Move and clean up webauthn-json serialization modules

- Combines Crypto.WebAuthn.Model.WebIDL.Internal.{Convert,Encoding,Decoding} into a single Crypto.Encoding.Internal.WebAuthnJson - Moves Crypto.WebAuthn.Model.WebIDL to Crypto.Encoding.WebAuthnJson - Removes mentions of WebIDL from the above modules, correcting them to WebAuthnJson, or WJ as a prefix. This renames all the exposed decoding functions, prefixing them with wj - Make wjDecodeCredentialRegistration use allSupportedFormats as the SupportedAttestationStatementFormats argument. wjDecodeCredentialRegistration' has been introduced to allow passing a custom SupportedAttestationStatementFormats. For the future, only the unticked functions are intended to stay backwards compatible - Don't have Decode and DecodeCreated, instead parametrize Decode by m, allowing instances to add additional constraints to it. Oh also just use mtl monad constraints in general over Either for that module
tweag · Feb 16, 2022 · de95fa3 · de95fa3
1 parent 61f5c45
commit de95fa3
Show file tree

Hide file tree

Showing 13 changed files with 781 additions and 873 deletions.
diff --git a/server/src/Main.hs b/server/src/Main.hs
@@ -224,7 +224,7 @@ beginRegistration db pending = do
           }
   options <- Scotty.liftAndCatchIO $ insertPendingRegistration pending $ defaultPkcco user
   Scotty.liftAndCatchIO $ TIO.putStrLn $ "Register begin => " <> jsonText options
-  Scotty.json $ WA.encodeCredentialOptionsRegistration options
+  Scotty.json $ WA.wjEncodeCredentialOptionsRegistration options
 
 -- | Completes the relying party's responsibilities of the registration
 -- ceremony. Receives the credential from the client and performs the
@@ -241,7 +241,7 @@ completeRegistration ::
 completeRegistration origin rpIdHash db pending registryVar = do
   credential <- Scotty.jsonData
   Scotty.liftAndCatchIO $ TIO.putStrLn $ "Raw register complete <= " <> jsonText credential
-  cred <- case WA.decodeCredentialRegistration WA.allSupportedFormats credential of
+  cred <- case WA.wjDecodeCredentialRegistration credential of
     Left err -> do
       Scotty.liftAndCatchIO $ TIO.putStrLn $ "Register complete failed to decode raw request: " <> Text.pack (show err)
       fail $ show err
@@ -325,7 +325,7 @@ beginLogin db pending = do
 
   -- Send credential options to the client
   Scotty.liftAndCatchIO $ TIO.putStrLn $ "Login begin => " <> jsonText options
-  Scotty.json $ WA.encodeCredentialOptionsAuthentication options
+  Scotty.json $ WA.wjEncodeCredentialOptionsAuthentication options
   where
     mkCredentialDescriptor :: WA.CredentialEntry -> WA.CredentialDescriptor
     mkCredentialDescriptor WA.CredentialEntry {WA.ceCredentialId, WA.ceTransports} =
@@ -347,7 +347,7 @@ completeLogin origin rpIdHash db pending = do
   Scotty.liftAndCatchIO $ TIO.putStrLn $ "Raw login complete <= " <> jsonText credential
 
   -- Decode credential
-  cred <- case WA.decodeCredentialAuthentication credential of
+  cred <- case WA.wjDecodeCredentialAuthentication credential of
     Left err -> do
       Scotty.liftAndCatchIO $ TIO.putStrLn $ "Login complete failed to decode request: " <> Text.pack (show err)
       fail $ show err

diff --git a/src/Crypto/WebAuthn.hs b/src/Crypto/WebAuthn.hs
@@ -100,22 +100,22 @@ module Crypto.WebAuthn
     -- | A set of types representing credential options ('CredentialOptions')
     -- and their resulting credentials responses ('Credential'), used in
     -- [step 2](#step-2) and [step 4](#step-4#) respectively.
-    --
-    -- Also includes a set of functions for indirectly encoding credential
-    -- options to JSON ('encodeCredentialOptionsRegistration',
-    -- 'encodeCredentialOptionsAuthentication') and indirectly decoding
-    -- credential responses from JSON ('decodeCredentialRegistration',
-    -- 'decodeCredentialAuthentication'), using the same encoding as
-    -- [webauthn-json](https://github.com/github/webauthn-json) which can be
-    -- used on the JavaScript side. This is needed to construct the response
-    -- for [step 2](#step-2) and to deconstruct the request in
-    -- [step 4](#step-4) respectively.
     module Crypto.WebAuthn.Model,
 
