New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@simplewebauthn/server
Advanced tools
@simplewebauthn/server - npm Package Compare versions
Comparing version 6.2.0 to 6.3.0-alpha.0
| /// <reference types="node" /> | ||
| import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType, UserVerificationRequirement } from '@simplewebauthn/typescript-types'; | ||
| import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions'; | ||
| import { DevicePublicKeyAuthenticatorOutput } from '../helpers/decodeAuthenticatorExtensions'; | ||
| export declare type VerifyAuthenticationResponseOpts = { | ||
@@ -14,2 +14,3 @@ credential: AuthenticationCredentialJSON; | ||
| }; | ||
| userDevicePublicKeys?: DevicePublicKeyAuthenticatorOutput[]; | ||
| }; | ||
@@ -62,4 +63,7 @@ /** | ||
| credentialBackedUp: boolean; | ||
| authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; | ||
| extensionOutputs: ExtensionOutputs; | ||
| }; | ||
| }; | ||
| export declare type ExtensionOutputs = { | ||
| devicePubKeyToStore?: DevicePublicKeyAuthenticatorOutput; | ||
| }; |
@@ -14,2 +14,4 @@ "use strict"; | ||
| const parseBackupFlags_1 = require("../helpers/parseBackupFlags"); | ||
| const verifyDevicePublicKeySignature_1 = require("../extensions/devicePublicKey/verifyDevicePublicKeySignature"); | ||
| const isRecognizedDevice_1 = require("../extensions/devicePublicKey/isRecognizedDevice"); | ||
| /** | ||
@@ -35,4 +37,4 @@ * Verify that the user has legitimately completed the login process | ||
| async function verifyAuthenticationResponse(options) { | ||
| const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, requireUserVerification, advancedFIDOConfig, } = options; | ||
| const { id, rawId, type: credentialType, response } = credential; | ||
| const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, requireUserVerification, advancedFIDOConfig, userDevicePublicKeys, } = options; | ||
| const { id, rawId, type: credentialType, response, clientExtensionResults } = credential; | ||
| // Ensure credential specified an ID | ||
@@ -148,2 +150,31 @@ if (!id) { | ||
| } | ||
| const extensionOutputs = {}; | ||
| if (flags.ed) { | ||
| if (!extensionsData && !clientExtensionResults) { | ||
| throw new Error('Authenticator data indicated extension data was present,' + | ||
| ' but no client or authenticator extension data were found'); | ||
| } | ||
| // TODO: Find a good way to check that returned extension outputs match what | ||
| // was requested in extension inputs. See 7.1 step 18 in the spec. | ||
| // DevicePublicKey sample currently provides the data through authenticator | ||
| // extension results. | ||
| if (extensionsData === null || extensionsData === void 0 ? void 0 : extensionsData.devicePubKey) { | ||
| const { devicePubKey } = extensionsData; | ||
| const { sig: dpkSig } = devicePubKey; | ||
| if (!dpkSig) { | ||
| throw new Error('DevicePublicKey was missing signature.'); | ||
| } | ||
| const dpkOptions = { | ||
| credential, | ||
| devicePubKey, | ||
| signature: dpkSig, | ||
| }; | ||
| const result = await (0, verifyDevicePublicKeySignature_1.verifyDevicePublicKeySignature)(dpkOptions); | ||
| if (!result) { | ||
| throw new Error('DevicePublicKey signature could not be verified'); | ||
| } | ||
| const devicePubKeyToStore = await (0, isRecognizedDevice_1.isRecognizedDevice)(devicePubKey, userDevicePublicKeys); | ||
| extensionOutputs.devicePubKeyToStore = devicePubKeyToStore; | ||
| } | ||
| } | ||
| const clientDataHash = (0, toHash_1.toHash)(base64url_1.default.toBuffer(response.clientDataJSON)); | ||
@@ -172,3 +203,3 @@ const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]); | ||
| credentialBackedUp, | ||
| authenticatorExtensionResults: extensionsData, | ||
| extensionOutputs, | ||
| }, | ||
@@ -175,0 +206,0 @@ }; |
| /// <reference types="node" /> | ||
| import { AttestationFormat, AttestationStatement } from './decodeAttestationObject'; | ||
| /** | ||
@@ -13,6 +14,9 @@ * Convert authenticator extension data buffer to a proper object | ||
| export declare type DevicePublicKeyAuthenticatorOutput = { | ||
| dpk?: Buffer; | ||
| scp?: Buffer; | ||
| sig?: string; | ||
| aaguid?: Buffer; | ||
| aaguid: Buffer; | ||
| dpk: Buffer; | ||
| scope: Buffer; | ||
| nonce?: Buffer; | ||
| fmt?: AttestationFormat; | ||
| attStmt?: AttestationStatement; | ||
| sig?: Buffer; | ||
| }; | ||
