Merge pull request #99 from silinternational/feature/rename-user

rename DynamoUser to WebauthnUser

Author: briskt

fixtures_test.go

@@ -38,7 +38,7 @@ func getDBConfig(ms *MfaSuite) baseTestConfig {
 	}
 }
 
-func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []DynamoUser {
+func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []WebauthnUser {
 	cred10 := webauthn.Credential{ID: []byte("C10")}
 	cred20 := webauthn.Credential{ID: []byte("C20")}
 	cred21 := webauthn.Credential{ID: []byte("C21")}
@@ -59,7 +59,7 @@ func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []DynamoUser {
 	apiKey2.Key = "1234567890123456"
 	apiKey2.Secret = "E286600E-3DBF-4C23-A0DA-9C55D448"
 
-	testUser0 := DynamoUser{
+	testUser0 := WebauthnUser{
 		ID:             apiKey0.Secret,
 		Name:           "Nancy_NoCredential",
 		DisplayName:    "Nancy NoCredential",
@@ -94,7 +94,7 @@ func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []DynamoUser {
 	testUser0.PublicKey = "somePublicKey"
 	testUser0.EncryptedPublicKey = "someEncryptedPublicKey"
 
-	for _, u := range []DynamoUser{testUser0, testUser1, testUser2} {
+	for _, u := range []WebauthnUser{testUser0, testUser1, testUser2} {
 		ms.NoError(u.encryptAndStoreCredentials(), "failed saving initial test user")
 	}
 
@@ -107,5 +107,5 @@ func getTestWebauthnUsers(ms *MfaSuite, config baseTestConfig) []DynamoUser {
 	ms.NoError(err, "failed to scan storage for new user entries")
 	ms.Equal(int32(3), results.Count, "Count:3", "initial data wasn't saved properly")
 
-	return []DynamoUser{testUser0, testUser1, testUser2}
+	return []WebauthnUser{testUser0, testUser1, testUser2}
 }

storage_test.go

@@ -37,7 +37,7 @@ func (ms *MfaSuite) TestStorage_StoreLoad() {
 			},
 			args: args{
 				key: "2B28BED1-1225-4EC9-98F9-EAB8FBCEDBA0",
-				item: &DynamoUser{
+				item: &WebauthnUser{
 					ID:          "2B28BED1-1225-4EC9-98F9-EAB8FBCEDBA0",
 					Name:        "test_user",
 					DisplayName: "Test User",
@@ -64,7 +64,7 @@ func (ms *MfaSuite) TestStorage_StoreLoad() {
 			}
 			ms.NoError(err, "unexpected error with Store()")
 
-			var user DynamoUser
+			var user WebauthnUser
 			ms.NoError(s.Load(tt.fields.Table, "uuid", tt.args.key, &user), "error with s.Load()")
 
 			ms.Equal(tt.args.key, user.ID, "incorrect user.ID")

u2fsimulator/u2fsimulator_test.go

@@ -17,6 +17,7 @@ func newHttpResponseWriter() *httpResponseWriter {
 		Headers: http.Header{},
 	}
 }
+
 func (w *httpResponseWriter) Header() http.Header {
 	return w.Headers
 }
@@ -49,7 +50,7 @@ func (us *U2fSuite) Test_U2fRegistration() {
 	httpRequest, err := http.NewRequest(http.MethodPost, "https://example.com", bytes.NewBuffer(requestBody))
 	us.NoError(err, "error just creating http request for test")
 
-	httpRequest.Header.Set("x-mfa-UserUUID", "the-id-of-the-dynamo-user")
+	httpRequest.Header.Set("x-mfa-UserUUID", "the-id-of-the-webauthn-user")
 	httpRequest.Header.Set("x-mfa-RPID", rpID)
 	httpRequest.Header.Set("x-mfa-RPOrigin", rpID)
 

user.go

@@ -28,9 +28,9 @@ const WebAuthnTablePK = "uuid"
 // have this in its ID field.
 const LegacyU2FCredID = "u2f"
 
