File: CustomServerTest.php

package info (click to toggle)
phpmyadmin 4%3A5.2.2-really%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 140,312 kB
  • sloc: javascript: 228,447; php: 166,904; xml: 17,847; sql: 504; sh: 275; makefile: 209; python: 205
file content (132 lines) | stat: -rw-r--r-- 7,505 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
<?php

declare(strict_types=1);

namespace PhpMyAdmin\Tests\WebAuthn;

use PhpMyAdmin\Http\ServerRequest;
use PhpMyAdmin\WebAuthn\CustomServer;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\UriInterface;
use Throwable;

use function hex2bin;

/**
 * @covers \PhpMyAdmin\WebAuthn\CustomServer
 * @covers \PhpMyAdmin\WebAuthn\CBORDecoder
 * @covers \PhpMyAdmin\WebAuthn\DataStream
 */
#[\PHPUnit\Framework\Attributes\CoversClass(\PhpMyAdmin\WebAuthn\CustomServer::class)]
#[\PHPUnit\Framework\Attributes\CoversClass(\PhpMyAdmin\WebAuthn\CBORDecoder::class)]
#[\PHPUnit\Framework\Attributes\CoversClass(\PhpMyAdmin\WebAuthn\DataStream::class)]
final class CustomServerTest extends TestCase
{
    public function testGetCredentialCreationOptions(): void
    {
        $server = new CustomServer();
        $options = $server->getCredentialCreationOptions('user_name', 'user_id', 'test.localhost');
        self::assertArrayHasKey('challenge', $options);
        self::assertNotEmpty($options['challenge']);
        self::assertArrayHasKey('pubKeyCredParams', $options);
        self::assertNotEmpty($options['pubKeyCredParams']);
        self::assertArrayHasKey('attestation', $options);
        self::assertNotEmpty($options['attestation']);
        self::assertSame('phpMyAdmin (test.localhost)', $options['rp']['name']);
        self::assertSame('test.localhost', $options['rp']['id']);
        self::assertSame('user_name', $options['user']['name']);
        self::assertSame('user_name', $options['user']['displayName']);
        self::assertSame('user_id', $options['user']['id']);
        self::assertArrayHasKey('authenticatorAttachment', $options['authenticatorSelection']);
        self::assertSame('cross-platform', $options['authenticatorSelection']['authenticatorAttachment']);
    }

    public function testGetCredentialRequestOptions(): void
    {
        $server = new CustomServer();
        $options = $server->getCredentialRequestOptions(
            'user_name',
            'userHandle1',
            'test.localhost',
            [['type' => 'public-key', 'id' => 'cHVibGljS2V5Q3JlZGVudGlhbElkMQ']]
        );
        self::assertNotEmpty($options['challenge']);
        self::assertSame(
            [['type' => 'public-key', 'id' => 'cHVibGljS2V5Q3JlZGVudGlhbElkMQ==']],
            $options['allowCredentials']
        );
        self::assertSame(60000, $options['timeout']);
        self::assertSame('none', $options['attestation']);
        self::assertSame('discouraged', $options['userVerification']);
    }

    /** @see https://github.com/web-auth/webauthn-framework/blob/v3.3.12/tests/library/Functional/AssertionTest.php#L46 */
    public function testParseAndValidateAssertionResponse(): void
    {
        $server = new CustomServer();

        $uriStub = self::createStub(UriInterface::class);
        $uriStub->method('getHost')->willReturn('localhost');
        $request = self::createStub(ServerRequest::class);
        $request->method('getUri')->willReturn($uriStub);

        // phpcs:ignore Generic.Files.LineLength.TooLong
        $authenticatorResponse = '{"id":"eHouz_Zi7-BmByHjJ_tx9h4a1WZsK4IzUmgGjkhyOodPGAyUqUp_B9yUkflXY3yHWsNtsrgCXQ3HjAIFUeZB-w","type":"public-key","rawId":"eHouz/Zi7+BmByHjJ/tx9h4a1WZsK4IzUmgGjkhyOodPGAyUqUp/B9yUkflXY3yHWsNtsrgCXQ3HjAIFUeZB+w==","response":{"authenticatorData":"SZYN5YgOjGh0NBcPZHZgW4/krrmihjLHmVzzuoMdl2MBAAAAew==","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJHMEpiTExuZGVmM2EwSXkzUzJzU1FBOHVPNFNPX3plNkZaTUF1UEk2LXhJIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0MyIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ==","signature":"MEUCIEY/vcNkbo/LdMTfLa24ZYLlMMVMRd8zXguHBvqud9AJAiEAwCwpZpvcMaqCrwv85w/8RGiZzE+gOM61ffxmgEDeyhM=","userHandle":null}}';
        $challenge = 'G0JbLLndef3a0Iy3S2sSQA8uO4SO/ze6FZMAuPI6+xI=';

