| 
									
										
										
										
											2024-10-17 21:40:51 -05:00
										 |  |  | /* | 
					
						
							| 
									
										
										
										
											2025-07-29 10:52:42 -05:00
										 |  |  |  * Copyright 2004-present the original author or authors. | 
					
						
							| 
									
										
										
										
											2024-10-17 21:40:51 -05:00
										 |  |  |  * | 
					
						
							|  |  |  |  * Licensed under the Apache License, Version 2.0 (the "License"); | 
					
						
							|  |  |  |  * you may not use this file except in compliance with the License. | 
					
						
							|  |  |  |  * You may obtain a copy of the License at | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  *      https://www.apache.org/licenses/LICENSE-2.0
 | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Unless required by applicable law or agreed to in writing, software | 
					
						
							|  |  |  |  * distributed under the License is distributed on an "AS IS" BASIS, | 
					
						
							|  |  |  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
					
						
							|  |  |  |  * See the License for the specific language governing permissions and | 
					
						
							|  |  |  |  * limitations under the License. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | "use strict"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import "./bootstrap.js"; | 
					
						
							|  |  |  | import { expect } from "chai"; | 
					
						
							|  |  |  | import { assert, fake, match, stub } from "sinon"; | 
					
						
							|  |  |  | import http from "../lib/http.js"; | 
					
						
							|  |  |  | import webauthn from "../lib/webauthn-core.js"; | 
					
						
							|  |  |  | import base64url from "../lib/base64url.js"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | describe("webauthn-core", () => { | 
					
						
							|  |  |  |   beforeEach(() => { | 
					
						
							|  |  |  |     global.window = { | 
					
						
							|  |  |  |       btoa: (str) => Buffer.from(str, "binary").toString("base64"), | 
					
						
							|  |  |  |       atob: (b64) => Buffer.from(b64, "base64").toString("binary"), | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   afterEach(() => { | 
					
						
							|  |  |  |     delete global.window; | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   describe("isConditionalMediationAvailable", () => { | 
					
						
							|  |  |  |     afterEach(() => { | 
					
						
							|  |  |  |       delete global.window.PublicKeyCredential; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it("is available", async () => { | 
					
						
							|  |  |  |       global.window = { | 
					
						
							|  |  |  |         PublicKeyCredential: { | 
					
						
							|  |  |  |           isConditionalMediationAvailable: fake.resolves(true), | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       const result = await webauthn.isConditionalMediationAvailable(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(result).to.be.true; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     describe("is not available", async () => { | 
					
						
							|  |  |  |       it("PublicKeyCredential does not exist", async () => { | 
					
						
							|  |  |  |         global.window = {}; | 
					
						
							|  |  |  |         const result = await webauthn.isConditionalMediationAvailable(); | 
					
						
							|  |  |  |         expect(result).to.be.false; | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |       it("PublicKeyCredential.isConditionalMediationAvailable undefined", async () => { | 
					
						
							|  |  |  |         global.window = { | 
					
						
							|  |  |  |           PublicKeyCredential: {}, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         const result = await webauthn.isConditionalMediationAvailable(); | 
					
						
							|  |  |  |         expect(result).to.be.false; | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |       it("PublicKeyCredential.isConditionalMediationAvailable false", async () => { | 
					
						
							|  |  |  |         global.window = { | 
					
						
							|  |  |  |           PublicKeyCredential: { | 
					
						
							|  |  |  |             isConditionalMediationAvailable: fake.resolves(false), | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         const result = await webauthn.isConditionalMediationAvailable(); | 
					
						
							|  |  |  |         expect(result).to.be.false; | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   describe("authenticate", () => { | 
					
						
							|  |  |  |     let httpPostStub; | 
					
						
							|  |  |  |     const contextPath = "/some/path"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     const credentialsGetOptions = { | 
					
						
							|  |  |  |       challenge: "nRbOrtNKTfJ1JaxfUDKs8j3B-JFqyGQw8DO4u6eV3JA", | 
					
						
							|  |  |  |       timeout: 300000, | 
					
						
							|  |  |  |       rpId: "localhost", | 
					
						
							| 
									
										
										
										
											2025-01-17 15:07:24 +01:00
										 |  |  |       allowCredentials: [ | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           id: "nOsjw8eaaqSwVdTBBYE1FqfGdHs", | 
					
						
							|  |  |  |           type: "public-key", | 
					
						
							|  |  |  |           transports: [], | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |       ], | 
					
						
							| 
									
										
										
