From 4e04c2058559fd7a16c2e7b2b267bd15758bda2e Mon Sep 17 00:00:00 2001 From: Victor Bojica Date: Thu, 6 Feb 2025 16:45:45 +0200 Subject: [PATCH] test fixes --- test/webauthn/apis.test.js | 202 +++++++++++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) diff --git a/test/webauthn/apis.test.js b/test/webauthn/apis.test.js index 0da75c05a..0cd364318 100644 --- a/test/webauthn/apis.test.js +++ b/test/webauthn/apis.test.js @@ -740,5 +740,207 @@ describe(`apisFunctions: ${printPath("[test/webauthn/apis.test.js]")}`, function ); assert(recoverAccountResponse.status === "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR"); }); + + it("should return the correct error if the credential is invalid", async function () { + await initST(); + + const app = express(); + app.use(middleware()); + app.use(errorHandler()); + + const { email, signUpResponse } = await createUser(rpId, rpName, origin); + + const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken( + { + userId: signUpResponse.user.id, + email, + tenantId: "public", + userContext: {}, + } + ); + const token = generateRecoverAccountTokenResponse.token; + + let registerOptionsResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/webauthn/options/register") + .send({ + email, + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId; + + const { createCredential } = await getWebauthnLib(); + const credential = createCredential(registerOptionsResponse, { + rpId, + rpName, + origin, + userNotPresent: false, + userNotVerified: false, + }); + + let recoverAccountResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/user/webauthn/reset") + .send({ + token, + credential: { + ...credential, + id: "invalid", + response: { + ...credential.response, + clientDataJSON: "invalid", + }, + }, + webauthnGeneratedOptionsId, + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + assert(recoverAccountResponse.status === "INVALID_CREDENTIALS_ERROR"); + }); + + it("should return the correct error if the register options id is wrong", async function () { + await initST(); + + const app = express(); + app.use(middleware()); + app.use(errorHandler()); + + const { email, signUpResponse } = await createUser(rpId, rpName, origin); + + const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken( + { + userId: signUpResponse.user.id, + email, + tenantId: "public", + userContext: {}, + } + ); + const token = generateRecoverAccountTokenResponse.token; + + let registerOptionsResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/webauthn/options/register") + .send({ + email, + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId; + + const { createCredential } = await getWebauthnLib(); + const credential = createCredential(registerOptionsResponse, { + rpId, + rpName, + origin, + userNotPresent: false, + userNotVerified: false, + }); + + let recoverAccountResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/user/webauthn/reset") + .send({ + token, + credential, + webauthnGeneratedOptionsId: "invalid", + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + assert(recoverAccountResponse.status === "INVALID_GENERATED_OPTIONS_ERROR"); + }); + + it("should return the correct error if the register options are wrong", async function () { + await initST(); + + const app = express(); + app.use(middleware()); + app.use(errorHandler()); + + const { email, signUpResponse } = await createUser(rpId, rpName, origin); + + const generateRecoverAccountTokenResponse = await getWebAuthnRecipe().recipeInterfaceImpl.generateRecoverAccountToken( + { + userId: signUpResponse.user.id, + email, + tenantId: "public", + userContext: {}, + } + ); + const token = generateRecoverAccountTokenResponse.token; + + let registerOptionsResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/webauthn/options/register") + .send({ + email, + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + const webauthnGeneratedOptionsId = registerOptionsResponse.webauthnGeneratedOptionsId; + + const { createCredential } = await getWebauthnLib(); + const credential = createCredential(registerOptionsResponse, { + rpId: rpId + ".co", + rpName, + origin: origin + ".co", + userNotPresent: false, + userNotVerified: false, + }); + + let recoverAccountResponse = await new Promise((resolve, reject) => + request(app) + .post("/auth/user/webauthn/reset") + .send({ + token, + credential, + webauthnGeneratedOptionsId, + }) + .expect(200) + .end((err, res) => { + if (err) { + reject(err); + } else { + resolve(JSON.parse(res.text)); + } + }) + ); + assert(recoverAccountResponse.status === "INVALID_GENERATED_OPTIONS_ERROR"); + }); }); });