add tests

Author: marius-se

Sources/WebAuthn/Ceremonies/Registration/PublicKeyCredentialCreationOptions.swift

@@ -25,7 +25,7 @@ public struct PublicKeyCredentialCreationOptions: Codable {
 
 // MARK: - Credential parameters
 
-public struct PublicKeyCredentialParameters: Codable {
+public struct PublicKeyCredentialParameters: Equatable, Codable {
     public let type: String
     public let algorithm: COSEAlgorithmIdentifier
 

Sources/WebAuthn/Helpers/Base64Utilities.swift

@@ -53,6 +53,10 @@ extension String {
             .replacingOccurrences(of: "/", with: "_")
             .replacingOccurrences(of: "=", with: "")
     }
+
+    func toBase64() -> String {
+        return Data(self.utf8).base64EncodedString()
+    }
 }
 
 extension String {

Sources/WebAuthn/Helpers/ChallengeGenerator.swift

@@ -0,0 +1,9 @@
+import Foundation
+
+public struct ChallengeGenerator {
+    var generate: () -> [UInt8]
+
+    public static var live: Self {
+        .init(generate: { [UInt8].random(count: 32) })
+    }
+}

Sources/WebAuthn/WebAuthnManager.swift

@@ -20,26 +20,32 @@ import SwiftCBOR
 public struct WebAuthnManager {
     private let config: WebAuthnConfig
 
-    public init(config: WebAuthnConfig) {
+    private let challengeGenerator: ChallengeGenerator
+
+    public init(config: WebAuthnConfig, challengeGenerator: ChallengeGenerator = .live) {
         self.config = config
+        self.challengeGenerator = challengeGenerator
     }
 
     /// Generate a new set of registration data to be sent to the client and authenticator.
-    public func beginRegistration(user: User) throws -> PublicKeyCredentialCreationOptions {
+    public func beginRegistration(
+        user: User,
+        publicKeyCredentialParameters: [PublicKeyCredentialParameters] = PublicKeyCredentialParameters.supported
+    ) throws -> PublicKeyCredentialCreationOptions {
         guard let base64ID = user.userID.data(using: .utf8)?.base64EncodedString() else {
             throw WebAuthnError.invalidUserID
         }
 
         let userEntity = PublicKeyCredentialUserEntity(name: user.name, id: base64ID, displayName: user.displayName)
         let relyingParty = PublicKeyCredentialRpEntity(name: config.relyingPartyDisplayName, id: config.relyingPartyID)
 
-        let challenge = try generateChallengeString()
+        let challenge = challengeGenerator.generate()
 
         return PublicKeyCredentialCreationOptions(
             challenge: challenge.base64EncodedString(),
             user: userEntity,
             relyingParty: relyingParty,
-            publicKeyCredentialParameters: PublicKeyCredentialParameters.supported,
+            publicKeyCredentialParameters: publicKeyCredentialParameters,
             timeout: config.timeout
         )
     }
@@ -105,7 +111,7 @@ public struct WebAuthnManager {
         attestation: String? = nil,
         attestationFormats: [String]? = nil
     ) throws -> PublicKeyCredentialRequestOptions {
-        let challenge = try challenge ?? generateChallengeString().base64EncodedString()
+        let challenge = challenge ?? challengeGenerator.generate().base64EncodedString()
         return PublicKeyCredentialRequestOptions(
             challenge: challenge,
             timeout: timeout,
@@ -180,12 +186,3 @@ public struct WebAuthnManager {
         )
     }
 }
-
-extension WebAuthnManager {
-    /// Generate a suitably random value to be used as an attestation or assertion challenge
-    /// - Throws: An error if something went wrong while generating random byte
-    /// - Returns: 32 bytes
-    public func generateChallengeString() throws -> [UInt8] {
-        [UInt8].random(count: 32)
-    }
-}

Tests/WebAuthnTests/CredentialCreationResponseTests.swift

@@ -3,21 +3,6 @@ import XCTest
 @testable import WebAuthn
 
 final class HelpersTests: XCTestCase {
-    func testGenerateChallengeReturnsRandomBytes() throws {
-        let webAuthn = WebAuthnManager(
-            config: .init(
-                relyingPartyDisplayName: "123",
-                relyingPartyID: "1",
-                relyingPartyOrigin: "http://localhost:8080",
-                timeout: 60
-            )
-        )
-        let challenge1 = try webAuthn.generateChallengeString()
-        let challenge2 = try webAuthn.generateChallengeString()
-
-        XCTAssertNotEqual(challenge1, challenge2)
-    }
-
     func testBase64URLEncodeReturnsCorrectString() {
         let input: [UInt8] = [1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0]
         let expectedBase64 = "AQABAAEBAAEAAQEAAAABAA=="