										
											2024-10-17 21:40:51 -05:00
										 |  |  |       userVerification: "preferred", | 
					
						
							|  |  |  |       extensions: {}, | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     // This is kind of a self-fulfilling prophecy type of test: we produce array buffers by calling
 | 
					
						
							|  |  |  |     // base64url.decode ; they will then be re-encoded to the same string in the production code.
 | 
					
						
							|  |  |  |     // The ArrayBuffer API is not super friendly.
 | 
					
						
							|  |  |  |     beforeEach(() => { | 
					
						
							|  |  |  |       httpPostStub = stub(http, "post"); | 
					
						
							|  |  |  |       httpPostStub.withArgs(contextPath + "/webauthn/authenticate/options", match.any).resolves({ | 
					
						
							|  |  |  |         ok: true, | 
					
						
							|  |  |  |         status: 200, | 
					
						
							|  |  |  |         json: fake.resolves(credentialsGetOptions), | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |       httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |         ok: true, | 
					
						
							|  |  |  |         status: 200, | 
					
						
							|  |  |  |         json: fake.resolves({ | 
					
						
							|  |  |  |           authenticated: true, | 
					
						
							|  |  |  |           redirectUrl: "/success", | 
					
						
							|  |  |  |         }), | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       const validAuthenticatorResponse = { | 
					
						
							|  |  |  |         id: "UgghgP5QKozwsSUK1twCj8mpgZs", | 
					
						
							|  |  |  |         rawId: base64url.decode("UgghgP5QKozwsSUK1twCj8mpgZs"), | 
					
						
							|  |  |  |         response: { | 
					
						
							|  |  |  |           authenticatorData: base64url.decode("y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNgdAAAAAA"), | 
					
						
							|  |  |  |           clientDataJSON: base64url.decode( | 
					
						
							|  |  |  |             "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUTdlR0NkNUw2cG9fa01meWNIQnBWRlR5dmd3RklCV0QxZWg5OUktRFhnWSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyJ9", | 
					
						
							|  |  |  |           ), | 
					
						
							|  |  |  |           signature: base64url.decode( | 
					
						
							|  |  |  |             "MEUCIGT9PAWfU3lMicOXFMpHGcl033dY-sNSJvehlXvvoivyAiEA_D_yOsChERlXX2rFcK6Qx5BaAbx5qdU2hgYDVN6W770", | 
					
						
							|  |  |  |           ), | 
					
						
							|  |  |  |           userHandle: base64url.decode("tyRDnKxdj7uWOT5jrchXu54lo6nf3bWOUvMQnGOXk7g"), | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         getClientExtensionResults: () => ({}), | 
					
						
							|  |  |  |         authenticatorAttachment: "platform", | 
					
						
							|  |  |  |         type: "public-key", | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       global.navigator = { | 
					
						
							|  |  |  |         credentials: { | 
					
						
							|  |  |  |           get: fake.resolves(validAuthenticatorResponse), | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     afterEach(() => { | 
					
						
							|  |  |  |       http.post.restore(); | 
					
						
							|  |  |  |       delete global.navigator; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it("succeeds", async () => { | 
					
						
							|  |  |  |       const redirectUrl = await webauthn.authenticate({ "x-custom": "some-value" }, contextPath, false); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(redirectUrl).to.equal("/success"); | 
					
						
							|  |  |  |       assert.calledWith( | 
					
						
							|  |  |  |         httpPostStub.lastCall, | 
					
						
							|  |  |  |         `${contextPath}/login/webauthn`, | 
					
						
							|  |  |  |         { "x-custom": "some-value" }, | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           id: "UgghgP5QKozwsSUK1twCj8mpgZs", | 
					
						
							|  |  |  |           rawId: "UgghgP5QKozwsSUK1twCj8mpgZs", | 
					
						
							|  |  |  |           credType: "public-key", | 
					
						
							|  |  |  |           response: { | 
					
						
							|  |  |  |             authenticatorData: "y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNgdAAAAAA", | 
					
						
							|  |  |  |             clientDataJSON: | 
					
						
							|  |  |  |               "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUTdlR0NkNUw2cG9fa01meWNIQnBWRlR5dmd3RklCV0QxZWg5OUktRFhnWSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyJ9", | 
					
