chore(release): publish new version

- @standardnotes/auth-server@1.86.0

packages/auth/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.86.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.85.0...@standardnotes/auth-server@1.86.0) (2023-01-23)
+
+### Features
+
+* **auth:** add configurable user verification requirement on u2f via env vars ([c38817c](https://github.com/standardnotes/server/commit/c38817c62e8109f1d5837dcda4a07f1b73976c72))
+
 # [1.85.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.84.11...@standardnotes/auth-server@1.85.0) (2023-01-23)
 
 ### Features

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.85.0",
+  "version": "1.86.0",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/auth/src/Bootstrap/Container.ts

@@ -465,6 +465,9 @@ export class ContainerConfigLoader {
     container
       .bind(TYPES.U2F_EXPECTED_ORIGIN)
       .toConstantValue(env.get('U2F_EXPECTED_ORIGIN', true) ?? 'https://app.standardnotes.com')
+    container
+      .bind(TYPES.U2F_REQUIRE_USER_VERIFICATION)
+      .toConstantValue(env.get('U2F_REQUIRE_USER_VERIFICATION', true) === 'true')
     // Services
     container.bind<UAParser>(TYPES.DeviceDetector).toConstantValue(new UAParser())
     container.bind<SessionService>(TYPES.SessionService).to(SessionService)
@@ -579,6 +582,7 @@ export class ContainerConfigLoader {
           container.get(TYPES.AuthenticatorChallengeRepository),
           container.get(TYPES.U2F_RELYING_PARTY_ID),
           container.get(TYPES.U2F_EXPECTED_ORIGIN),
+          container.get(TYPES.U2F_REQUIRE_USER_VERIFICATION),
         ),
       )
     container
@@ -597,6 +601,7 @@ export class ContainerConfigLoader {
           container.get(TYPES.AuthenticatorChallengeRepository),
           container.get(TYPES.U2F_RELYING_PARTY_ID),
           container.get(TYPES.U2F_EXPECTED_ORIGIN),
+          container.get(TYPES.U2F_REQUIRE_USER_VERIFICATION),
         ),
       )
     container

packages/auth/src/Bootstrap/Types.ts

@@ -97,6 +97,7 @@ const TYPES = {
   U2F_RELYING_PARTY_ID: Symbol.for('U2F_RELYING_PARTY_ID'),
   U2F_RELYING_PARTY_NAME: Symbol.for('U2F_RELYING_PARTY_NAME'),
   U2F_EXPECTED_ORIGIN: Symbol.for('U2F_EXPECTED_ORIGIN'),
+  U2F_REQUIRE_USER_VERIFICATION: Symbol.for('U2F_REQUIRE_USER_VERIFICATION'),
   // use cases
   AuthenticateUser: Symbol.for('AuthenticateUser'),
   AuthenticateRequest: Symbol.for('AuthenticateRequest'),

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.spec.ts

@@ -18,6 +18,7 @@ describe('VerifyAuthenticatorAuthenticationResponse', () => {
       authenticatorChallengeRepository,
       'standardnotes.com',
       'https://app.standardnotes.com',
+      true,
     )
 
   beforeEach(() => {

packages/auth/src/Domain/UseCase/VerifyAuthenticatorAuthenticationResponse/VerifyAuthenticatorAuthenticationResponse.ts

@@ -12,6 +12,7 @@ export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterfa
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
     private relyingPartyId: string,
     private expectedOrigin: string,
+    private requireUserVerification: boolean,
   ) {}
 
   async execute(dto: VerifyAuthenticatorAuthenticationResponseDTO): Promise<Result<boolean>> {
@@ -43,6 +44,7 @@ export class VerifyAuthenticatorAuthenticationResponse implements UseCaseInterfa
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
         expectedOrigin: this.expectedOrigin,
         expectedRPID: this.relyingPartyId,
+        requireUserVerification: this.requireUserVerification,
         authenticator: {
           counter: authenticator.props.counter,
           credentialID: authenticator.props.credentialId,

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts

@@ -18,6 +18,7 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
       authenticatorChallengeRepository,
       'standardnotes.com',
       'https://app.standardnotes.com',
+      true,
     )
 
   beforeEach(() => {

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts

@@ -12,6 +12,7 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
     private relyingPartyId: string,
     private expectedOrigin: string,
+    private requireUserVerification: boolean,
   ) {}
 
   async execute(dto: VerifyAuthenticatorRegistrationResponseDTO): Promise<Result<boolean>> {
@@ -38,6 +39,7 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
         expectedChallenge: authenticatorChallenge.props.challenge.toString(),
         expectedOrigin: this.expectedOrigin,
         expectedRPID: this.relyingPartyId,
+        requireUserVerification: this.requireUserVerification,
       })
 
       if (!verification.verified) {