@@ -19,0 +23,0 @@ export declare type UVMAuthenticatorOutput = { |
@@ -11,2 +11,3 @@ /** | ||
| import { SettingsService } from './services/settingsService'; | ||
| import { DevicePublicKeyAuthenticatorOutput } from './helpers/decodeAuthenticatorExtensions'; | ||
| export { generateRegistrationOptions, verifyRegistrationResponse, generateAuthenticationOptions as generateAuthenticationOptions, verifyAuthenticationResponse, MetadataService, SettingsService, }; | ||
@@ -18,2 +19,2 @@ import type { GenerateRegistrationOptionsOpts } from './registration/generateRegistrationOptions'; | ||
| import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse'; | ||
| export type { GenerateRegistrationOptionsOpts, GenerateAuthenticationOptionsOpts, MetadataStatement, VerifyRegistrationResponseOpts, VerifyAuthenticationResponseOpts, VerifiedRegistrationResponse, VerifiedAuthenticationResponse, }; | ||
| export type { GenerateRegistrationOptionsOpts, GenerateAuthenticationOptionsOpts, MetadataStatement, VerifyRegistrationResponseOpts, VerifyAuthenticationResponseOpts, VerifiedRegistrationResponse, VerifiedAuthenticationResponse, DevicePublicKeyAuthenticatorOutput, }; |
@@ -24,2 +24,4 @@ "use strict"; | ||
| const verifyAttestationApple_1 = require("./verifications/verifyAttestationApple"); | ||
| const verifyDevicePublicKeySignature_1 = require("../extensions/devicePublicKey/verifyDevicePublicKeySignature"); | ||
| const verifyDevicePublicKeyAttestation_1 = require("../extensions/devicePublicKey/verifyDevicePublicKeyAttestation"); | ||
| /** | ||
@@ -42,3 +44,3 @@ * Verify that the user has legitimately completed the registration process | ||
| const { credential, expectedChallenge, expectedOrigin, expectedRPID, requireUserVerification = false, supportedAlgorithmIDs = generateRegistrationOptions_1.supportedCOSEAlgorithmIdentifiers, } = options; | ||
| const { id, rawId, type: credentialType, response } = credential; | ||
| const { id, rawId, type: credentialType, response, clientExtensionResults } = credential; | ||
| // Ensure credential specified an ID | ||
@@ -141,2 +143,33 @@ if (!id) { | ||
| } | ||
| if (flags.ed) { | ||
| if (!extensionsData && !clientExtensionResults) { | ||
| throw new Error('Extension results are not included despite the flag.'); | ||
| } | ||
| // TODO: Find a good way to check that returned extension outputs match what | ||
| // was requested in extension inputs. See 7.1 step 18 in the spec. | ||
| // Device public key sample currently provides the data through | ||
| // authenticator extension results. | ||
| if (extensionsData === null || extensionsData === void 0 ? void 0 : extensionsData.devicePubKey) { | ||
| const { devicePubKey } = extensionsData; | ||
| const signature = devicePubKey.sig; | ||
| if (!signature) { | ||
| throw new Error('DevicePublicKey signature is missing.'); | ||
| } | ||
| const dpkOptions = { | ||
| credential, | ||
| devicePubKey, | ||
| signature, | ||
| }; | ||
| const sigResult = await (0, verifyDevicePublicKeySignature_1.verifyDevicePublicKeySignature)(dpkOptions); | ||
| if (!sigResult) { | ||
| throw new Error('Invalid device public key signature.'); | ||
| } | ||
| // Optionally verify device public key attestation here as per | ||
| // 10.2.2.3.1. step 4 in the spec. | ||
| const attResult = await (0, verifyDevicePublicKeyAttestation_1.verifyDevicePublicKeyAttestation)(devicePubKey); | ||
| if (!attResult) { | ||
| throw new Error('Invalid device public key attestation.'); | ||
| } | ||
| } | ||
| } | ||
| const clientDataHash = (0, toHash_1.toHash)(base64url_1.default.toBuffer(response.clientDataJSON)); | ||
@@ -143,0 +176,0 @@ const rootCertificates = settingsService_1.SettingsService.getRootCertificates({ identifier: fmt }); |
| { | ||
| "name": "@simplewebauthn/server", | ||
| "version": "6.2.0", | ||
| "version": "6.3.0-alpha.0", | ||
| "description": "SimpleWebAuthn for Servers", | ||
@@ -61,3 +61,3 @@ "main": "dist/index.js", | ||
| }, | ||
| "gitHead": "b0aa153a33c912592d82972c039f59521ff2a71e", | ||
| "gitHead": "a52810675cd8ff96f3a009add9413412e3e86206", | ||
| "devDependencies": { | ||
@@ -64,0 +64,0 @@ "@types/cbor": "^5.0.1", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by11.67%
296009
- Number of package files
- increased by6.82%
141
- Lines of code
- increased by9.47%
4590
Worsened metrics
- Number of low quality alerts
- increased byInfinity%
1
No dependency changes