						
							|  |  |  |             signature: | 
					
						
							|  |  |  |               "MEUCIGT9PAWfU3lMicOXFMpHGcl033dY-sNSJvehlXvvoivyAiEA_D_yOsChERlXX2rFcK6Qx5BaAbx5qdU2hgYDVN6W770", | 
					
						
							|  |  |  |             userHandle: "tyRDnKxdj7uWOT5jrchXu54lo6nf3bWOUvMQnGOXk7g", | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |           clientExtensionResults: {}, | 
					
						
							|  |  |  |           authenticatorAttachment: "platform", | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it("calls the authenticator with the correct options", async () => { | 
					
						
							|  |  |  |       await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       assert.calledOnceWithMatch(global.navigator.credentials.get, { | 
					
						
							|  |  |  |         publicKey: { | 
					
						
							|  |  |  |           challenge: base64url.decode("nRbOrtNKTfJ1JaxfUDKs8j3B-JFqyGQw8DO4u6eV3JA"), | 
					
						
							|  |  |  |           timeout: 300000, | 
					
						
							|  |  |  |           rpId: "localhost", | 
					
						
							| 
									
										
										
										
											2025-01-17 15:07:24 +01:00
										 |  |  |           allowCredentials: [ | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |               id: base64url.decode("nOsjw8eaaqSwVdTBBYE1FqfGdHs"), | 
					
						
							|  |  |  |               type: "public-key", | 
					
						
							|  |  |  |               transports: [], | 
					
						
							|  |  |  |             }, | 
					
						
							|  |  |  |           ], | 
					
						
							| 
									
										
										
										
											2024-10-17 21:40:51 -05:00
										 |  |  |           userVerification: "preferred", | 
					
						
							|  |  |  |           extensions: {}, | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         signal: match.any, | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     describe("authentication failures", () => { | 
					
						
							|  |  |  |       it("when authentication options call", async () => { | 
					
						
							|  |  |  |         httpPostStub | 
					
						
							|  |  |  |           .withArgs(`${contextPath}/webauthn/authenticate/options`, match.any) | 
					
						
							|  |  |  |           .rejects(new Error("Connection refused")); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Authentication failed. Could not fetch authentication options: Connection refused", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication options call returns does not return HTTP 200 OK", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/authenticate/options`, match.any).resolves({ | 
					
						
							|  |  |  |           ok: false, | 
					
						
							|  |  |  |           status: 400, | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Authentication failed. Could not fetch authentication options: HTTP 400"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication options are not valid json", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/authenticate/options`, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.rejects(new Error("Not valid JSON")), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Authentication failed. Could not fetch authentication options: Not valid JSON"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when navigator.credentials.get fails", async () => { | 
					
						
							|  |  |  |         global.navigator.credentials.get = fake.rejects(new Error("Operation was aborted")); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Authentication failed. Call to navigator.credentials.get failed: Operation was aborted", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication call fails", async () => { | 
					
						
							|  |  |  |         httpPostStub | 
					
						
							|  |  |  |           .withArgs(`${contextPath}/login/webauthn`, match.any, match.any) | 
					
						
							|  |  |  |           .rejects(new Error("Connection refused")); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Authentication failed. Could not process the authentication request: Connection refused", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication call does not return HTTP 200 OK", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: false, | 
					
						
							|  |  |  |           status: 400, | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Authentication failed. Could not process the authentication request: HTTP 400"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication call does not return JSON", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.rejects(new Error("Not valid JSON")), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Authentication failed. Could not process the authentication request: Not valid JSON", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication call returns null", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.resolves(null), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             'Authentication failed. Expected {"authenticated": true, "redirectUrl": "..."}, server responded with: null', | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it('when authentication call returns {"authenticated":false}', async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.resolves({ | 
					
						
							|  |  |  |             authenticated: false, | 
					
						
							|  |  |  |           }), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             'Authentication failed. Expected {"authenticated": true, "redirectUrl": "..."}, server responded with: {"authenticated":false}', | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when authentication call returns no redirectUrl", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/login/webauthn`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.resolves({ | 
					
