Merge branch 'master' into fix/439

passwordless-lib · Dec 5, 2023 · b4e7753 · b4e7753
2 parents cda980b + 145034a
commit b4e7753
Show file tree

Hide file tree

Showing 9 changed files with 266 additions and 71 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,195 @@
+name: master
+
+on:
+  workflow_dispatch:
+    inputs:
+      force_version:
+        description: "The version to use"
+        required: true
+        default: "0.0.0-test"
+        type: string
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  release:
+    types:
+      - published
+
+env:
+  # Setting these variables allows .NET CLI to use rich color codes in console output
+  TERM: xterm
+  DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: true
+  # Skip boilerplate output
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+
+jobs:
+  # Determine version
+  version:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Determine stable version
+        id: stable-version
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          if ! [[ "${{ github.event.release.tag_name }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z].*)?$ ]]; then
+              echo "Invalid version: ${{ github.event.release.tag_name }}"
+              exit 1
+          fi
+          
+          echo "version=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+
+      - name: Determine prerelease version
+        id: pre-version
+        if: ${{ github.event_name != 'release' }}
+        run: |
+          hash="${{ github.event.pull_request.head.sha || github.sha }}"
+          echo "version=0.0.0-ci-${hash:0:7}" >> $GITHUB_OUTPUT
+
+    outputs:
+      version: ${{ github.event.inputs.force_version || steps.stable-version.outputs.version || steps.pre-version.outputs.version }}
+
+  # Check formatting
+#   format:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+
+#       - name: Install .NET
+#         uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a # v3.0.3
+
+#       - name: Validate format
+#         run: dotnet format --verify-no-changes
+
+  # Run tests
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          # Windows runners don't support Linux Docker containers (needed for tests),
+          # so we currently cannot run tests on Windows.
+          # - windows-latest
+
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+
+      - name: Install .NET
+        uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a # v3.0.3
+
+      - name: Run restore
+        run: dotnet restore
+
+      - name: Run build
+        run: >
+          dotnet build
+          --no-restore
+          --configuration Release
+
+      - name: Run tests
+        run: >
+          dotnet test
+          --no-restore
+          --no-build
+          --configuration Release
+          ${{ runner.os == 'Windows' && '-p:IncludeNetCoreAppTargets=false' || '' }}
+          --logger "trx;LogFileName=pw-test-results.trx"
+          --
+          RunConfiguration.CollectSourceInformation=true
+
+  # Pack the output into NuGet packages
+  pack:
+    needs: version
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+
+      - name: Install .NET
+        uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a # v3.0.3
+
+      - name: Run restore
+        run: dotnet restore
+
+      - name: Run build
+        run: >
+          dotnet build
+          --no-restore
+          --configuration Release
+          -p:ContinuousIntegrationBuild=true
+          -p:Version=${{ needs.version.outputs.version }}
+          
+      - name: Run pack
+        run: >
+          dotnet pack
+          -p:Version=${{ needs.version.outputs.version }}
+          -p:ContinuousIntegrationBuild=true
+          --no-restore
+          --no-build
+          --configuration Release
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        with:
+          name: packages
+          path: "**/*.nupkg"
+
+  # Deploy the NuGet packages to the corresponding registries
+  deploy:
+    needs:
+      # Technically, it's not required for the format job to succeed for us to push the package,
+      # so we may consider removing it as a prerequisite here.
+    #   - format
+      - test
+      - pack
+
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      packages: write
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: packages
+
+      - name: Install .NET
+        uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a # v3.0.3
+
+      # Publish to GitHub package registry every time, whether it's a prerelease
+      # version or a stable release version.
+      - name: Publish packages (GitHub Registry)
+        run: >
+          dotnet nuget push **/*.nupkg
+          --source https://nuget.pkg.github.com/passwordless-lib/index.json
+          --api-key ${{ secrets.GITHUB_TOKEN }}
+
+      # Only publish to NuGet on stable releases
+    #   - name: Publish packages (NuGet Registry)
+    #     if: ${{ github.event_name == 'release' }}
+    #     run: >
+    #       dotnet nuget push **/*.nupkg
+    #       --source https://api.nuget.org/v3/index.json
+    #       --api-key ${{ secrets.nuget_api_key }}
diff --git a/Src/Directory.Build.props b/Src/Directory.Build.props
@@ -14,6 +14,6 @@
   <!-- Projects inside "./src" should generate packages -->
   <PropertyGroup>
     <IsPackable>true</IsPackable>
-    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
   </PropertyGroup>
 </Project>
diff --git a/Src/Fido2.Models/AssertionOptions.cs b/Src/Fido2.Models/AssertionOptions.cs
@@ -24,7 +24,7 @@ public class AssertionOptions : Fido2ResponseBase
     /// This member specifies a time, in milliseconds, that the caller is willing to wait for the call to complete. This is treated as a hint, and MAY be overridden by the client.
     /// </summary>
     [JsonPropertyName("timeout")]
-    public uint Timeout { get; set; }
+    public ulong Timeout { get; set; }
 
