gitlab-org--gitlab-foss/spec/services/webauthn/authenticate_service_spec.rb

57 lines
2 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
require 'webauthn/fake_client'
RSpec.describe Webauthn::AuthenticateService do
let(:client) { WebAuthn::FakeClient.new(origin) }
let(:user) { create(:user) }
let(:challenge) { Base64.strict_encode64(SecureRandom.random_bytes(32)) }
let(:origin) { 'http://localhost' }
before do
create_result = client.create(challenge: challenge) # rubocop:disable Rails/SaveBang
webauthn_credential = WebAuthn::Credential.from_create(create_result)
registration = WebauthnRegistration.new(credential_xid: Base64.strict_encode64(webauthn_credential.raw_id),
public_key: webauthn_credential.public_key,
counter: 0,
name: 'name',
user_id: user.id)
registration.save!
end
describe '#execute' do
it 'returns true if the response is valid and a matching stored credential is present' do
get_result = client.get(challenge: challenge)
get_result['clientExtensionResults'] = {}
service = Webauthn::AuthenticateService.new(user, get_result.to_json, challenge)
expect(service.execute).to eq true
end
context 'when response is valid but no matching stored credential is present' do
it 'returns false' do
other_client = WebAuthn::FakeClient.new(origin)
other_client.create(challenge: challenge) # rubocop:disable Rails/SaveBang
get_result = other_client.get(challenge: challenge)
get_result['clientExtensionResults'] = {}
service = Webauthn::AuthenticateService.new(user, get_result.to_json, challenge)
expect(service.execute).to eq false
end
end
context 'when device response includes invalid json' do
it 'returns false' do
service = Webauthn::AuthenticateService.new(user, 'invalid JSON', '')
expect(service.execute).to eq false
end
end
end
end