						
							|  |  |  |             authenticated: true, | 
					
						
							|  |  |  |           }), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.authenticate({}, contextPath, false); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             'Authentication failed. Expected {"authenticated": true, "redirectUrl": "..."}, server responded with: {"authenticated":true}', | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("authenticate should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   describe("register", () => { | 
					
						
							|  |  |  |     let httpPostStub; | 
					
						
							|  |  |  |     const contextPath = "/some/path"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     beforeEach(() => { | 
					
						
							|  |  |  |       const credentialsCreateOptions = { | 
					
						
							|  |  |  |         rp: { | 
					
						
							|  |  |  |           name: "Spring Security Relying Party", | 
					
						
							|  |  |  |           id: "example.localhost", | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         user: { | 
					
						
							|  |  |  |           name: "user", | 
					
						
							|  |  |  |           id: "eatPy60xmXG_58JrIiIBa5wq8Y76c7MD6mnY5vW8yP8", | 
					
						
							|  |  |  |           displayName: "user", | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         challenge: "s0hBOfkSaVLXdsbyD8jii6t2IjUd-eiTP1Cmeuo1qUo", | 
					
						
							|  |  |  |         pubKeyCredParams: [ | 
					
						
							|  |  |  |           { | 
					
						
							|  |  |  |             type: "public-key", | 
					
						
							|  |  |  |             alg: -8, | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |           { | 
					
						
							|  |  |  |             type: "public-key", | 
					
						
							|  |  |  |             alg: -7, | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |           { | 
					
						
							|  |  |  |             type: "public-key", | 
					
						
							|  |  |  |             alg: -257, | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |         timeout: 300000, | 
					
						
							|  |  |  |         excludeCredentials: [ | 
					
						
							|  |  |  |           { | 
					
						
							|  |  |  |             id: "nOsjw8eaaqSwVdTBBYE1FqfGdHs", | 
					
						
							|  |  |  |             type: "public-key", | 
					
						
							|  |  |  |             transports: [], | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |         ], | 
					
						
							|  |  |  |         authenticatorSelection: { | 
					
						
							|  |  |  |           residentKey: "required", | 
					
						
							|  |  |  |           userVerification: "preferred", | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         attestation: "direct", | 
					
						
							|  |  |  |         extensions: { credProps: true }, | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       const validAuthenticatorResponse = { | 
					
						
							|  |  |  |         authenticatorAttachment: "platform", | 
					
						
							|  |  |  |         id: "9wAuex_025BgEQrs7fOypo5SGBA", | 
					
						
							|  |  |  |         rawId: base64url.decode("9wAuex_025BgEQrs7fOypo5SGBA"), | 
					
						
							|  |  |  |         response: { | 
					
						
							|  |  |  |           attestationObject: base64url.decode( | 
					
						
							|  |  |  |             "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYy9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNhdAAAAAPv8MAcVTk7MjAtuAgVX170AFPcALnsf9NuQYBEK7O3zsqaOUhgQpQECAyYgASFYIMB9pM2BeSeEG83fAKFVSLKIfvDBBVoyGgMoiGxE-6WgIlggazAojM5sduQy2M7rz1do55nVaNLGXh8k4xBHz-Oy91E", | 
					
						
							|  |  |  |           ), | 
					
						
							|  |  |  |           getAuthenticatorData: () => | 
					
						
							|  |  |  |             base64url.decode( | 
					
						
							|  |  |  |               "y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNhdAAAAAPv8MAcVTk7MjAtuAgVX170AFPcALnsf9NuQYBEK7O3zsqaOUhgQpQECAyYgASFYIMB9pM2BeSeEG83fAKFVSLKIfvDBBVoyGgMoiGxE-6WgIlggazAojM5sduQy2M7rz1do55nVaNLGXh8k4xBHz-Oy91E", | 
					
						
							|  |  |  |             ), | 
					
						
							|  |  |  |           clientDataJSON: base64url.decode( | 
					
						
							|  |  |  |             "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUVdwd3lUcXJpYVlqbVdnOWFvZ0FxUlRKNVFYMFBGV2JWR2xNeGNsVjZhcyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyJ9", | 
					
						
							|  |  |  |           ), | 
					
						
							|  |  |  |           getPublicKey: () => | 
					
						
							|  |  |  |             base64url.decode( | 
					
						
							|  |  |  |               "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwH2kzYF5J4Qbzd8AoVVIsoh-8MEFWjIaAyiIbET7paBrMCiMzmx25DLYzuvPV2jnmdVo0sZeHyTjEEfP47L3UQ", | 
					
