Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[deps]: Update nuget minor #755

Merged
merged 2 commits into from
Nov 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/AdminConsole/AdminConsole.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<ItemGroup>
<PackageReference Include="Azure.Extensions.AspNetCore.DataProtection.Keys" Version="1.2.4" />
<PackageReference Include="Azure.Identity" Version="1.13.0" />
<PackageReference Include="Azure.Identity" Version="1.13.1" />
<PackageReference Include="Datadog.Trace" Version="3.2.0" />
<PackageReference Include="Humanizer.Core" Version="2.14.1" />
<PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="8.0.10" />
Expand Down
6 changes: 3 additions & 3 deletions src/Common/Common.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Fido2" Version="4.0.0-beta.13" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.13" />
<PackageReference Include="Fido2" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.14" />
<PackageReference Include="HtmlSanitizer" Version="8.2.871-beta" />
<PackageReference Include="MailKit" Version="4.8.0" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.10" />
Expand All @@ -18,7 +18,7 @@
<PackageReference Include="Serilog.Sinks.Seq" Version="8.0.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.9.0" />
<PackageReference Include="System.Configuration.ConfigurationManager" Version="8.0.1" />
<PackageReference Include="AWSSDK.SimpleEmailV2" Version="3.7.403.1" />
<PackageReference Include="AWSSDK.SimpleEmailV2" Version="3.7.404" />
<PackageReference Include="SendGrid" Version="9.29.3" />
</ItemGroup>

Expand Down
57 changes: 33 additions & 24 deletions src/Service/Fido2Service.cs
Original file line number Diff line number Diff line change
Expand Up @@ -182,15 +182,21 @@ public async Task<TokenResponse> RegisterCompleteAsync(RegistrationCompleteDTO r

var fido2 = GetFido2Instance(request, _metadataService);

MakeNewCredentialResult success;
RegisteredPublicKeyCredential success;

try
{
success = await fido2.MakeNewCredentialAsync(request.Response, session.Options, async (args, _) =>
var makeNewCredentialParams = new MakeNewCredentialParams
{
bool exists = await _storage.ExistsAsync(args.CredentialId);
return !exists;
});
AttestationResponse = request.Response,
OriginalOptions = session.Options,
IsCredentialIdUniqueToUserCallback = async (args, _) =>
{
bool exists = await _storage.ExistsAsync(args.CredentialId);
return !exists;
}
};
success = await fido2.MakeNewCredentialAsync(makeNewCredentialParams);
}
catch (Fido2VerificationException e)
{
Expand All @@ -204,13 +210,13 @@ public async Task<TokenResponse> RegisterCompleteAsync(RegistrationCompleteDTO r
{
var configuredAuthenticators = await _storage.GetAuthenticatorsAsync();
var blacklist = configuredAuthenticators.Where(x => !x.IsAllowed).ToImmutableList();
if (blacklist.Any() && blacklist.Any(x => x.AaGuid == success.Result!.AaGuid))
if (blacklist.Any() && blacklist.Any(x => x.AaGuid == success.AaGuid))
{
throw new ApiException("authenticator_not_allowed", "The authenticator is on the blocklist and is not allowed to be used for registration.", 400);
}

var whitelist = configuredAuthenticators.Where(x => x.IsAllowed).ToImmutableList();
if (whitelist.Any() && whitelist.All(x => x.AaGuid != success.Result!.AaGuid))
if (whitelist.Any() && whitelist.All(x => x.AaGuid != success.AaGuid))
{
if (session.Options.Attestation == AttestationConveyancePreference.None)
{
Expand All @@ -220,7 +226,7 @@ public async Task<TokenResponse> RegisterCompleteAsync(RegistrationCompleteDTO r
}
}

var userId = Encoding.UTF8.GetString(success.Result.User.Id);
var userId = Encoding.UTF8.GetString(success.User.Id);