Tests/WebAuthnTests/HelpersTests.swift

@@ -0,0 +1,7 @@
+@testable import WebAuthn
+
+extension ChallengeGenerator {
+    static func mock(generate: [UInt8]) -> Self {
+        ChallengeGenerator(generate: { generate })
+    }
+}

Tests/WebAuthnTests/Mocks/MockChallengeGenerator.swift

@@ -0,0 +1,13 @@
+import WebAuthn
+
+struct MockUser: User {
+    var userID: String
+    var name: String
+    var displayName: String
+
+    init(userID: String = "1", name: String = "John", displayName: String = "Johnny") {
+        self.userID = userID
+        self.name = name
+        self.displayName = displayName
+    }
+}

Tests/WebAuthnTests/Mocks/MockUser.swift

@@ -0,0 +1,96 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the WebAuthn Swift open source project
+//
+// Copyright (c) 2022 the WebAuthn Swift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of WebAuthn Swift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@testable import WebAuthn
+import XCTest
+
+final class WebAuthnManagerTests: XCTestCase {
+    var webAuthnManager: WebAuthnManager!
+
+    let challenge: [UInt8] = [1, 0, 1]
+    let relyingPartyDisplayName = "Testy test"
+    let relyingPartyID = "example.com"
+    let relyingPartyOrigin = "https://example.com"
+    let timeout: TimeInterval = 6000
+
+    override func setUp() {
+        let config = WebAuthnConfig(
+            relyingPartyDisplayName: relyingPartyDisplayName,
+            relyingPartyID: relyingPartyID,
+            relyingPartyOrigin: relyingPartyOrigin,
+            timeout: timeout
+        )
+        webAuthnManager = .init(config: config, challengeGenerator: .mock(generate: challenge))
+    }
+
+    func testBeginRegistrationReturns() throws {
+        let user = MockUser()
+        let publicKeyCredentialParameter = PublicKeyCredentialParameters(type: "public-key", algorithm: .algPS384)
+        let options = try webAuthnManager.beginRegistration(
+            user: user,
+            publicKeyCredentialParameters: [publicKeyCredentialParameter]
+        )
+
+        XCTAssertEqual(options.challenge, challenge.base64EncodedString())
+        XCTAssertEqual(options.relyingParty.id, relyingPartyID)
+        XCTAssertEqual(options.relyingParty.name, relyingPartyDisplayName)
+        XCTAssertEqual(options.timeout, timeout)
+        XCTAssertEqual(options.user.id, user.userID.toBase64())
+        XCTAssertEqual(options.user.displayName, user.displayName)
+        XCTAssertEqual(options.user.name, user.name)
+        XCTAssertEqual(options.publicKeyCredentialParameters, [publicKeyCredentialParameter])
+    }
+
+    func testFinishRegistrationFailsWithInvalidRawID() async throws {
+        do {
+            _ = try await finishRegistration(rawID: "_")
+            XCTFail("Should not succeed")
+        } catch {
+            XCTAssertEqual(error as! WebAuthnError, .invalidRawID)
+        }
+    }
+
+    func testFinishRegistrationFailsWithInvalidCredentialCreationType() async throws {
+        do {
+            _ = try await finishRegistration(type: "foo")
+            XCTFail("Should not succeed")
+        } catch {
+            XCTAssertEqual(error as! WebAuthnError, .invalidCredentialCreationType)
+        }
+    }
+
+    private func finishRegistration(
+        challenge: EncodedBase64 = "xxi54jsOKKj7GrikECpuQyenfMC31FADtT6/fE9+fMY=",
+        id: EncodedBase64 = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
+        type: String = "public-key",
+        rawID: EncodedBase64 = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
+        clientDataJSON: String = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
+        attestationObject: String = "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIgNTRtpI_SOOZVzU1pN_4cX-osqUPiHMOW48qqq91DXfUCIQC-MHiaIxt2OdIxgqYnyUDHceevNOMfPibenabQGvXgjGhhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAAK3OAAI1vMYKZIsLJfHwVQMAIDo-5W3Kur7A7y9Lfw7ijhExfCz3_5coMEQNY_y6p-JrpQECAyYgASFYIJr_yLoYbYWgcf7aQcd7pcjUj-3o8biafWQH28WijQSvIlggPI2KqqRQ26KKuFaJ0yH7nouCBrzHu8qRONW-CPa9VDM",
+        confirmCredentialIDNotRegisteredYet: (String) async throws -> Bool = { _ in true }
+    ) async throws -> Credential {
+        try await webAuthnManager.finishRegistration(
+            challenge: challenge,
+            credentialCreationData: RegistrationCredential(
+                id: id,
+                type: type,
+                rawID: rawID,
+                attestationResponse: AuthenticatorAttestationResponse(
+                    clientDataJSON: clientDataJSON,
+                    attestationObject: attestationObject
+                )
+            ),
+            confirmCredentialIDNotRegisteredYet: confirmCredentialIDNotRegisteredYet
+        )
+    }
+}