mirror of
https://chromium.googlesource.com/chromium/tools/depot_tools.git
synced 2026-01-11 02:31:29 +00:00
59e46a5d18
This plugin handles FIDO2 security keys for doing auth and integrates with luci-auth (specifically git-credential-luci). (It's in Python because tl;dr the Python library is much better.) Bug: 433851494 Change-Id: Ib956b614588aad8ad4fda7619bfbae17a670438f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6804585 Reviewed-by: Scott Lee <ddoman@chromium.org> Commit-Queue: Allen Li <ayatane@chromium.org>
70 lines
2.2 KiB
Python
Executable File
70 lines
2.2 KiB
Python
Executable File
#!/usr/bin/env vpython3
|
|
# coding=utf-8
|
|
# Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# [VPYTHON:BEGIN]
|
|
# python_version: "3.11"
|
|
# wheel: <
|
|
# name: "infra/python/wheels/cffi/${vpython_platform}"
|
|
# version: "version:1.15.1.chromium.2"
|
|
# >
|
|
# wheel: <
|
|
# name: "infra/python/wheels/cryptography/${vpython_platform}"
|
|
# version: "version:43.0.0"
|
|
# >
|
|
# wheel: <
|
|
# name: "infra/python/wheels/pycparser-py2_py3"
|
|
# version: "version:2.21"
|
|
# >
|
|
# wheel: <
|
|
# name: "infra/python/wheels/fido2-py3"
|
|
# version: "version:2.0.0"
|
|
# >
|
|
# [VPYTHON:END]
|
|
"""Unit tests for luci_auth_fido2_plugin.py."""
|
|
|
|
import logging
|
|
import os
|
|
import sys
|
|
import unittest
|
|
|
|
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
|
|
|
|
from fido2.webauthn import PublicKeyCredentialDescriptor
|
|
from fido2.webauthn import PublicKeyCredentialRequestOptions
|
|
from fido2.webauthn import PublicKeyCredentialType
|
|
from fido2.webauthn import UserVerificationRequirement
|
|
|
|
import luci_auth_fido2_plugin as plugin
|
|
|
|
|
|
class TestFido2Plugin(unittest.TestCase):
|
|
|
|
def test_parse_plugin_request(self):
|
|
req = b'{"type":"get","origin":"https://accounts.google.com","requestData":{"rpId":"google.com","challenge":"alice-==","timeout":30000,"allowCredentials":[{"type":"public-key","id":"key="}],"userVerification":"preferred","extensions":{"appid":"google.com"}}}'
|
|
got = plugin.parse_plugin_request(req)
|
|
want = plugin.PluginRequest(
|
|
origin='https://accounts.google.com',
|
|
public_key_credential_request=PublicKeyCredentialRequestOptions(
|
|
challenge=b'jX\x9c{',
|
|
timeout=30_000,
|
|
rp_id='google.com',
|
|
allow_credentials=[
|
|
PublicKeyCredentialDescriptor(
|
|
type=PublicKeyCredentialType.PUBLIC_KEY,
|
|
id=b'\x91\xec',
|
|
)
|
|
],
|
|
user_verification=UserVerificationRequirement.DISCOURAGED,
|
|
),
|
|
)
|
|
self.assertEqual(got, want)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
logging.basicConfig(
|
|
level=logging.DEBUG if '-v' in sys.argv else logging.ERROR)
|
|
unittest.main()
|