Suppressing unexpected errors with `WebAuthn::PublicKeyCredentialWith…

…Attestation#verify`
cedarcode · Oct 21, 2023 · bcfc5c0 · bcfc5c0
1 parent d897c1a
commit bcfc5c0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/lib/webauthn/public_key_credential_with_attestation.rb b/lib/webauthn/public_key_credential_with_attestation.rb
@@ -5,11 +5,15 @@
 
 module WebAuthn
   class PublicKeyCredentialWithAttestation < PublicKeyCredential
+    class InvalidChallengeError < Error; end
+
     def self.response_class
       WebAuthn::AuthenticatorAttestationResponse
     end
 
     def verify(challenge, user_verification: nil)
+      challenge.is_a?(String) || raise(InvalidChallengeError, "challenge must be a String. input challenge class: #{challenge.class}")
+
       super
 
       response.verify(encoder.decode(challenge), user_verification: user_verification)

diff --git a/spec/webauthn/public_key_credential_with_attestation_spec.rb b/spec/webauthn/public_key_credential_with_attestation_spec.rb
@@ -87,7 +87,15 @@
       end
     end
 
-    context "when challenge is invalid" do
+    context "when challenge class is invalid" do
+      it "raise error" do
+        expect {
+          public_key_credential.verify(nil)
+        }.to raise_error(WebAuthn::PublicKeyCredentialWithAttestation::InvalidChallengeError)
+      end
+    end
+
+    context "when challenge value is invalid" do
       it "fails" do
         expect {
           public_key_credential.verify(Base64.urlsafe_encode64("another challenge"))