Skip to content

Commit 2c2cde0

Browse files
elukewalkerelukewalker
authored
Merge pull request #19 from YubicoLabs/wip/v2.1.0
Wip/v2.1.0
2 parents 509656d + a482b74 commit 2c2cde0

File tree

20 files changed

+1114
-818
lines changed

20 files changed

+1114
-818
lines changed

NEWS

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
1-
== Version 2.0.0 RC ==
1+
== Version 2.1.0 ==
2+
3+
- Integration with FIDO MDS
4+
- Automatic nicknames given to authenticators through MDS
5+
- New Edit modal for Trusted Devices
6+
- Various bug fixes for internationalization, Android resident key settings, and Safari user handle default values
7+
8+
== Version 2.0.0 ==
29

310
- Updated look and feel of UI
411
- Attestation data now displayed to the user (if they are using a YubiKey)

backend/lambda-functions/CreateAuth/CreateAuthChallengeFIDO2.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -131,9 +131,9 @@ async function getCreateCredentialsOptions(event, creds) {
131131

132132
const coseLookup = {"ES256": -7, "EdDSA": -8, "RS256": -257};
133133

134-
startRegisterPayload.requestId = startRegisterPayload.requestId.base64;
135-
startRegisterPayload.publicKeyCredentialCreationOptions.user.id = startRegisterPayload.publicKeyCredentialCreationOptions.user.id.base64;
136-
startRegisterPayload.publicKeyCredentialCreationOptions.challenge = startRegisterPayload.publicKeyCredentialCreationOptions.challenge.base64;
134+
startRegisterPayload.requestId = startRegisterPayload.requestId.base64url;
135+
startRegisterPayload.publicKeyCredentialCreationOptions.user.id = startRegisterPayload.publicKeyCredentialCreationOptions.user.id.base64url;
136+
startRegisterPayload.publicKeyCredentialCreationOptions.challenge = startRegisterPayload.publicKeyCredentialCreationOptions.challenge.base64url;
137137
startRegisterPayload.publicKeyCredentialCreationOptions.attestation = startRegisterPayload.publicKeyCredentialCreationOptions.attestation.toLowerCase();
138138
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.userVerification = startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.userVerification.toLowerCase();
139139
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.authenticatorAttachment = authSelectorResolve[startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.authenticatorAttachment];
@@ -179,14 +179,14 @@ async function getCredentialsOptions(username) {
179179
let startAuthPayload = JSON.parse(JSON.parse(response.Payload));
180180
console.log("startAuthPayload: ", startAuthPayload);
181181

182-
startAuthPayload.requestId = startAuthPayload.requestId.base64;
182+
startAuthPayload.requestId = startAuthPayload.requestId.base64url;
183183
console.log("requestId: ", startAuthPayload.requestId);
184184
startAuthPayload.publicKeyCredentialRequestOptions.userVerification = startAuthPayload.publicKeyCredentialRequestOptions.userVerification.toLowerCase();
185-
startAuthPayload.publicKeyCredentialRequestOptions.challenge = startAuthPayload.publicKeyCredentialRequestOptions.challenge.base64;
185+
startAuthPayload.publicKeyCredentialRequestOptions.challenge = startAuthPayload.publicKeyCredentialRequestOptions.challenge.base64url;
186186
console.log("challenge: ", startAuthPayload.publicKeyCredentialRequestOptions.challenge);
187187
startAuthPayload.publicKeyCredentialRequestOptions.allowCredentials = startAuthPayload.publicKeyCredentialRequestOptions.allowCredentials.map( (cred) => {
188188
cred.type = cred.type.toLowerCase().replace('_','-');
189-
cred.id = cred.id.base64;
189+
cred.id = cred.id.base64url;
190190
return cred
191191
});
192192
console.log("response payload: ", startAuthPayload);