     /// <summary>
     /// This OPTIONAL member specifies the relying party identifier claimed by the caller.If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain

diff --git a/Src/Fido2.Models/CredentialCreateOptions.cs b/Src/Fido2.Models/CredentialCreateOptions.cs
@@ -43,14 +43,14 @@ public sealed class CredentialCreateOptions : Fido2ResponseBase
     /// This member specifies a time, in milliseconds, that the caller is willing to wait for the call to complete. This is treated as a hint, and MAY be overridden by the platform.
     /// </summary>
     [JsonPropertyName("timeout")]
-    public long Timeout { get; set; }
+    public ulong Timeout { get; set; }
 
     /// <summary>
     /// This member is intended for use by Relying Parties that wish to express their preference for attestation conveyance.The default is none.
     /// </summary>
     [JsonPropertyName("attestation")]
-    public AttestationConveyancePreference Attestation { get; set; } = AttestationConveyancePreference.None;
-
+    public AttestationConveyancePreference Attestation { get; set; } = AttestationConveyancePreference.None;
+
     /// <summary>
     /// This member is intended for use by Relying Parties that wish to select the appropriate authenticators to participate in the create() operation.
     /// </summary>
@@ -225,7 +225,7 @@ public ResidentKeyRequirement ResidentKey
     /// </summary>
     [Obsolete("Use property ResidentKey.")]
     [JsonPropertyName("requireResidentKey")]
-    public bool RequireResidentKey
+    public bool RequireResidentKey
     {
         get => _requireResidentKey;
         set

diff --git a/Src/Fido2/Fido2.cs b/Src/Fido2/Fido2.cs
@@ -58,18 +58,18 @@ public CredentialCreateOptions RequestNewCredential(
     /// Verifies the response from the browser/authenticator after creating new credentials.
     /// </summary>
     /// <param name="attestationResponse">The attestation response from the authenticator.</param>
-    /// <param name="origChallenge">The original options that was sent to the client.</param>
+    /// <param name="originalOptions">The original options that was sent to the client.</param>
     /// <param name="isCredentialIdUniqueToUser">The delegate used to validate that the CredentialID is unique to this user.</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
     /// <returns></returns>
     public async Task<MakeNewCredentialResult> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
-        CredentialCreateOptions origChallenge,
+        CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
         CancellationToken cancellationToken = default)
     {
         var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
-        var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken);
+        var success = await parsedResponse.VerifyAsync(originalOptions, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken);
 
         // todo: Set Errormessage etc.
         return new MakeNewCredentialResult(

diff --git a/Src/Fido2/IFido2.cs b/Src/Fido2/IFido2.cs
@@ -9,8 +9,8 @@ namespace Fido2NetLib;
 public interface IFido2
 {
     AssertionOptions GetAssertionOptions(
-        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
-        UserVerificationRequirement? userVerification,
+        IEnumerable<PublicKeyCredentialDescriptor> allowedCredentials,
+        UserVerificationRequirement? userVerification,
         AuthenticationExtensionsClientInputs? extensions = null);
 
     Task<VerifyAssertionResult> MakeAssertionAsync(
@@ -24,7 +24,7 @@ Task<VerifyAssertionResult> MakeAssertionAsync(
 
     Task<MakeNewCredentialResult> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
-        CredentialCreateOptions origChallenge,
+        CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
         CancellationToken cancellationToken = default);
 

diff --git a/Test/Attestation/Apple.cs b/Test/Attestation/Apple.cs
@@ -233,7 +233,7 @@ public async Task TestApplePublicKeyMismatch()
             }
         };
 
-        var origChallenge = new CredentialCreateOptions
+        var originalOptions = new CredentialCreateOptions
         {
             Attestation = AttestationConveyancePreference.Direct,
             AuthenticatorSelection = new AuthenticatorSelection
@@ -271,7 +271,7 @@ public async Task TestApplePublicKeyMismatch()
             Origins = new HashSet<string> { "https://www.passwordless.dev" },
         });
 
-        var credentialMakeResult = await lib.MakeNewCredentialAsync(attestationResponse, origChallenge, callback);
+        var credentialMakeResult = await lib.MakeNewCredentialAsync(attestationResponse, originalOptions, callback);
     }
 
     private string[] StackAllocSha256(byte[] authData, byte[] clientDataJson)