Web IDL support 1/N: GA, MC basic parsing #138
Conversation
AlfioEmanueleFresta
changed the title
|
This now covers both MC and GA requests, but not responses. I'll probably tidy this up and keep responses for a separate PR. Note to self, the failures are due to Base64UrlString being used in CTAP models, which are serialized as a Base64 string rather than URL with serde_cbor. The next step is to separate these models into two, a WebAuthn JSON model using Base64UrlString, and an equivalent CTAP model using ByteBuf. Must also review all usages of Base64UrlString. |
AlfioEmanueleFresta
force-pushed
the
json
branch
from
efa24cd to
c117995
Compare
AlfioEmanueleFresta
force-pushed
the
json
branch
from
6823563 to
fbd5fb8
Compare
AlfioEmanueleFresta
changed the title
AlfioEmanueleFresta
changed the title
|
Marking this as ready for review as this is getting large, keeping track of further work in #134. |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces the foundation for Web IDL support by implementing basic parsing for GetAssertion (GA) and MakeCredential (MC) operations. The changes enable the library to parse WebAuthn operations from JSON format, which is a key requirement for Web IDL compliance.
- Introduces a new IDL module with JSON parsing capabilities for WebAuthn operations
- Refactors extension handling to use proper typed structures instead of enums
- Adds support for parsing WebAuthn requests from JSON format with proper validation
Reviewed Changes
Copilot reviewed 24 out of 25 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| libwebauthn/src/ops/webauthn/mod.rs | Adds IDL module exports and updates core WebAuthn type definitions |
| libwebauthn/src/ops/webauthn/idl/* | New IDL parsing infrastructure with JSON deserialization support |
| libwebauthn/src/ops/webauthn/make_credential.rs | Refactors extension handling and adds JSON parsing support |
| libwebauthn/src/ops/webauthn/get_assertion.rs | Updates extension structures and adds JSON parsing capabilities |
| libwebauthn/src/proto/ctap2/model/* | Updates extension handling to work with new typed structures |
| libwebauthn/src/tests/basic_ctap2.rs | Updates test to use new extension format |
| Examples and other files | Updates to use new extension APIs |
Comments suppressed due to low confidence (1)
libwebauthn/src/proto/ctap2/model/make_credential.rs:1
- The
Defaulttrait was removed fromCtap2GetAssertionRequestExtensionsbut line 142 in the same file still callsskip_serializing_extensionswhich expects a default value check. This could cause compilation issues.
use super::{
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| impl Into<String> for RelyingPartyId { | ||
| fn into(self) -> String { | ||
| self.0 |
There was a problem hiding this comment.
Consider implementing From<RelyingPartyId> for String instead of Into<String> for RelyingPartyId. The From trait automatically provides the Into implementation and is the preferred approach in Rust.
| impl Into<String> for RelyingPartyId { | |
| fn into(self) -> String { | |
| self.0 | |
| impl From<RelyingPartyId> for String { | |
| fn from(rpid: RelyingPartyId) -> String { | |
| rpid.0 |
| impl Into<Ctap2PublicKeyCredentialDescriptor> for PublicKeyCredentialDescriptorJSON { | ||
| fn into(self) -> Ctap2PublicKeyCredentialDescriptor { | ||
| Ctap2PublicKeyCredentialDescriptor { | ||
| r#type: self.r#type, | ||
| id: ByteBuf::from(self.id), | ||
| transports: self.transports, |
There was a problem hiding this comment.
Consider implementing From<PublicKeyCredentialDescriptorJSON> for Ctap2PublicKeyCredentialDescriptor instead of Into. The From trait automatically provides the Into implementation and is the preferred approach in Rust.
| impl Into<Ctap2PublicKeyCredentialDescriptor> for PublicKeyCredentialDescriptorJSON { | |
| fn into(self) -> Ctap2PublicKeyCredentialDescriptor { | |
| Ctap2PublicKeyCredentialDescriptor { | |
| r#type: self.r#type, | |
| id: ByteBuf::from(self.id), | |
| transports: self.transports, | |
| impl From<PublicKeyCredentialDescriptorJSON> for Ctap2PublicKeyCredentialDescriptor { | |
| fn from(value: PublicKeyCredentialDescriptorJSON) -> Self { | |
| Ctap2PublicKeyCredentialDescriptor { | |
| r#type: value.r#type, | |
| id: ByteBuf::from(value.id), | |
| transports: value.transports, |
| impl Into<Vec<u8>> for Base64UrlString { | ||
| fn into(self) -> Vec<u8> { | ||
| self.0 |
There was a problem hiding this comment.