-// DynamoUser holds user data from DynamoDB, in both encrypted and unencrypted form. It also holds a Webauthn client
+// WebauthnUser holds user data from DynamoDB, in both encrypted and unencrypted form. It also holds a Webauthn client
 // and Webauthn API data.
-type DynamoUser struct {
+type WebauthnUser struct {
 	// Shared fields between U2F and WebAuthn
 	ID          string   `dynamodbav:"uuid" json:"uuid"`
 	ApiKeyValue string   `dynamodbav:"apiKey" json:"apiKey"`
@@ -59,9 +59,9 @@ type DynamoUser struct {
 	Icon           string             `dynamodbav:"-" json:"-"`
 }
 
-// NewDynamoUser creates a new DynamoUser from API input data, a storage client and a Webauthn client.
-func NewDynamoUser(apiConfig ApiMeta, storage *Storage, apiKey ApiKey, webAuthnClient *webauthn.WebAuthn) DynamoUser {
-	u := DynamoUser{
+// NewWebauthnUser creates a new WebauthnUser from API input data, a storage client and a Webauthn client.
+func NewWebauthnUser(apiConfig ApiMeta, storage *Storage, apiKey ApiKey, webAuthnClient *webauthn.WebAuthn) WebauthnUser {
+	u := WebauthnUser{
 		ID:             apiConfig.UserUUID,
 		Name:           apiConfig.Username,
 		DisplayName:    apiConfig.UserDisplayName,
@@ -85,7 +85,7 @@ func NewDynamoUser(apiConfig ApiMeta, storage *Storage, apiKey ApiKey, webAuthnC
 
 // RemoveU2F clears U2F fields in the user struct. To be used when a user has requested removal of their legacy U2F key.
 // Should be followed by a database store operation.
-func (u *DynamoUser) RemoveU2F() {
+func (u *WebauthnUser) RemoveU2F() {
 	u.AppId = ""
 	u.EncryptedAppId = ""
 	u.KeyHandle = ""
@@ -95,14 +95,14 @@ func (u *DynamoUser) RemoveU2F() {
 }
 
 // unsetSessionData clears the encrypted session data from a user and stores the updated record in the database.
-func (u *DynamoUser) unsetSessionData() error {
+func (u *WebauthnUser) unsetSessionData() error {
 	u.EncryptedSessionData = nil
 	return u.Store.Store(envConfig.WebauthnTable, u)
 }
 
 // saveSessionData encrypts the user's session data and updates the database record.
 // CAUTION: user data is refreshed from the database by this function. Any unsaved data will be lost.
-func (u *DynamoUser) saveSessionData(sessionData webauthn.SessionData) error {
+func (u *WebauthnUser) saveSessionData(sessionData webauthn.SessionData) error {
 	// load to be sure working with latest data
 	err := u.Load()
 	if err != nil {
@@ -127,7 +127,7 @@ func (u *DynamoUser) saveSessionData(sessionData webauthn.SessionData) error {
 // saveNewCredential appends a new credential to the user's credential list, encrypts the list, and updates the
 // database record.
 // CAUTION: user data is refreshed from the database by this function. Any unsaved data will be lost.
-func (u *DynamoUser) saveNewCredential(credential webauthn.Credential) error {
+func (u *WebauthnUser) saveNewCredential(credential webauthn.Credential) error {
 	// load to be sure working with latest data
 	err := u.Load()
 	if err != nil {
@@ -153,7 +153,7 @@ func (u *DynamoUser) saveNewCredential(credential webauthn.Credential) error {
 // should be removed (i.e. by matching the string "u2f") then that user is saved with all of its legacy u2f fields
 // blanked out.
 // CAUTION: user data is refreshed from the database by this function. Any unsaved data will be lost.
-func (u *DynamoUser) DeleteCredential(credIDHash string) (int, error) {
+func (u *WebauthnUser) DeleteCredential(credIDHash string) (int, error) {
 	// load to be sure working with the latest data
 	err := u.Load()
 	if err != nil {
@@ -197,7 +197,7 @@ func (u *DynamoUser) DeleteCredential(credIDHash string) (int, error) {
 }
 
