Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write tests using Chrome's virtual authenticator API #31

Open
lgarron opened this issue Oct 5, 2020 · 4 comments
Open

Write tests using Chrome's virtual authenticator API #31

lgarron opened this issue Oct 5, 2020 · 4 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@lgarron
Copy link
Contributor

lgarron commented Oct 5, 2020
edited

I've held off on writing thorough tests, because getting a good mock WebAuthn authenticator working was a bit daunting. However, Chrome's DevTools protocol now supports virtual authenticators: https://chromedevtools.github.io/devtools-protocol/tot/WebAuthn/

This should make it possible to write fairly robust tests.

I haven't set up a GitHub action testing using the DevTools protocol, so we could use some help if anyone is familiar with how to set that up.
@lgarron lgarron added enhancement New feature or request help wanted Extra attention is needed labels Oct 5, 2020
@halo
Copy link

halo commented Apr 19, 2022
edited

Using Capybara and the webauthn gem, I was able to get integration tests working in a Rails environment. I thought I'd post it here for a kickstart (which testing-stack are you intending to use, by the way?).

To my surprise, recent versions of selenium/webdrivers support this out-of-the-box.

# Setup is only possible *after* an initial request (visit in Capybara) has been made.
visit '/login'

# Ensure same-origin
WebAuthn.configuration.origin = Capybara.current_session.server.base_url

# Enable virtual authenticators in browser
devtools = page.driver.browser.devtools
devtools.send_cmd 'WebAuthn.enable'

# Create an Authenticator
# See https://chromedevtools.github.io/devtools-protocol/tot/WebAuthn/#type-VirtualAuthenticatorOptions
options = {
  protocol: :ctap2,
  transport: :internal,
  hasResidentKey: false, # Chrome should not have to reveal a list of existing virtual authenticator IDs.
  # isUserConsenting: true, # Not sure, this option exists in selenium but not in chrome?
  hasUserVerification: true,
  isUserVerified: true,
}
attributes = record.devtools.send_cmd 'WebAuthn.addVirtualAuthenticator', options: options
id = attributes.dig('result', 'authenticatorId')

# Make sure to tear down after each test because it will interfere with further tests
devtools.send_cmd 'WebAuthn.removeVirtualAuthenticator', authenticatorId: id
devtools.send_cmd 'WebAuthn.disable'

@halo
Copy link

halo commented Aug 14, 2022

Thanks to this commit it just got much simpler:

visit '/login'

options = ::Selenium::WebDriver::VirtualAuthenticatorOptions.new
page.driver.browser.add_virtual_authenticator(options)

click_on 'Start the registration ceremony using my new hardware key'

@lgarron
Copy link
Contributor Author

lgarron commented Aug 16, 2022

Thanks to this commit it just got much simpler:

Thanks!

Just to be transparent, though: In the interest of keeping this library as easy as possible to maintain for its limited remaining lifetime, I think any JS testing framework would be preferable over Ruby (or over any other separate language).

@halo
Copy link

halo commented Aug 16, 2022

I completely agree, thanks for being clear. I just wanted to post this as a heads-up that selenium is in the progress of directly implementing those DevTools calls. Three months ago JS got them as well. Good luck!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@halo @lgarron