Consider implementing From<Base64UrlString> for Vec<u8> instead of Into<Vec<u8>>. The From trait automatically provides the Into implementation and is the preferred approach in Rust.
| impl Into<Vec<u8>> for Base64UrlString { | |
| fn into(self) -> Vec<u8> { | |
| self.0 | |
| impl From<Base64UrlString> for Vec<u8> { | |
| fn from(b64: Base64UrlString) -> Vec<u8> { | |
| b64.0 |
| let json = | ||
| format!("{{\"type\":\"{op_str}\",\"challenge\":\"{challenge_str}\",\"origin\":\"{origin_str}\",\"crossOrigin\":{cross_origin_str}}}"); |
There was a problem hiding this comment.
The JSON string construction using format! is error-prone and hard to maintain. Consider using serde_json to serialize a proper struct to ensure valid JSON format.
| Some(inner.exclude_credentials) | ||
| }, | ||
| extensions: inner.extensions, | ||
| timeout: timeout, |
There was a problem hiding this comment.
Redundant field initialization. When the field name matches the variable name, you can use the shorthand syntax: timeout instead of timeout: timeout.
| timeout: timeout, | |
| timeout, |
msirringhaus
left a comment
msirringhaus
left a comment
There was a problem hiding this comment.
Looking good overall, I think. I haven't had time for a full deep dive, though. I only have some preliminary questions.
| (signed_extensions.hmac_secret, None) | ||
| } | ||
| MakeCredentialHmacOrPrfInput::Prf => ( | ||
| if let Some(_hmac_create_secret) = incoming_ext.hmac_create_secret { |
There was a problem hiding this comment.
Using if {} else if {} here means you can either have HMAC or PRF, and if you request both, HMAC will override PRF. Is that intended?
There was a problem hiding this comment.
Hmm, I think you're right. Whilst I wouldn't expect a browser to request this, I'll change it so that if your makeCredential includes both HMAC & PRF, you will get both responses back.
|
|
||
| use super::{DowngradableRequest, RegisterRequest, UserVerificationRequirement}; | ||
|
|
||
| pub const DEFAULT_TIMEOUT: Duration = Duration::from_secs(60); |
There was a problem hiding this comment.
Should we use the defintion from libwebauthn/src/ops/webauthn/timeout.rs here? (Same in the other files where this is defined again)
| pub hash: Vec<u8>, | ||
| pub allow: Vec<Ctap2PublicKeyCredentialDescriptor>, | ||
| pub extensions: Option<GetAssertionRequestExtensions>, | ||
| pub extensions: GetAssertionRequestExtensions, |
There was a problem hiding this comment.
I confess, I'm currently a bit lost in the details of this huge PR, but if I recall correctly, we used to use the Option<> here to decide if we have to include an extensions-map in the output. Some portals like demo.yubico.com are rather strict on what they expect, e.g. if they request extensions, they expect extensions in the response, even if the map is empty. And they do not want to see that empty map, if they didn't request one.
Is this still possible with this change?
There was a problem hiding this comment.
Thanks for spotting this, addressing it so we can represent both states. Also adding a test for both cases (extensions: {} and no etensions).
AlfioEmanueleFresta
force-pushed
the
json
branch
from
fbb40b2 to
39cca52
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 26 out of 27 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| let resident_key = if inner | ||
| .authenticator_selection | ||
| .as_ref() | ||
| .and_then(|s| Some(s.require_resident_key)) |
There was a problem hiding this comment.
The .and_then(|s| Some(s.require_resident_key)) is incorrect. Using and_then with a closure that always returns Some is redundant - this should be .map(|s| s.require_resident_key) instead.
| .and_then(|s| Some(s.require_resident_key)) | |
| .map(|s| s.require_resident_key) |
| let hmac_or_prf = match inner.extensions.clone() { | ||
| Some(ext) => { | ||
| if let Some(prf) = ext.prf { | ||
| let prf_input = PrfInput::try_from(prf)?; | ||
| Some(GetAssertionHmacOrPrfInput::Prf(prf_input)) | ||
| } else if let Some(hmac) = ext.hamc_get_secret { | ||
| let hmac_input = HMACGetSecretInput::try_from(hmac)?; | ||
| Some(GetAssertionHmacOrPrfInput::HmacGetSecret(hmac_input)) | ||
| } else { | ||
| None | ||
| } | ||
| } | ||
| None => None, | ||
| }; |
There was a problem hiding this comment.
The .clone() on line 84 followed by accessing .as_ref() on line 102 is inefficient. The extensions should only be accessed once (using .as_ref()) and then the necessary fields cloned individually if needed.
| let mut channel = device.channel().await?; | ||
| channel.wink(TIMEOUT).await?; | ||
|
|
||
| // Relying |
There was a problem hiding this comment.
The comment "// Relying" on line 79 appears to be incomplete. It should probably say "// Relying Party ID" or similar.
| // Relying | |
| // Relying Party ID |
| pub id: Base64UrlString, | ||
| pub r#type: Ctap2PublicKeyCredentialType, | ||
|
|
||
| #[serde(skip_serializing_if = "Option::is_none")] |
There was a problem hiding this comment.