 // encryptAndStoreCredentials encrypts the user's credential list and updates the database record
-func (u *DynamoUser) encryptAndStoreCredentials() error {
+func (u *WebauthnUser) encryptAndStoreCredentials() error {
 	js, err := json.Marshal(u.Credentials)
 	if err != nil {
 		return err
@@ -213,7 +213,7 @@ func (u *DynamoUser) encryptAndStoreCredentials() error {
 }
 
 // Load refreshes a user object from the database record and decrypts the session data and credential list
-func (u *DynamoUser) Load() error {
+func (u *WebauthnUser) Load() error {
 	err := u.Store.Load(envConfig.WebauthnTable, WebAuthnTablePK, u.ID, u)
 	if err != nil {
 		return errors.Wrap(err, "failed to load user")
@@ -262,15 +262,15 @@ func (u *DynamoUser) Load() error {
 }
 
 // Delete removes the user from the database
-func (u *DynamoUser) Delete() error {
+func (u *WebauthnUser) Delete() error {
 	return u.Store.Delete(envConfig.WebauthnTable, WebAuthnTablePK, u.ID)
 }
 
 // BeginRegistration processes the first half of the Webauthn Registration flow for the user and returns the
 // CredentialCreation data to pass back to the client. User session data is saved in the database.
-func (u *DynamoUser) BeginRegistration() (*protocol.CredentialCreation, error) {
+func (u *WebauthnUser) BeginRegistration() (*protocol.CredentialCreation, error) {
 	if u.WebAuthnClient == nil {
-		return nil, fmt.Errorf("dynamoUser, %s, missing WebAuthClient in BeginRegistration", u.Name)
+		return nil, fmt.Errorf("webauthnUser, %s, missing WebAuthClient in BeginRegistration", u.Name)
 	}
 
 	rrk := false
@@ -295,7 +295,7 @@ func (u *DynamoUser) BeginRegistration() (*protocol.CredentialCreation, error) {
 // FinishRegistration processes the last half of the Webauthn Registration flow for the user and returns the
 // key_handle_hash to pass back to the client. The client should store this value for later use. User session data is
 // cleared from the database.
-func (u *DynamoUser) FinishRegistration(r *http.Request) (string, error) {
+func (u *WebauthnUser) FinishRegistration(r *http.Request) (string, error) {
 	if r.Body == nil {
 		return "", fmt.Errorf("request Body may not be nil in FinishRegistration")
 	}
@@ -330,7 +330,7 @@ func (u *DynamoUser) FinishRegistration(r *http.Request) (string, error) {
 
 // BeginLogin processes the first half of the Webauthn Authentication flow for the user and returns the
 // CredentialAssertion data to pass back to the client. User session data is saved in the database.
-func (u *DynamoUser) BeginLogin() (*protocol.CredentialAssertion, error) {
+func (u *WebauthnUser) BeginLogin() (*protocol.CredentialAssertion, error) {
 	extensions := protocol.AuthenticationExtensions{}
 	if u.EncryptedAppId != "" {
 		appid, err := u.ApiKey.DecryptLegacy([]byte(u.EncryptedAppId))
@@ -356,7 +356,7 @@ func (u *DynamoUser) BeginLogin() (*protocol.CredentialAssertion, error) {
 
 // FinishLogin processes the last half of the Webauthn Authentication flow for the user and returns the
 // Credential data to pass back to the client. User session data is untouched by this function.
-func (u *DynamoUser) FinishLogin(r *http.Request) (*webauthn.Credential, error) {
+func (u *WebauthnUser) FinishLogin(r *http.Request) (*webauthn.Credential, error) {
 	if r.Body == nil {
 		return nil, fmt.Errorf("request Body may not be nil in FinishLogin")
 	}
@@ -400,27 +400,27 @@ func (u *DynamoUser) FinishLogin(r *http.Request) (*webauthn.Credential, error)
 }
 
 // WebAuthnID returns the user's ID according to the Relying Party
-func (u *DynamoUser) WebAuthnID() []byte {
+func (u *WebauthnUser) WebAuthnID() []byte {
 	return []byte(u.ID)
 }
 