     -- * WebAuthn Encoding
 
     -- | Includes everything needed to encode\/decode WebAuthn types between
-    -- serializations and Haskell types defined in "Crypto.WebAuthn.Model"
+    -- serializations and Haskell types defined in "Crypto.WebAuthn.Model".
+    -- Most notably this includes encoding and decoding functions for messages
+    -- exchanged with the
+    -- [webauthn-json](https://github.com/github/webauthn-json) JavaScript
+    -- library: Encoding 'CredentialOptions' to intermediate JSON-serializable
+    -- types using 'wjEncodeCredentialOptionsRegistration' and
+    -- 'wjEncodeCredentialOptionsAuthentication', which can be used for [step
+    -- 2](#step-2). Also decoding 'Credential's from intermediate
+    -- JSON-deserializable types using 'wjDecodeCredentialRegistration' and
+    -- 'wjDecodeCredentialAuthentication', which can be used for [step
+    -- 4](#step-4).
     module Crypto.WebAuthn.Encoding,
 
     -- * Attestation Statement Formats
@@ -128,8 +128,9 @@ module Crypto.WebAuthn
     --
     -- This module contains the 'allSupportedFormats' value, which contains
     -- implementations of all standard attestation statement formats supported
-    -- by this library. It can be passed to the 'decodeCredentialRegistration'
-    -- to enable all these formats.
+    -- by this library. It can be manually passed to the
+    -- 'wjDecodeCredentialRegistration'' to enable only specific formats or add
+    -- support for additional ones.
     module Crypto.WebAuthn.AttestationStatementFormat,
 
     -- * Operations

diff --git a/src/Crypto/WebAuthn/Encoding.hs b/src/Crypto/WebAuthn/Encoding.hs
@@ -1,13 +1,39 @@
 {-# OPTIONS_GHC -Wno-missing-import-lists #-}
 
 -- | Stability: experimental
--- This module exposes everything related to encoding\/decoding of WebAuthn
--- values
+-- This module ncludes everything needed to encode\/decode WebAuthn types
+-- between serializations and Haskell types defined in "Crypto.WebAuthn.Model".
 module Crypto.WebAuthn.Encoding
-  ( module Crypto.WebAuthn.Encoding.Binary,
+  ( -- * webauthn-json serialization
+
+    -- This module includes encoding and decoding functions for messages
+    -- exchanged with the
+    -- [webauthn-json](https://github.com/github/webauthn-json) JavaScript
+    -- library.
+    module Crypto.WebAuthn.Encoding.WebAuthnJson,
+
+    -- * Binary fields
+
+    -- WebAuthn defines several structures that employ a binary serialization,
+    -- such as
+    -- [clientDataJSON](https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson)
+    -- or [authenticator
+    -- data](https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-authenticatordata).
+    -- This module exposes functions for encoding/decoding such fields, using
+    -- types from "Crypto.WebAuthn.Model". This is useful for defining
+    -- serializations alternative to the webauthn-json one.
+    module Crypto.WebAuthn.Encoding.Binary,
+
+    -- * Enum strings
+
+    -- WebAuthn also defines several enumerations, which can be translated
+    -- to\/from their respective Haskell types in "Crypto.WebAuthn.Model" using
+    -- this module. This is useful for defining serializations alternative to
+    -- the webauthn-json one.
     module Crypto.WebAuthn.Encoding.Strings,
   )
 where
 
 import Crypto.WebAuthn.Encoding.Binary
 import Crypto.WebAuthn.Encoding.Strings
+import Crypto.WebAuthn.Encoding.WebAuthnJson