The skip_serializing_if attribute is for serialization but is applied to a field in a struct that only derives Deserialize, not Serialize. This attribute has no effect and should be removed.
| #[serde(skip_serializing_if = "Option::is_none")] |
| } else { | ||
| "false" | ||
| }; | ||
| let json = |
There was a problem hiding this comment.
Trailing whitespace on this line should be removed.
| let json = | |
| let json = |
| if let Some(prf) = ext.prf { | ||
| let prf_input = PrfInput::try_from(prf)?; | ||
| Some(GetAssertionHmacOrPrfInput::Prf(prf_input)) | ||
| } else if let Some(hmac) = ext.hamc_get_secret { |
There was a problem hiding this comment.
The field name hamc_get_secret should be hmac_get_secret (typo is propagated from the struct definition). This will cause the extension to be silently ignored rather than parsed, which is a critical bug.
| } else if let Some(hmac) = ext.hamc_get_secret { | |
| } else if let Some(hmac) = ext.hmac_get_secret { |
| #[serde(rename = "largeBlobKey")] | ||
| pub large_blob: Option<LargeBlobInputJson>, | ||
| #[serde(rename = "hmacCreateSecret")] | ||
| pub hamc_get_secret: Option<HmacGetSecretInputJson>, |
There was a problem hiding this comment.
Typo in the field name: "hamc_get_secret" should be "hmac_get_secret" (missing the 'a' in 'hmac').
| pub hamc_get_secret: Option<HmacGetSecretInputJson>, | |
| pub hmac_get_secret: Option<HmacGetSecretInputJson>, |
msirringhaus
left a comment
msirringhaus
left a comment
There was a problem hiding this comment.
Looking good so far as I can tell. A few nitpicks below.
| }, | ||
| ); | ||
| let hmac_or_prf = GetAssertionHmacOrPrfInput::Prf { | ||
| let hmac_or_prf: GetAssertionHmacOrPrfInput = GetAssertionHmacOrPrfInput::Prf(PrfInput { |
There was a problem hiding this comment.
I don't think we need the double type marker here
| let hmac_or_prf: GetAssertionHmacOrPrfInput = GetAssertionHmacOrPrfInput::Prf(PrfInput { | |
| let hmac_or_prf = GetAssertionHmacOrPrfInput::Prf(PrfInput { |
| .transpose() | ||
| .ok() | ||
| .flatten() | ||
| .flatten(), |
There was a problem hiding this comment.
Can this be done a little bit simpler? Feels like transpose + 2x flatten points to an overly complicated data structure. E.g. does the try_from() function need to be implemented for Option<GetAssertionLargeBlobExtension> instead of GetAssertionLargeBlobExtension or &GetAssertionLargeBlobExtension? Then we could maybe do and_then() instead of map() here.
| }, | ||
| )) | ||
| }) | ||
| .collect::<Result<HashMap<String, PRFValue>, GetAssertionRequestParsingError>>()?, |
There was a problem hiding this comment.
This can probably be shortened by omitting at least the error type
| .collect::<Result<HashMap<String, PRFValue>, GetAssertionRequestParsingError>>()?, | |
| .collect::<Result<HashMap<String, PRFValue>, _>>()?, |
The compiler should be able to figure it out (same for String and PRFValue, but those are not overly long)
|
|
||
| #[derive(Debug, Clone, Deserialize)] | ||
| pub struct AuthenticatorSelectionCriteria { | ||
| #[serde(rename = "authenticatorAttachment")] |
There was a problem hiding this comment.
I think you can use #[serde(rename_all = "camelCase")] here instead of renaming each field individually.
| #[serde(default)] | ||
| pub require_resident_key: bool, | ||
| #[serde(rename = "userVerification")] | ||
| #[serde(default = "default_user_verification")] |
There was a problem hiding this comment.
We could think about deriving Default for UserVerificationRequirement and marking Preferred with #[default] and remove default_user_verification(). But maybe we don't want a default impl for that. Would be nice if serde would finally implement the ability to add default values here.
| } | ||
|
|
||
| #[derive(Debug, Clone, Copy)] | ||
| #[derive(Debug, Clone, Copy, Deserialize, PartialEq)] |
There was a problem hiding this comment.
This could also be done with rename_all
| pub enum MakeCredentialLargeBlobExtension { | ||
| #[default] | ||
| None, | ||
| #[serde(rename = "preferred")] |
| } | ||
|
|
||
| #[derive(Debug, Default, Clone)] | ||
| #[derive(Debug, Default, Clone, Deserialize, PartialEq)] |
| GetAssertion, | ||
| } | ||
|
|
||
| #[derive(Debug, Clone, Copy, Deserialize, PartialEq)] |
| #[derive(Debug, Clone, Deserialize, PartialEq)] | ||
| pub struct MakeCredentialPrfInput { | ||
| #[serde(rename = "eval")] | ||
| pub _eval: Option<JsonValue>, |
There was a problem hiding this comment.
Can we have a comment here, why it's _eval, aka not used at the moment?
No description provided.