 // WebAuthnName returns the user's name according to the Relying Party
-func (u *DynamoUser) WebAuthnName() string {
+func (u *WebauthnUser) WebAuthnName() string {
 	return u.Name
 }
 
 // WebAuthnDisplayName returns the display name of the user
-func (u *DynamoUser) WebAuthnDisplayName() string {
+func (u *WebauthnUser) WebAuthnDisplayName() string {
 	return u.DisplayName
 }
 
 // WebAuthnIcon returns the user's icon URL
-func (u *DynamoUser) WebAuthnIcon() string {
+func (u *WebauthnUser) WebAuthnIcon() string {
 	return u.Icon
 }
 
 // WebAuthnCredentials returns an array of credentials (passkeys) plus a U2F credential if present
-func (u *DynamoUser) WebAuthnCredentials() []webauthn.Credential {
+func (u *WebauthnUser) WebAuthnCredentials() []webauthn.Credential {
 	if u.EncryptedKeyHandle == "" || u.EncryptedPublicKey == "" {
 		// no U2F credential found
 		return u.Credentials

user_test.go

@@ -22,7 +22,7 @@ func (ms *MfaSuite) Test_User_DeleteCredential() {
 
 	tests := []struct {
 		name            string
-		user            DynamoUser
+		user            WebauthnUser
 		credID          string
 		wantErrContains string
 		wantStatus      int
@@ -111,7 +111,7 @@ func (ms *MfaSuite) Test_User_DeleteCredential() {
 				tt.verifyFn(results)
 			}
 
-			gotUser := DynamoUser{
+			gotUser := WebauthnUser{
 				ID:     tt.user.ID,
 				ApiKey: tt.user.ApiKey,
 				Store:  baseConfigs.Storage,

webauthn.go

@@ -296,20 +296,20 @@ func getApiMetaFromRequest(r *http.Request) (ApiMeta, error) {
 	return meta, nil
 }
 
-// getUserFromContext returns the authenticated DynamoUser from the request context. The authentication middleware or
+// getUserFromContext returns the authenticated WebauthnUser from the request context. The authentication middleware or
 // early handler processing inserts the authenticated user into the context for retrieval by this function.
-func getUserFromContext(r *http.Request) (*DynamoUser, error) {
-	user, ok := r.Context().Value(UserContextKey).(*DynamoUser)
+func getUserFromContext(r *http.Request) (*WebauthnUser, error) {
+	user, ok := r.Context().Value(UserContextKey).(*WebauthnUser)
 	if !ok {
-		return &DynamoUser{}, errors.New("unable to get user from request context")
+		return &WebauthnUser{}, errors.New("unable to get user from request context")
 	}
 
 	return user, nil
 }
 
 // AuthenticateRequest checks the provided API key against the keys stored in the database. If the key is active and
-// valid, a Webauthn client and DynamoUser are created and stored in the request context.
-func AuthenticateRequest(r *http.Request) (*DynamoUser, error) {
+// valid, a Webauthn client and WebauthnUser are created and stored in the request context.
+func AuthenticateRequest(r *http.Request) (*WebauthnUser, error) {
 	// get key and secret from headers
 	key := r.Header.Get("x-mfa-apikey")
 	secret := r.Header.Get("x-mfa-apisecret")
@@ -361,7 +361,7 @@ func AuthenticateRequest(r *http.Request) (*DynamoUser, error) {
 		return nil, fmt.Errorf("unable to create webauthn client from api meta config: %w", err)
 	}
 
-	user := NewDynamoUser(apiMeta, localStorage, apiKey, webAuthnClient)
+	user := NewWebauthnUser(apiMeta, localStorage, apiKey, webAuthnClient)
 
 	// If this user exists (api key value is not empty), make sure the calling API Key owns the user and is allowed to operate on it
 	if user.ApiKeyValue != "" && user.ApiKeyValue != apiKey.Key {

webauthn_test.go

@@ -51,7 +51,7 @@ func getTestAssertionResponse(credID, authData, clientData, attestationObject st
 	}`)
 }
 