backend/lambda-functions/FIDO2KitAPI/FIDO2KitAPI.js

Lines changed: 9 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -180,7 +180,7 @@ async function updateFIDO2CredentialNickname(username, body) {
180180
const payload = JSON.stringify({
181181
"type": "updateCredentialNickname",
182182
"username": username,
183-
"credentialId": data.credential.credentialId.base64,
183+
"credentialId": data.credential.credentialId.base64url,
184184
"nickname": data.credentialNickname.value,
185185
});
186186
console.log("updateCredentialNickname request payload: "+payload);
@@ -264,15 +264,15 @@ async function startUsernamelessAuthentication() {
264264
let startAuthPayload = JSON.parse(JSON.parse(response.Payload));
265265
console.log("startAuthPayload: ", startAuthPayload);
266266

267-
startAuthPayload.requestId = startAuthPayload.requestId.base64;
267+
startAuthPayload.requestId = startAuthPayload.requestId.base64url;
268268
console.log("requestId: ", startAuthPayload.requestId);
269269
startAuthPayload.publicKeyCredentialRequestOptions.userVerification = startAuthPayload.publicKeyCredentialRequestOptions.userVerification.toLowerCase();
270-
startAuthPayload.publicKeyCredentialRequestOptions.challenge = startAuthPayload.publicKeyCredentialRequestOptions.challenge.base64;
270+
startAuthPayload.publicKeyCredentialRequestOptions.challenge = startAuthPayload.publicKeyCredentialRequestOptions.challenge.base64url;
271271
console.log("challenge: ", startAuthPayload.publicKeyCredentialRequestOptions.challenge);
272272
if(startAuthPayload.publicKeyCredentialRequestOptions.allowCredentials){
273273
startAuthPayload.publicKeyCredentialRequestOptions.allowCredentials = startAuthPayload.publicKeyCredentialRequestOptions.allowCredentials.map( (cred) => {
274274
cred.type = cred.type.toLowerCase().replace('_','-');
275-
cred.id = cred.id.base64;
275+
cred.id = cred.id.url;
276276
return cred
277277
});
278278
}
@@ -289,18 +289,11 @@ async function startUsernamelessAuthentication() {
289289
async function startRegisterFIDO2Credential(profile, body, uid) {
290290
console.log("startRegisterFIDO2Credential userId: "+profile.id+" body:",body);
291291
const jsonBody = JSON.parse(body);
292-
293-
let invalidResult = validate({nickname: jsonBody.nickname}, constraints);
294-
console.log("nickname invalidResult: ", invalidResult);
295-
if(invalidResult && invalidResult.nickname) {
296-
return error(invalidResult.nickname.join(". "));
297-
}
298292

299293
const payload = JSON.stringify({
300294
"type": "startRegistration",
301295
"username": profile.username,
302296
"displayName": profile.username,
303-
"credentialNickname": jsonBody.nickname,
304297
"requireResidentKey": jsonBody.requireResidentKey,
305298
"requireAuthenticatorAttachment": jsonBody.requireAuthenticatorAttachment,
306299
"uid": uid
@@ -322,14 +315,13 @@ async function startRegisterFIDO2Credential(profile, body, uid) {
322315

