From 3f145dc0925f7f11a5d85773d3cad1f43b33bdb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@riseup.net>
Date: Fri, 3 May 2024 12:54:20 +0200
Subject: [PATCH] Merge pull request #7623 from jenshenny/fix-webauthn-poller

Rename credential email to identifier in WebAuthn poller

(cherry picked from commit 53c6223d6758a676fad713d4a72ed6a461cdb23c)
---
 lib/rubygems/gemcutter_utilities/webauthn_poller.rb |  4 +++-
 test/rubygems/test_webauthn_poller.rb               | 12 +++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/rubygems/gemcutter_utilities/webauthn_poller.rb b/lib/rubygems/gemcutter_utilities/webauthn_poller.rb
index 0fdd1d5bf45b..fe3f163a8887 100644
--- a/lib/rubygems/gemcutter_utilities/webauthn_poller.rb
+++ b/lib/rubygems/gemcutter_utilities/webauthn_poller.rb
@@ -69,8 +69,10 @@ def webauthn_verification_poll_response(webauthn_url, credentials)
       rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
         if credentials.empty?
           request.add_field "Authorization", api_key
+        elsif credentials[:identifier] && credentials[:password]
+          request.basic_auth credentials[:identifier], credentials[:password]
         else
-          request.basic_auth credentials[:email], credentials[:password]
+          raise Gem::WebauthnVerificationError, "Provided missing credentials"
         end
       end
     end
diff --git a/test/rubygems/test_webauthn_poller.rb b/test/rubygems/test_webauthn_poller.rb
index 23290d8ea143..fd2408175861 100644
--- a/test/rubygems/test_webauthn_poller.rb
+++ b/test/rubygems/test_webauthn_poller.rb
@@ -13,7 +13,7 @@ def setup
     @fetcher = Gem::FakeFetcher.new
     Gem::RemoteFetcher.fetcher = @fetcher
     @credentials = {
-      email: "email@example.com",
+      identifier: "email@example.com",
       password: "password",
     }
   end
@@ -121,4 +121,14 @@ def test_poll_for_otp_invalid_status
     assert_equal error.message,
       "Security device verification failed: The token in the link you used has either expired or been used already."
   end
+
+  def test_poll_for_otp_missing_credentials
+    @credentials = { password: "password" }
+
+    error = assert_raise Gem::WebauthnVerificationError do
+      Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
+    end
+
+    assert_equal error.message, "Security device verification failed: Provided missing credentials"
+  end
 end