Class: DiscourseWebauthn::BaseValidationService

Inherits:
Object
  • Object
show all
Defined in:
lib/discourse_webauthn/base_validation_service.rb

Direct Known Subclasses

AuthenticationService, RegistrationService

Instance Method Summary collapse

Constructor Details

#initialize(current_user, params, session:, factor_type:) ⇒ BaseValidationService

Returns a new instance of BaseValidationService.



5
6
7
8
9
10
# File 'lib/discourse_webauthn/base_validation_service.rb', line 5

def initialize(current_user, params, session:, factor_type:)
  @current_user = current_user
  @params = params
  @factor_type = factor_type
  @session = session
end

Instance Method Details

#validate_challengeObject



17
18
19
20
# File 'lib/discourse_webauthn/base_validation_service.rb', line 17

def validate_challenge
  return if challenge_match?
  raise(ChallengeMismatchError, I18n.t("webauthn.validation.challenge_mismatch_error"))
end

#validate_originObject

Raises:



22
23
24
25
# File 'lib/discourse_webauthn/base_validation_service.rb', line 22

def validate_origin
  return if origin_match?
  raise(InvalidOriginError, I18n.t("webauthn.validation.invalid_origin_error"))
end

#validate_rp_id_hashObject



27
28
29
30
31
32
33
# File 'lib/discourse_webauthn/base_validation_service.rb', line 27

def validate_rp_id_hash
  return if rp_id_hash_match?
  raise(
    InvalidRelyingPartyIdError,
    I18n.t("webauthn.validation.invalid_relying_party_id_error"),
  )
end

#validate_user_presenceObject

flags per specification www.w3.org/TR/webauthn-2/#sctn-authenticator-data bit 0 - user presence bit 1 - reserved for future use bit 2 - user verification bit 3-5 - reserved for future use bit 6 - attested credential data bit 7 - extension data

Raises:



44
45
46
47
48
49
# File 'lib/discourse_webauthn/base_validation_service.rb', line 44

def validate_user_presence
  flags = auth_data[32].unpack("b*")[0].split("")
  # bit 0 - user presence
  return if flags[0] == "1"
  raise(UserPresenceError, I18n.t("webauthn.validation.user_presence_error"))
end

#validate_user_verificationObject



51
52
53
54
55
56
# File 'lib/discourse_webauthn/base_validation_service.rb', line 51

def validate_user_verification
  flags = auth_data[32].unpack("b*")[0].split("")
  # bit 2 - user verification
  return if flags[2] == "1"
  raise(UserVerificationError, I18n.t("webauthn.validation.user_verification_error"))
end

#validate_webauthn_type(type_to_check) ⇒ Object

Raises:



12
13
14
15
# File 'lib/discourse_webauthn/base_validation_service.rb', line 12

def validate_webauthn_type(type_to_check)
  return if client_data["type"] == type_to_check
  raise(InvalidTypeError, I18n.t("webauthn.validation.invalid_type_error"))
end