323316
const coseLookup = {"ES256": -7, "EdDSA": -8, "RS256": -257};
324317

325-
startRegisterPayload.requestId = startRegisterPayload.requestId.base64;
326-
startRegisterPayload.publicKeyCredentialCreationOptions.user.id = startRegisterPayload.publicKeyCredentialCreationOptions.user.id.base64;
327-
startRegisterPayload.publicKeyCredentialCreationOptions.challenge = startRegisterPayload.publicKeyCredentialCreationOptions.challenge.base64;
318+
startRegisterPayload.requestId = startRegisterPayload.requestId.base64url;
319+
startRegisterPayload.publicKeyCredentialCreationOptions.user.id = startRegisterPayload.publicKeyCredentialCreationOptions.user.id.base64url;
320+
startRegisterPayload.publicKeyCredentialCreationOptions.challenge = startRegisterPayload.publicKeyCredentialCreationOptions.challenge.base64url;
328321
startRegisterPayload.publicKeyCredentialCreationOptions.attestation = startRegisterPayload.publicKeyCredentialCreationOptions.attestation.toLowerCase();
329322
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.userVerification = startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.userVerification.toLowerCase();
330323
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.residentKey = startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.residentKey.toLowerCase();
331-
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.requireResidentKey = false;
332-
if(startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.residentKey === "required") {
324+
if(startRegisterPayload.requireResidentKey) {
333325
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.requireResidentKey = true;
334326
}
335327
startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.authenticatorAttachment = authSelectorResolve[startRegisterPayload.publicKeyCredentialCreationOptions.authenticatorSelection.authenticatorAttachment];
@@ -341,7 +333,7 @@ async function startRegisterFIDO2Credential(profile, body, uid) {
341333
});
342334
startRegisterPayload.publicKeyCredentialCreationOptions.excludeCredentials = startRegisterPayload.publicKeyCredentialCreationOptions.excludeCredentials.map( (cred) => {
343335
cred.type = cred.type.toLowerCase().replace('_','-');
344-
cred.id = cred.id.base64;
336+
cred.id = cred.id.base64url;
345337
console.log("cred: "+ JSON.stringify(cred));
346338
return cred;
347339
});

backend/lambda-functions/JavaWebAuthnLib/pom.xml

Lines changed: 45 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,30 @@
6464
<version>2.13.1</version>
6565
</dependency>
6666

67+
<dependency>
68+
<groupId>com.fasterxml.jackson.core</groupId>
69+
<artifactId>jackson-core</artifactId>
70+
<version>2.13.2</version>
71+
</dependency>
72+
73+
<dependency>
74+
<groupId>com.fasterxml.jackson.core</groupId>
75+
<artifactId>jackson-annotations</artifactId>
76+
<version>2.13.2</version>
77+
</dependency>
78+
79+
<dependency>
80+
<groupId>com.fasterxml.jackson.datatype</groupId>
81+
<artifactId>jackson-datatype-jdk8</artifactId>
82+
<version>2.13.2</version>
83+
</dependency>
84+
85+
<dependency>
86+
<groupId>com.fasterxml.jackson.datatype</groupId>
87+
<artifactId>jackson-datatype-jsr310</artifactId>
88+
<version>2.13.2</version>
89+
</dependency>
90+
6791
<dependency>
6892
<groupId>software.amazon.awssdk</groupId>
6993
<artifactId>url-connection-client</artifactId>
@@ -124,13 +148,32 @@
124148
<dependency>
125149
<groupId>com.yubico</groupId>
126150
<artifactId>webauthn-server-core</artifactId>
127-
<version>1.12.1</version>
151+
<version>2.0.0</version>
128152
</dependency>
129153

130154
<dependency>
131155
<groupId>com.yubico</groupId>
132156
<artifactId>webauthn-server-attestation</artifactId>
133-
<version>1.12.1</version>
157+
<version>2.0.0</version>
158+
</dependency>
159+
160+
<dependency>
161+
<groupId>com.yubico</groupId>
162+
<artifactId>yubico-util</artifactId>
163+
<version>2.0.0</version>
164+
</dependency>
165+
166+
167+
<dependency>
168+
<groupId>com.upokecenter</groupId>
169+
<artifactId>cbor</artifactId>
170+
<version>4.5.2</version>
171+
</dependency>
172+
173+
<dependency>
174+
<groupId>com.augustcellars.cose</groupId>
175+
<artifactId>cose-java</artifactId>
176+
<version>1.1.0</version>
134177
</dependency>
135178

136179
<!-- Test Dependencies -->

backend/lambda-functions/JavaWebAuthnLib/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverWithEquality.java

Lines changed: 0 additions & 71 deletions
This file was deleted.

0 commit comments

Comments
 (0)