        $allowedCredentials = [
            [
                'type' => 'public-key',
                'id' => 'eHouz_Zi7-BmByHjJ_tx9h4a1WZsK4IzUmgGjkhyOodPGAyUqUp_B9yUkflXY3yHWsNtsrgCXQ3HjAIFUeZB-w',
            ],
        ];

        $throwable = null;
        try {
            $server->parseAndValidateAssertionResponse(
                $authenticatorResponse,
                $allowedCredentials,
                $challenge,
                $request
            );
        } catch (Throwable $throwable) {
            throw $throwable;
        }

        /** @psalm-suppress RedundantCondition */
        self::assertNull($throwable);
    }

    /** @see https://github.com/web-auth/webauthn-framework/blob/v3.3.12/tests/library/Functional/NoneAttestationStatementTest.php#L45 */
    public function testParseAndValidateAttestationResponse(): void
    {
        $uriStub = self::createStub(UriInterface::class);
        $uriStub->method('getHost')->willReturn('localhost');
        $request = self::createStub(ServerRequest::class);
        $request->method('getUri')->willReturn($uriStub);

        // phpcs:ignore Generic.Files.LineLength.TooLong
        $options = '{"rp":{"name":"My Application"},"pubKeyCredParams":[{"type":"public-key","alg":-7}],"challenge":"9WqgpRIYvGMCUYiFT20o1U7hSD193k11zu4tKP7wRcrE26zs1zc4LHyPinvPGS86wu6bDvpwbt8Xp2bQ3VBRSQ==","attestation":"none","user":{"name":"test@foo.com","id":"MJr5sD0WitVwZM0eoSO6kWhyseT67vc3oQdk\/k1VdZQ=","displayName":"Test PublicKeyCredentialUserEntity"},"authenticatorSelection":{"requireResidentKey":false,"userVerification":"preferred"}}';
        // phpcs:ignore Generic.Files.LineLength.TooLong
        $response = '{"id":"mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB_MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1-RIuTF9DUtEJZEEK","type":"public-key","rawId":"mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB/MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1+RIuTF9DUtEJZEEK","response":{"clientDataJSON":"eyJjaGFsbGVuZ2UiOiI5V3FncFJJWXZHTUNVWWlGVDIwbzFVN2hTRDE5M2sxMXp1NHRLUDd3UmNyRTI2enMxemM0TEh5UGludlBHUzg2d3U2YkR2cHdidDhYcDJiUTNWQlJTUSIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0=","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjkSZYN5YgOjGh0NBcPZHZgW4/krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJjIobiMfS7pLMMQTjIzBw3+hADjTsu6nVoWkEO3TrVYkdnFQfzDW2cVEYtnL4ErykiC295iEnvZTzRvbGIKI7mOYjYp2DoOoUVcZptFbLLjRtqZtfkSLkxfQ1LRCWRBCqUBAgMmIAEhWCAcPxwKyHADVjTgTsat4R/Jax6PWte50A8ZasMm4w6RxCJYILt0FCiGwC6rBrh3ySNy0yiUjZpNGAhW+aM9YYyYnUTJ"}}';

        $server = new CustomServer();
        $credential = $server->parseAndValidateAttestationResponse($response, $options, $request);

        self::assertSame(
            [
                // phpcs:ignore Generic.Files.LineLength.TooLong
                'publicKeyCredentialId' => 'mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB_MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1-RIuTF9DUtEJZEEK',
                'type' => 'public-key',
                'transports' => [],
                'attestationType' => 'none',
                'aaguid' => hex2bin('00000000000000000000000000000000'),
                // phpcs:ignore Generic.Files.LineLength.TooLong
                'credentialPublicKey' => 'pQECAyYgASFYIBw_HArIcANWNOBOxq3hH8lrHo9a17nQDxlqwybjDpHEIlggu3QUKIbALqsGuHfJI3LTKJSNmk0YCFb5oz1hjJidRMk',
                'userHandle' => 'MJr5sD0WitVwZM0eoSO6kWhyseT67vc3oQdk_k1VdZQ',
                'counter' => 0,
            ],
            $credential
        );
    }
}