lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
porchlight/tests/test_authn
History
Johan Lundberg 1571706d21
fix(security): reject WebAuthn signature-counter rollback 
Sign counters were stored but never checked, so a cloned authenticator or a
replayed assertion with an equal/lower counter was accepted. Reject the
authentication when the presented counter does not exceed the stored one,
while allowing counter-less/synced passkeys that always report 0.

Refs: porchlight-3cr

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 13:53:10 +02:00
..
__init__.py chore: create package structure with src layout 2026-02-12 14:39:07 +01:00
test_password.py update all imports in test files: fastapi_oidc_op → porchlight 2026-02-16 15:34:53 +01:00
test_sign_count.py fix(security): reject WebAuthn signature-counter rollback 2026-06-05 13:53:10 +02:00
test_webauthn.py feat(security): make WebAuthn user verification configurable 2026-06-05 13:48:27 +02:00