// Add aliases
try
Expand All @@ -237,25 +243,25 @@ public async Task<TokenResponse> RegisterCompleteAsync(RegistrationCompleteDTO r
}

var now = _timeProvider.GetUtcNow().UtcDateTime;
var descriptor = new PublicKeyCredentialDescriptor(success.Result.Id);
var descriptor = new PublicKeyCredentialDescriptor(success.Id);

await _storage.AddCredentialToUser(session.Options.User, new StoredCredential
{
Descriptor = descriptor,
PublicKey = success.Result.PublicKey,
UserHandle = success.Result.User.Id,
SignatureCounter = success.Result.SignCount,
AttestationFmt = success.Result.AttestationFormat,
PublicKey = success.PublicKey,
UserHandle = success.User.Id,
SignatureCounter = success.SignCount,
AttestationFmt = success.AttestationFormat,
CreatedAt = now,
LastUsedAt = now,
Device = deviceInfo,
Country = country,
AaGuid = success.Result.AaGuid,
AaGuid = success.AaGuid,
RPID = request.RPID,
Origin = request.Origin,
Nickname = request.Nickname,
BackupState = success.Result.IsBackedUp,
IsBackupEligible = success.Result.IsBackupEligible,
BackupState = success.IsBackedUp,
IsBackupEligible = success.IsBackupEligible,
IsDiscoverable = request.Response.ClientExtensionResults?.CredProps?.Rk,
});

Expand All @@ -266,7 +272,7 @@ public async Task<TokenResponse> RegisterCompleteAsync(RegistrationCompleteDTO r
Origin = request.Origin,
RpId = session.Options.Rp.Id,
Timestamp = _timeProvider.GetUtcNow().UtcDateTime,
CredentialId = success.Result.Id,
CredentialId = success.Id,
Device = deviceInfo,
Country = country,
Nickname = request.Nickname,
Expand Down Expand Up @@ -383,13 +389,16 @@ public async Task<TokenResponse> SignInCompleteAsync(SignInCompleteDTO request,

// Make the assertion
var storedCredentials = (await _storage.GetCredentialsByUserIdAsync(request.Session)).Select(c => c.PublicKey).ToList();
var res = await fido2.MakeAssertionAsync(
request.Response,
authenticationSessionConfiguration.Options,
credential.PublicKey,
storedCredentials,
credential.SignatureCounter,
callback);
var makeAssertionParams = new MakeAssertionParams
{
AssertionResponse = request.Response,
OriginalOptions = authenticationSessionConfiguration.Options,
StoredPublicKey = credential.PublicKey,
StoredDevicePublicKeys = storedCredentials,
StoredSignatureCounter = credential.SignatureCounter,
IsUserHandleOwnerOfCredentialIdCallback = callback
};
var res = await fido2.MakeAssertionAsync(makeAssertionParams);

// Store the updated counter
await _storage.UpdateCredential(res.CredentialId, res.SignCount, country, device);
Expand Down
6 changes: 3 additions & 3 deletions src/Service/Service.csproj
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
<Project Sdk="Microsoft.NET.Sdk">

<ItemGroup>
<PackageReference Include="Fido2" Version="4.0.0-beta.13" />
<PackageReference Include="Fido2.AspNet" Version="4.0.0-beta.13" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.13" />
<PackageReference Include="Fido2" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.AspNet" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.14" />
<PackageReference Include="Humanizer.Core" Version="2.14.1" />
<PackageReference Include="MessagePack" Version="2.5.187" />
<PackageReference Include="MessagePackAnalyzer" Version="2.5.187">
Expand Down
2 changes: 1 addition & 1 deletion tests/Api.IntegrationTests/Api.IntegrationTests.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.10"/>
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" Version="8.10.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1"/>
<PackageReference Include="Selenium.WebDriver" Version="4.25.0"/>
<PackageReference Include="Selenium.WebDriver" Version="4.26.1"/>
<PackageReference Include="Testcontainers.MsSql" Version="3.10.0"/>
<PackageReference Include="xunit" Version="2.9.2"/>
<PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ public async Task I_can_retrieve_assertion_options_to_begin_sign_in()
signInResponse.Should().NotBeNull();
signInResponse!.Session.Should().StartWith("session_");
signInResponse.Data.RpId.Should().Be(request.RPID);
signInResponse.Data.Status.Should().Be("ok");
}

[Fact]
Expand Down
Loading