added "verbose" flag

passwordless-id · Jan 2, 2024 · 7a7d1af · 7a7d1af
1 parent ca95606
commit 7a7d1af
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ import * as webauthn from '@passwordless-id/webauthn'
 
 ```html
 <script type="module">
-  import { client } from 'https://unpkg.com/@passwordless-id/[email protected].2/dist/webauthn.min.js'
+  import { client } from 'https://unpkg.com/@passwordless-id/[email protected].3/dist/webauthn.min.js'
 </script>
 ```
 ### Import
@@ -310,7 +310,8 @@ const expected = {
     challenge: async (challenge) => { /* async call to DB for example */ return true },
     origin: (origin) => listOfAllowedOrigins.includes(origin),
     userVerified: true, // no function allowed here
-    counter: 123  // optional, no function allowed here
+    counter: 123,  // optional, no function allowed here
+    verbose: true, // optional, enables debug logs containing sensitive information
 }
 ```
 

diff --git a/demos/example-cdn.html b/demos/example-cdn.html
@@ -10,7 +10,7 @@
 
 
 <script type="module">
-import { client } from 'https://unpkg.com/@passwordless-id/[email protected].2/dist/webauthn.min.js'
+import { client } from 'https://unpkg.com/@passwordless-id/[email protected].3/dist/webauthn.min.js'
 
 window.register = async function() {
 	console.log('Registering...')

diff --git a/dist/webauthn.min.js b/dist/webauthn.min.js
diff --git a/dist/webauthn.min.js.map b/dist/webauthn.min.js.map
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@passwordless-id/webauthn",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "A small wrapper around the webauthn protocol to make one's life easier.",
   "type": "module",
   "main": "dist/esm/index.js",

diff --git a/src/authenticators.ts b/src/authenticators.ts
@@ -3,9 +3,9 @@ import * as utils from './utils.js'
 
 
 export function parseAuthBuffer(authData :ArrayBuffer) {
-    console.debug(authData)
+    //console.debug(authData)
     let flags = new DataView(authData.slice(32,33)).getUint8(0)
-    console.debug(flags)
+    //console.debug(flags)
 
     // https://w3c.github.io/webauthn/#sctn-authenticator-data
     let parsed :any = {

diff --git a/src/server.ts b/src/server.ts
@@ -46,7 +46,8 @@ interface AuthenticationChecks {
     challenge: string | Function,
     origin: string | Function,
     userVerified: boolean,
-    counter?: number // Made optional according to https://github.com/passwordless-id/webauthn/issues/38
+    counter?: number, // Made optional according to https://github.com/passwordless-id/webauthn/issues/38
+    verbose?: boolean
 }
 
 
@@ -59,7 +60,8 @@ export async function verifyAuthentication(authenticationRaw: AuthenticationEnco
         publicKey: credential.publicKey,
         authenticatorData: authenticationRaw.authenticatorData,
         clientData: authenticationRaw.clientData,
-        signature: authenticationRaw.signature
+        signature: authenticationRaw.signature,
+        verbose: expected.verbose
     })
 
     if(!isValidSignature)
@@ -140,6 +142,7 @@ type VerifyParams = {
     authenticatorData: string, // Base64url encoded
     clientData: string, // Base64url encoded
     signature: string, // Base64url encoded
+    verbose?: boolean, // Enables debug logs containing sensitive data like crypto keys
 }
 
 
@@ -154,20 +157,25 @@ type VerifyParams = {
 [...] For COSEAlgorithmIdentifier -37 (PS256) [...] The signature is not ASN.1 wrapped.
 */
 // see also https://gist.github.com/philholden/50120652bfe0498958fd5926694ba354
-export async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature }: VerifyParams): Promise<boolean> {
+export async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature, verbose }: VerifyParams): Promise<boolean> {
     const algoParams = getAlgoParams(algorithm)
     let cryptoKey = await parseCryptoKey(algoParams, publicKey)
-    console.debug(cryptoKey)
+
+    if(verbose) {
+        console.debug(cryptoKey)
+    }
 
     let clientHash = await utils.sha256(utils.parseBase64url(clientData));
 
     // during "login", the authenticatorData is exactly 37 bytes
     let comboBuffer = utils.concatenateBuffers(utils.parseBase64url(authenticatorData), clientHash)
 
-    console.debug('Crypto Algo: ' + JSON.stringify(algoParams))
-    console.debug('Public key: ' + publicKey)
-    console.debug('Data: ' + utils.toBase64url(comboBuffer))
-    console.debug('Signature: ' + signature)
+    if(verbose) {
+        console.debug('Crypto Algo: ' + JSON.stringify(algoParams))
+        console.debug('Public key: ' + publicKey)
+        console.debug('Data: ' + utils.toBase64url(comboBuffer))
+        console.debug('Signature: ' + signature)
+    }
 
     // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify
     let signatureBuffer = utils.parseBase64url(signature)