-func getTestAssertionRequest(credID1, authData1, clientData1, attestObject1 string, user *DynamoUser) *http.Request {
+func getTestAssertionRequest(credID1, authData1, clientData1, attestObject1 string, user *WebauthnUser) *http.Request {
 	assertResp := getTestAssertionResponse(credID1, authData1, clientData1, attestObject1)
 
 	body := io.NopCloser(bytes.NewReader(assertResp))
@@ -137,7 +137,7 @@ func (ms *MfaSuite) Test_BeginRegistration() {
 	const userID = "12345678-1234-1234-1234-123456789012"
 	userIDEncoded := base64.StdEncoding.EncodeToString([]byte(userID))
 
-	userNoID := DynamoUser{
+	userNoID := WebauthnUser{
 		Name:           "Nelly_NoID",
 		DisplayName:    "Nelly NoID",
 		Store:          localStorage,
@@ -150,7 +150,7 @@ func (ms *MfaSuite) Test_BeginRegistration() {
 	ctxNoID := context.WithValue(reqNoID.Context(), UserContextKey, &userNoID)
 	reqNoID = *reqNoID.WithContext(ctxNoID)
 
-	testUser := DynamoUser{
+	testUser := WebauthnUser{
 		ID:             userID,
 		Name:           "Charlie_HasCredentials",
 		DisplayName:    "Charlie HasCredentials",
@@ -276,7 +276,7 @@ func (ms *MfaSuite) Test_FinishRegistration() {
 	const userID = "00345678-1234-1234-1234-123456789012"
 	const challenge = "W8GzFU8pGjhoRbWrLDlamAfq_y4S1CZG1VuoeRLARrE"
 
-	testUser := DynamoUser{
+	testUser := WebauthnUser{
 		ID:             userID,
 		Name:           "Charlie_HasCredentials",
 		DisplayName:    "Charlie HasCredentials",
@@ -431,7 +431,7 @@ func (ms *MfaSuite) Test_BeginLogin() {
 	ms.NoError(err, "failed creating new webAuthnClient for test")
 
 	// Just check one of the error conditions with this user
-	userNoCreds := DynamoUser{
+	userNoCreds := WebauthnUser{
 		ID:             "",
 		Name:           "Nelly_NoCredentials",
 		DisplayName:    "Nelly NoCredentials",
@@ -461,7 +461,7 @@ func (ms *MfaSuite) Test_BeginLogin() {
 		},
 	}
 
-	userWithCreds := DynamoUser{
+	userWithCreds := WebauthnUser{
 		ID:             userID,
 		Name:           "Charlie_HasCredentials",
 		DisplayName:    "Charlie HasCredentials",
@@ -607,7 +607,7 @@ func (ms *MfaSuite) Test_FinishLogin() {
 		},
 	}
 
-	userWithCreds := DynamoUser{
+	userWithCreds := WebauthnUser{
 		ID:             userID,
 		Name:           "Charlie_HasCredentials",
 		DisplayName:    "Charlie HasCredentials",
@@ -800,7 +800,7 @@ func (ms *MfaSuite) Test_DeleteCredential() {
 	users := getTestWebauthnUsers(ms, baseConfigs)
 	testUser0, testUser1, testUser2 := users[0], users[1], users[2]
 
-	for i, u := range []DynamoUser{testUser0, testUser1, testUser2} {
+	for i, u := range []WebauthnUser{testUser0, testUser1, testUser2} {
 		ms.NoError(u.ApiKey.Hash(), "error trying to hash apikey: %d", i)
 		ms.NoError(u.encryptAndStoreCredentials(), "failed updating test user")
 		ms.NoError(u.ApiKey.Store.Store(baseConfigs.EnvConfig.ApiKeyTable, u.ApiKey), "failed saving initial apikey")
@@ -823,7 +823,7 @@ func (ms *MfaSuite) Test_DeleteCredential() {
 
 	tests := []struct {
 		name            string
-		user            DynamoUser
+		user            WebauthnUser
 		credID          string
 		wantErrContains string
 		wantStatus      int