Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jans fido2 replace requested parties 9248 #9586

Merged
merged 4 commits into from
Sep 25, 2024
Merged

Jans fido2 replace requested parties 9248 #9586

merged 4 commits into from
Sep 25, 2024

Conversation

imran-ishaq
Copy link

@imran-ishaq imran-ishaq commented Sep 24, 2024
edited
Loading

Prepare

Description

Target issue

closes #9248

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@imran-ishaq
feat(jans-fido2): changed function type to be accessible and replaced…
c587a4f 
… requestParties name and domain with id and origins

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
@imran-ishaq
feat(jans-fido2): add test cases for createRpDomain function in Attes…
889edbc 
…tationServiceTest Class

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 24, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on the implementation and testing of the FIDO2 authentication protocol in the Jans server and related components, including refactoring of the RequestedParties struct, addition of new test cases, updates to the FIDO plugin, and modification of the AttestationService class.

Expand for full summary

Summary:

The changes in this pull request are focused on the implementation and testing of the FIDO2 (Fast IDentity Online) authentication protocol in the Jans server and related components. The key changes include:

  1. Refactoring of the RequestedParties struct in the fido2_config.go file, where the Name field has been renamed to Id and the Domains field has been renamed to Origins. This appears to be a structural change to better align with the FIDO2 specification.

  2. Addition of new test cases in the AttestationServiceTest class, which verify the correct creation of Relying Party (RP) domains. These tests help ensure the security and reliability of the FIDO2 authentication process.

  3. Updates to the FIDO plugin in the jans-cli-tui project, where the labels and field names for the "Requested Parties" feature have been changed to match the updated terminology (Name -> Id, Domains -> Origins).

  4. Modification of the AttestationService class in the jans-fido2 project, where the createRpDomain method has been made public, potentially for use by other parts of the application.

From an application security perspective, these changes appear to be focused on improving the overall security and reliability of the FIDO2 implementation. The renaming of fields and updates to the test suite suggest an effort to align the codebase with the FIDO2 specification, which is a positive step. However, it's important to ensure that the changes do not introduce any unintended security vulnerabilities, particularly in the areas of RP domain validation, credential management, and the external interception feature.

Files Changed:

  1. terraform-provider-jans/jans/fido2_config.go: The changes in this file involve the renaming of fields in the RequestedParties struct, which is part of the Fido2 configuration. This refactoring aligns the code with the FIDO2 specification.

  2. jans-fido2/server/src/test/java/io/jans/fido2/service/AttestationServiceTest.java: The changes in this file add new test cases to verify the correct creation of Relying Party (RP) domains, which is an important aspect of the FIDO2 authentication process.

  3. jans-cli-tui/cli_tui/plugins/020_fido/main.py: The changes in this file update the FIDO plugin to use the new field names (id and origins) for the "Requested Parties" feature, reflecting the updates made in the fido2_config.go file.

  4. jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java: The changes in this file make the createRpDomain method public, which could potentially allow it to be used by other parts of the application.

  5. terraform-provider-jans/provider/resource_fido2_configuration_test.go: The changes in this file align with the updates made to the RequestedParties struct in the fido2_config.go file, renaming the Name field to Id and the Domains field to Origins.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@imran-ishaq imran-ishaq marked this pull request as ready for review September 24, 2024 16:20
@imran-ishaq imran-ishaq merged commit 144b714 into passkeys-project Sep 25, 2024
11 checks passed
@imran-ishaq imran-ishaq deleted the jans-fido2-replace-requested-parties_9248 branch September 25, 2024 11:12
moabu pushed a commit that referenced this pull request Nov 7, 2024
@imran-ishaq @moabu
Jans fido2 replace requested parties 9248 (#9586)
41df57d 
* feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

* feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

---------

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devrimyatar devrimyatar Awaiting requested review from devrimyatar devrimyatar is a code owner

@yurem yurem Awaiting requested review from yurem yurem is a code owner

@yackermann yackermann Awaiting requested review from yackermann yackermann is a code owner

@moabu moabu Awaiting requested review from moabu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@imran-ishaq