						
							|  |  |  |             ), | 
					
						
							|  |  |  |           getPublicKeyAlgorithm: () => -7, | 
					
						
							|  |  |  |           getTransports: () => ["internal"], | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |         type: "public-key", | 
					
						
							|  |  |  |         getClientExtensionResults: () => ({}), | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       global.navigator = { | 
					
						
							|  |  |  |         credentials: { | 
					
						
							|  |  |  |           create: fake.resolves(validAuthenticatorResponse), | 
					
						
							|  |  |  |         }, | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       httpPostStub = stub(http, "post"); | 
					
						
							|  |  |  |       httpPostStub.withArgs(contextPath + "/webauthn/register/options", match.any).resolves({ | 
					
						
							|  |  |  |         ok: true, | 
					
						
							|  |  |  |         status: 200, | 
					
						
							|  |  |  |         json: fake.resolves(credentialsCreateOptions), | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |       httpPostStub.withArgs(`${contextPath}/webauthn/register`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |         ok: true, | 
					
						
							|  |  |  |         json: fake.resolves({ | 
					
						
							|  |  |  |           success: true, | 
					
						
							|  |  |  |         }), | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     afterEach(() => { | 
					
						
							|  |  |  |       httpPostStub.restore(); | 
					
						
							|  |  |  |       delete global.navigator; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it("succeeds", async () => { | 
					
						
							|  |  |  |       const contextPath = "/some/path"; | 
					
						
							|  |  |  |       const headers = { _csrf: "csrf-value" }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       await webauthn.register(headers, contextPath, "my passkey"); | 
					
						
							|  |  |  |       assert.calledWithExactly( | 
					
						
							|  |  |  |         httpPostStub.lastCall, | 
					
						
							|  |  |  |         `${contextPath}/webauthn/register`, | 
					
						
							|  |  |  |         headers, | 
					
						
							|  |  |  |         match({ | 
					
						
							|  |  |  |           publicKey: { | 
					
						
							|  |  |  |             credential: { | 
					
						
							|  |  |  |               id: "9wAuex_025BgEQrs7fOypo5SGBA", | 
					
						
							|  |  |  |               rawId: "9wAuex_025BgEQrs7fOypo5SGBA", | 
					
						
							|  |  |  |               response: { | 
					
						
							|  |  |  |                 attestationObject: | 
					
						
							|  |  |  |                   "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYy9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNhdAAAAAPv8MAcVTk7MjAtuAgVX170AFPcALnsf9NuQYBEK7O3zsqaOUhgQpQECAyYgASFYIMB9pM2BeSeEG83fAKFVSLKIfvDBBVoyGgMoiGxE-6WgIlggazAojM5sduQy2M7rz1do55nVaNLGXh8k4xBHz-Oy91E", | 
					
						
							|  |  |  |                 clientDataJSON: | 
					
						
							|  |  |  |                   "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUVdwd3lUcXJpYVlqbVdnOWFvZ0FxUlRKNVFYMFBGV2JWR2xNeGNsVjZhcyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyJ9", | 
					
						
							|  |  |  |                 transports: ["internal"], | 
					
						
							|  |  |  |               }, | 
					
						
							|  |  |  |               type: "public-key", | 
					
						
							|  |  |  |               clientExtensionResults: {}, | 
					
						
							|  |  |  |               authenticatorAttachment: "platform", | 
					
						
							|  |  |  |             }, | 
					
						
							|  |  |  |             label: "my passkey", | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |         }), | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it("calls the authenticator with the correct options", async () => { | 
					
						
							|  |  |  |       await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       assert.calledOnceWithExactly( | 
					
						
							|  |  |  |         global.navigator.credentials.create, | 
					
						
							|  |  |  |         match({ | 
					
						
							|  |  |  |           publicKey: { | 
					
						
							|  |  |  |             rp: { | 
					
						
							|  |  |  |               name: "Spring Security Relying Party", | 
					
						
							|  |  |  |               id: "example.localhost", | 
					
						
							|  |  |  |             }, | 
					
						
							|  |  |  |             user: { | 
					
						
							|  |  |  |               name: "user", | 
					
						
							|  |  |  |               id: base64url.decode("eatPy60xmXG_58JrIiIBa5wq8Y76c7MD6mnY5vW8yP8"), | 
					
