diff --git a/src/test/passkeys-test.js b/src/test/passkeys-test.js index 863084563..b0e1e4d44 100644 --- a/src/test/passkeys-test.js +++ b/src/test/passkeys-test.js @@ -176,7 +176,7 @@ describe('Passkeys', function () { assert.notEqual(error, null); }); - it('rejects registration when TOTP is enabled', async function () { + it('allows registration options when TOTP is enabled', async function () { const adminUser = await users.get(admin.id); // enable TOTP first @@ -186,9 +186,10 @@ describe('Passkeys', function () { await users.enableTotp(adminUser, totpToken, auditSource); adminUser.totpEnabled = true; - const [error] = await safe(passkeys.getRegistrationOptions(adminUser)); - assert.notEqual(error, null); - assert.equal(error.reason, BoxError.ALREADY_EXISTS); + const [error, options] = await safe(passkeys.getRegistrationOptions(adminUser)); + assert.equal(error, null); + assert.ok((options) && typeof (options) === 'object' && !Array.isArray(options)); + assert.equal(typeof options.challenge, 'string'); // disable TOTP for further tests await users.disableTotp(adminUser, auditSource); @@ -281,10 +282,10 @@ describe('Passkeys', function () { }); }); - describe('TOTP mutual exclusion', function () { + describe('TOTP and passkey coexistence', function () { before(createOwner); - it('cannot enable TOTP when passkey exists', async function () { + it('can enable TOTP when passkey exists', async function () { // register a passkey const authenticator = webauthnHelper.createVirtualAuthenticator(); const adminUser = await users.get(admin.id); @@ -292,19 +293,21 @@ describe('Passkeys', function () { const response = await webauthnHelper.createRegistrationResponse(authenticator, options, origin); await passkeys.verifyRegistration(adminUser, response, 'Exclusion Test'); - // try to enable TOTP + // enable TOTP while passkey exists const twofa = await users.setTotpSecret(adminUser, auditSource); adminUser.totpSecret = twofa.secret; const totpToken = speakeasy.totp({ secret: twofa.secret, encoding: 'base32' }); const [error] = await safe(users.enableTotp(adminUser, totpToken, auditSource)); - assert.notEqual(error, null); - assert.equal(error.reason, BoxError.ALREADY_EXISTS); + assert.equal(error, null); + adminUser.totpEnabled = true; + await users.disableTotp(adminUser, auditSource); + adminUser.totpEnabled = false; await passkeys.delAll(); }); - it('cannot register passkey when TOTP is enabled', async function () { + it('can register passkey when TOTP is enabled', async function () { const adminUser = await users.get(admin.id); // enable TOTP @@ -314,11 +317,19 @@ describe('Passkeys', function () { await users.enableTotp(adminUser, totpToken, auditSource); adminUser.totpEnabled = true; - const [error] = await safe(passkeys.getRegistrationOptions(adminUser)); - assert.notEqual(error, null); - assert.equal(error.reason, BoxError.ALREADY_EXISTS); + const [error, options] = await safe(passkeys.getRegistrationOptions(adminUser)); + assert.equal(error, null); + assert.ok((options) && typeof (options) === 'object' && !Array.isArray(options)); + assert.equal(typeof options.challenge, 'string'); + + const authenticator = webauthnHelper.createVirtualAuthenticator(); + const response = await webauthnHelper.createRegistrationResponse(authenticator, options, origin); + const [registrationError, result] = await safe(passkeys.verifyRegistration(adminUser, response, 'Coexistence Test')); + assert.equal(registrationError, null); + assert.equal(typeof result.id, 'string'); // cleanup + await passkeys.delAll(); await users.disableTotp(adminUser, auditSource); adminUser.totpEnabled = false; });