search

cedarcode / webauthn-ruby

WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
https://rubygems.org/gems/webauthn
MIT License
644 stars 51 forks source link

Facing error when verify registration #411

Closed ch0ngxian closed 10 months ago

ch0ngxian commented 10 months ago

I am implement passkey login using @github/webauthn-json for front-end and webauthn-ruby for my Rails backend. Below is a code segment to handle the request for the registration

webauthn_id = WebAuthn.generate_user_id
options = WebAuthn::Credential.options_for_create(
  user: { id: webauthn_id, name: user.email }
)

And then verify it in another method inside controller

webauthn_credential = WebAuthn::Credential.from_create(params[:credential])
webauthn_credential.verify(params[:challenge])

But I facing error when from the verify method. It is an error throw from bindata gem which is the dependency of webauthn-ruby.

{
    "error": {
        "type": "ServerError",
        "message": "Something went wrong",
        "code": "something_went_wrong",
        "_type": "NoMethodError"
    },
    "backtrace": [
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/lazy.rb:71:in `method_missing'",
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/lazy.rb:31:in `lazy_eval'",
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/base.rb:113:in `eval_parameter'",
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/string.rb:89:in `clamp_to_length'",
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/string.rb:74:in `snapshot'",
        "ruby/3.1.0/gems/bindata-2.4.15/lib/bindata/base_primitive.rb:98:in `respond_to?'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:55:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:175:in `block in as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:174:in `each'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:174:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:58:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:175:in `block in as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:174:in `each'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:174:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:58:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:154:in `block in as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:154:in `map'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:154:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:136:in `as_json'",
        "ruby/3.1.0/gems/activesupport-6.1.6.1/lib/active_support/core_ext/object/json.rb:175:in `block in as_json'"
    ]
}

Below is the options data and credential data as reference:

{
    "challenge": "b8sJPRE1UJ8KVbAYMIG93-waUx7A20RtUorwwR-osm4",
    "timeout": 120000,
    "extensions": {},
    "rp": {
        "name": "EasyStore"
    },
    "user": {
        "name": "chongxian@easystore.co",
        "id": "9IviYF6ZysIEqSIe91RttfTs-_Km7YnNONYxNhMhaYO943GV3Mr3y539jpe0-bD-B0-qBXfAWKVyzpUkCOaJqw",
        "displayName": "chongxian@easystore.co"
    },
    "pubKeyCredParams": [
        {
            "type": "public-key",
            "alg": -7
        },
        {
            "type": "public-key",
            "alg": -37
        },
        {
            "type": "public-key",
            "alg": -257
        }
    ]
}
{
  "email": "chongxian@easystore.co",
  "credential": {
    "type": "public-key",
    "id": "HBKq_mulCATSAdC-SSzRB3heNjzCKJeGp5A2AXNC_M8",
    "rawId": "HBKq_mulCATSAdC-SSzRB3heNjzCKJeGp5A2AXNC_M8",
    "authenticatorAttachment": "platform",
    "response": {
      "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiYjhzSlBSRTFVSjhLVmJBWU1JRzkzLXdhVXg3QTIwUnRVb3J3d1Itb3NtNCIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
      "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFAAAAAK3OAAI1vMYKZIsLJfHwVQMAIBwSqv5rpQgE0gHQvkks0Qd4XjY8wiiXhqeQNgFzQvzPpQECAyYgASFYIClRIV9f-EJGhgmt7tGSFukhjjjZQX3krpKk58tWfcJ8IlggTWiCFfDBNCwOme5y7mPGc-oDcMXme1BS_0mrg8uuLY4",
      "transports": ["internal"]
    },
    "clientExtensionResults": {}
  },
  "challenge": "b8sJPRE1UJ8KVbAYMIG93-waUx7A20RtUorwwR-osm4"
}
ch0ngxian commented 10 months ago

I think I found the issue, it is actually not really related to the verify registration method. The error is come from when I storing sign_count or return sign_count in response JSON, my Rails backend facing issue when converting BinData::Bit32 inside JSON.

ch0ngxian commented 10 months ago

I can solve the issue by doing

webauthn_credential.sign_count.to_i