManager(), new OtherObjectManager()); |
|
120 | - | ||
121 | - | // Attestation statement support manager |
|
122 | - | $attestationStatementSupportManager = new AttestationStatementSupportManager(); |
|
123 | - | $attestationStatementSupportManager->add(new NoneAttestationStatementSupport()); |
|
124 | - | $attestationStatementSupportManager->add(new FidoU2FAttestationStatementSupport($decoder)); |
|
125 | - | ||
126 | - | // Attestation object loader |
|
127 | - | $attestationObjectLoader = new AttestationObjectLoader($attestationStatementSupportManager, $decoder); |
|
128 | - | ||
129 | - | $publicKeyCredentialLoader = new PublicKeyCredentialLoader($attestationObjectLoader, $decoder); |
|
111 | + | $decoder = $this->getDecoder(); |
|
112 | + | $attestationStatementSupportManager = $this->getAttestationStatementSupportManager($decoder); |
|
113 | + | $attestationObjectLoader = $this->getAttestationObjectLoader($attestationStatementSupportManager, $decoder); |
|
114 | + | $publicKeyCredentialLoader = $this->getPublicKeyCredentialLoader($attestationObjectLoader, $decoder); |
|
130 | 115 | ||
131 | 116 | $credentialRepository = new CredentialRepository($store->getMember()); |
|
132 | 117 |
@@ -138,7 +123,7 @@
Loading
138 | 123 | ); |
|
139 | 124 | ||
140 | 125 | // Create a PSR-7 request |
|
141 | - | $request = ServerRequest::fromGlobals(); |
|
126 | + | $psrRequest = ServerRequest::fromGlobals(); |
|
142 | 127 | ||
143 | 128 | try { |
|
144 | 129 | $publicKeyCredential = $publicKeyCredentialLoader->load(base64_decode($data['credentials'])); |
@@ -152,7 +137,7 @@
Loading
152 | 137 | throw new ResponseDataException('Incomplete data, required information missing'); |
|
153 | 138 | } |
|
154 | 139 | ||
155 | - | $authenticatorAttestationResponseValidator->check($response, $options, $request); |
|
140 | + | $authenticatorAttestationResponseValidator->check($response, $options, $psrRequest); |
|
156 | 141 | } catch (Exception $e) { |
|
157 | 142 | $this->logger->error($e->getMessage()); |
|
158 | 143 | return Result::create(false, 'Registration failed: ' . $e->getMessage()); |
Files | Complexity | Coverage |
---|---|---|
client/src | 0 | 33.80% |
src | 54 | 52.51% |
Project Totals (14 files) | 54 | 44.24% |
61.3
TRAVIS_NODE_VERSION=10 TRAVIS_OS_NAME=linux
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file.
The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files.
The size and color of each slice is representing the number of statements and the coverage, respectively.