Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce a new constructor for WebAuthnProcessingFilter #1158

Merged
merged 3 commits into from
Mar 11, 2023
Merged

Introduce a new constructor for WebAuthnProcessingFilter #1158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
32664e0
Merge pull request #2 from webauthn4j/master
TGITS Feb 14, 2023
cef18bd
Merge pull request #3 from webauthn4j/master
TGITS Mar 9, 2023
73d1a3f
A proposition to introduce a new constructor for WebAuthnProcessingFi…
Mar 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 23 additions & 5 deletions ...-core/src/main/java/com/webauthn4j/springframework/security/WebAuthnProcessingFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,10 @@


/**
* Processes a WebAuthn authentication form submission. For supporting username/password authentication for first step of
* two step authentication, if credentialId is not found in the HTTP request, this filter try to find username/password
* parameters.
* Processes a WebAuthn authentication form submission.
* <p>
* For supporting the username/password authentication in the first step of a two factors authentication,
* if credentialId is not found in the HTTP request, this filter try to find username/password parameters.
* <p>
* Login forms must present WebAuthn parameters (credentialId, clientDataJSON, authenticatorData,signature and
* clientExtensionJSON) or Password authentication parameters (username and password).
Expand Down Expand Up @@ -75,7 +76,7 @@ public class WebAuthnProcessingFilter extends UsernamePasswordAuthenticationFilt
private String clientExtensionsJSONParameter = SPRING_SECURITY_FORM_CLIENT_EXTENSIONS_JSON_KEY;

private ServerPropertyProvider serverPropertyProvider;
private UserVerificationStrategy userVerificationStrategy = new DefaultUserVerificationStrategy();
private UserVerificationStrategy userVerificationStrategy;

private boolean postOnly = true;

Expand All @@ -91,7 +92,7 @@ public WebAuthnProcessingFilter() {
}

/**
* Constructor
* Constructor which initializes the filter with a default user verification strategy
*
* @param authorities authorities for FirstOfMultiFactorAuthenticationToken
* @param serverPropertyProvider provider for ServerProperty
Expand All @@ -101,6 +102,23 @@ public WebAuthnProcessingFilter(List<GrantedAuthority> authorities, ServerProper
Assert.notNull(serverPropertyProvider, "serverPropertyProvider must not be null");
this.authorities = authorities;
this.serverPropertyProvider = serverPropertyProvider;
this.userVerificationStrategy = new DefaultUserVerificationStrategy();
}

/**
* Overloading constructor in which the user verification strategy with which initializing the filter can be specified
*
* @param authorities authorities for FirstOfMultiFactorAuthenticationToken
* @param serverPropertyProvider provider for ServerProperty
* @param userVerificationStrategy the user verification strategy to be used by the filter
*/
public WebAuthnProcessingFilter(List<GrantedAuthority> authorities, ServerPropertyProvider serverPropertyProvider, UserVerificationStrategy userVerificationStrategy) {
Assert.notNull(authorities, "authorities must not be null");
Assert.notNull(serverPropertyProvider, "serverPropertyProvider must not be null");
Assert.notNull(userVerificationStrategy, "userVerificationStrategy must not be null");
this.authorities = authorities;
this.serverPropertyProvider = serverPropertyProvider;
this.userVerificationStrategy = userVerificationStrategy;
}

// ~ Methods
Expand Down
11 changes: 10 additions & 1 deletion ...e/src/test/java/com/webauthn4j/springframework/security/WebAuthnProcessingFilterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,12 +247,21 @@ public void attemptAuthentication_test_with_wrong_port() {
}

@Test
public void constructor_test() {
public void first_constructor_test() {
ServerPropertyProvider serverPropertyProvider = mock(ServerPropertyProvider.class);
WebAuthnProcessingFilter webAuthnProcessingFilter = new WebAuthnProcessingFilter(AuthorityUtils.NO_AUTHORITIES, serverPropertyProvider);
assertThat(webAuthnProcessingFilter.getServerPropertyProvider()).isEqualTo(serverPropertyProvider);
assertThat(webAuthnProcessingFilter.getUserVerificationStrategy()).isNotNull();
}

@Test
public void second_constructor_test() {
ServerPropertyProvider serverPropertyProvider = mock(ServerPropertyProvider.class);
UserVerificationStrategy userVerificationStrategy = mock(UserVerificationStrategy.class);
WebAuthnProcessingFilter webAuthnProcessingFilter = new WebAuthnProcessingFilter(AuthorityUtils.NO_AUTHORITIES, serverPropertyProvider, userVerificationStrategy);
assertThat(webAuthnProcessingFilter.getServerPropertyProvider()).isEqualTo(serverPropertyProvider);
assertThat(webAuthnProcessingFilter.getUserVerificationStrategy()).isNotNull();
}


}