3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-05 12:23:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: add userinfo and webauthn endpoints (#3755)

Browse source 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
This commit is contained in:
Caleb Doxsey 2022-11-22 10:26:35 -07:00 committed by GitHub
parent 81053ac8ef
commit c1a522cd82
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 498 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

25
pkg/webauthnutil/options_test.go
View file

@ -1,9 +1,11 @@
package webauthnutil
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/pomerium/pomerium/pkg/grpc/device"
"github.com/pomerium/pomerium/pkg/grpc/user"
@ -12,14 +14,17 @@ import (
)
func TestGenerateCreationOptions(t *testing.T) {
r, err := http.NewRequest(http.MethodGet, "https://www.example.com", nil)
require.NoError(t, err)
t.Run("random challenge", func(t *testing.T) {
key := []byte{1, 2, 3}
options1 := GenerateCreationOptions(key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
options1 := GenerateCreationOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
Id: "example",
Email: "test@example.com",
Name: "Test User",
})
options2 := GenerateCreationOptions(key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
options2 := GenerateCreationOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
Id: "example",
Email: "test@example.com",
Name: "Test User",
@ -28,7 +33,7 @@ func TestGenerateCreationOptions(t *testing.T) {
})
t.Run(DefaultDeviceType, func(t *testing.T) {
key := []byte{1, 2, 3}
options := GenerateCreationOptions(key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
options := GenerateCreationOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], &user.User{
Id: "example",
Email: "test@example.com",
Name: "Test User",
@ -37,6 +42,7 @@ func TestGenerateCreationOptions(t *testing.T) {
assert.Equal(t, &webauthn.PublicKeyCredentialCreationOptions{
RP: webauthn.PublicKeyCredentialRPEntity{
Name: "Pomerium",
ID: "example.com",
},
User: webauthn.PublicKeyCredentialUserEntity{
ID: []byte{
@ -63,15 +69,18 @@ func TestGenerateCreationOptions(t *testing.T) {
}
func TestGenerateRequestOptions(t *testing.T) {
r, err := http.NewRequest(http.MethodGet, "https://www.example.com", nil)
require.NoError(t, err)
t.Run("random challenge", func(t *testing.T) {
key := []byte{1, 2, 3}
options1 := GenerateRequestOptions(key, predefinedDeviceTypes[DefaultDeviceType], nil)
options2 := GenerateRequestOptions(key, predefinedDeviceTypes[DefaultDeviceType], nil)
options1 := GenerateRequestOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], nil)
options2 := GenerateRequestOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], nil)
assert.NotEqual(t, options1.Challenge, options2.Challenge)
})
t.Run(DefaultDeviceType, func(t *testing.T) {
key := []byte{1, 2, 3}
options := GenerateRequestOptions(key, predefinedDeviceTypes[DefaultDeviceType], []*device.Credential{
options := GenerateRequestOptions(r, key, predefinedDeviceTypes[DefaultDeviceType], []*device.Credential{
{Id: "device1", Specifier: &device.Credential_Webauthn{Webauthn: &device.Credential_WebAuthn{
Id: []byte{4, 5, 6},
}}},
@ -79,6 +88,7 @@ func TestGenerateRequestOptions(t *testing.T) {
options.Challenge = nil
assert.Equal(t, &webauthn.PublicKeyCredentialRequestOptions{
Timeout: 900000000000,
RPID: "example.com",
AllowCredentials: []webauthn.PublicKeyCredentialDescriptor{
{Type: "public-key", ID: []byte{4, 5, 6}},
},
@ -129,7 +139,8 @@ func TestFillPublicKeyCredentialParameters(t *testing.T) {
}{
{"", 0, nil},
{"public-key", -7, &device.WebAuthnOptions_PublicKeyCredentialParameters{
Type: device.WebAuthnOptions_PUBLIC_KEY, Alg: -7}},
Type: device.WebAuthnOptions_PUBLIC_KEY, Alg: -7,
}},
} {
params := new(webauthn.PublicKeyCredentialParameters)
fillPublicKeyCredentialParameters(params, testCase.in)