Made challenge check a common process in `WebAuthn::PublicKeyCreden…

…tial`
cedarcode · Nov 11, 2023 · 9f86fe4 · 9f86fe4
1 parent bf16de5
commit 9f86fe4
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 10 deletions.
diff --git a/lib/webauthn/public_key_credential.rb b/lib/webauthn/public_key_credential.rb
@@ -4,6 +4,8 @@
 
 module WebAuthn
   class PublicKeyCredential
+    class InvalidChallengeError < Error; end
+
     attr_reader :type, :id, :raw_id, :client_extension_outputs, :authenticator_attachment, :response
 
     def self.from_client(credential, relying_party: WebAuthn.configuration.relying_party)
@@ -36,7 +38,13 @@ def initialize(
       @relying_party = relying_party
     end
 
-    def verify(*_args)
+    def verify(challenge, *_args)
+      unless valid_class?(challenge)
+        msg = "challenge must be a String. input challenge class: #{challenge.class}"
+
+        raise(InvalidChallengeError, msg)
+      end
+
       valid_type? || raise("invalid type")
       valid_id? || raise("invalid id")
 
@@ -71,6 +79,10 @@ def valid_id?
       raw_id && id && raw_id == WebAuthn.standard_encoder.decode(id)
     end
 
+    def valid_class?(challenge)
+      challenge.is_a?(String)
+    end
+
     def authenticator_data
       response&.authenticator_data
     end

diff --git a/lib/webauthn/public_key_credential_with_attestation.rb b/lib/webauthn/public_key_credential_with_attestation.rb
@@ -5,19 +5,11 @@
 
 module WebAuthn
   class PublicKeyCredentialWithAttestation < PublicKeyCredential
-    class InvalidChallengeError < Error; end
-
     def self.response_class
       WebAuthn::AuthenticatorAttestationResponse
     end
 
     def verify(challenge, user_verification: nil)
-      unless challenge.is_a?(String)
-        msg = "challenge must be a String. input challenge class: #{challenge.class}"
-
-        raise(InvalidChallengeError, msg)
-      end
-
       super
 
       response.verify(encoder.decode(challenge), user_verification: user_verification)

diff --git a/spec/webauthn/public_key_credential_with_assertion_spec.rb b/spec/webauthn/public_key_credential_with_assertion_spec.rb
@@ -119,6 +119,18 @@
       end
     end
 
+    context "when challenge class is invalid" do
+      it "raise error" do
+        expect do
+          public_key_credential.verify(
+            nil,
+            public_key: credential_public_key,
+            sign_count: credential_sign_count
+          )
+        end.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
+      end
+    end
+
     context "when challenge is invalid" do
       let(:challenge) { Base64.urlsafe_encode64("another challenge") }
 

diff --git a/spec/webauthn/public_key_credential_with_attestation_spec.rb b/spec/webauthn/public_key_credential_with_attestation_spec.rb
@@ -91,7 +91,7 @@
       it "raise error" do
         expect {
           public_key_credential.verify(nil)
-        }.to raise_error(WebAuthn::PublicKeyCredentialWithAttestation::InvalidChallengeError)
+        }.to raise_error(WebAuthn::PublicKeyCredential::InvalidChallengeError)
       end
     end