						
							|  |  |  |               displayName: "user", | 
					
						
							|  |  |  |             }, | 
					
						
							|  |  |  |             challenge: base64url.decode("s0hBOfkSaVLXdsbyD8jii6t2IjUd-eiTP1Cmeuo1qUo"), | 
					
						
							|  |  |  |             pubKeyCredParams: [ | 
					
						
							|  |  |  |               { | 
					
						
							|  |  |  |                 type: "public-key", | 
					
						
							|  |  |  |                 alg: -8, | 
					
						
							|  |  |  |               }, | 
					
						
							|  |  |  |               { | 
					
						
							|  |  |  |                 type: "public-key", | 
					
						
							|  |  |  |                 alg: -7, | 
					
						
							|  |  |  |               }, | 
					
						
							|  |  |  |               { | 
					
						
							|  |  |  |                 type: "public-key", | 
					
						
							|  |  |  |                 alg: -257, | 
					
						
							|  |  |  |               }, | 
					
						
							|  |  |  |             ], | 
					
						
							|  |  |  |             timeout: 300000, | 
					
						
							|  |  |  |             excludeCredentials: [ | 
					
						
							|  |  |  |               { | 
					
						
							|  |  |  |                 id: base64url.decode("nOsjw8eaaqSwVdTBBYE1FqfGdHs"), | 
					
						
							|  |  |  |                 type: "public-key", | 
					
						
							|  |  |  |                 transports: [], | 
					
						
							|  |  |  |               }, | 
					
						
							|  |  |  |             ], | 
					
						
							|  |  |  |             authenticatorSelection: { | 
					
						
							|  |  |  |               residentKey: "required", | 
					
						
							|  |  |  |               userVerification: "preferred", | 
					
						
							|  |  |  |             }, | 
					
						
							|  |  |  |             attestation: "direct", | 
					
						
							|  |  |  |             extensions: { credProps: true }, | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |           signal: match.any, | 
					
						
							|  |  |  |         }), | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     describe("registration failures", () => { | 
					
						
							|  |  |  |       it("when label is missing", async () => { | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, "/", ""); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Error: Passkey Label is required"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when cannot get the registration options", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(match.any, match.any).rejects(new Error("Server threw an error")); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, "/", "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Could not fetch registration options: Server threw an error", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration options call does not return HTTP 200 OK", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: false, | 
					
						
							|  |  |  |           status: 400, | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, "/", "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Could not fetch registration options: Server responded with HTTP 400", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration options are not valid JSON", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.rejects(new Error("Not a JSON response")), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, "/", "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Could not fetch registration options: Not a JSON response", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when navigator.credentials.create fails", async () => { | 
					
						
							|  |  |  |         global.navigator = { | 
					
						
							|  |  |  |           credentials: { | 
					
						
							|  |  |  |             create: fake.rejects(new Error("authenticator threw an error")), | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Call to navigator.credentials.create failed: authenticator threw an error", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           expect(err.cause).to.deep.equal(new Error("authenticator threw an error")); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration call fails", async () => { | 
					
						
							|  |  |  |         httpPostStub | 
					
						
							|  |  |  |           .withArgs(`${contextPath}/webauthn/register`, match.any, match.any) | 
					
						
							|  |  |  |           .rejects(new Error("Connection refused")); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Could not process the registration request: Connection refused", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           expect(err.cause).to.deep.equal(new Error("Connection refused")); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration call does not return HTTP 200 OK", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/register`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: false, | 
					
						
							|  |  |  |           status: 400, | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Registration failed. Could not process the registration request: HTTP 400"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration call does not return JSON", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/register`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.rejects(new Error("Not valid JSON")), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal( | 
					
						
							|  |  |  |             "Registration failed. Could not process the registration request: Not valid JSON", | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |           expect(err.cause).to.deep.equal(new Error("Not valid JSON")); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it("when registration call returns null", async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/register`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.resolves(null), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal("Registration failed. Server responded with: null"); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       it('when registration call returns {"success":false}', async () => { | 
					
						
							|  |  |  |         httpPostStub.withArgs(`${contextPath}/webauthn/register`, match.any, match.any).resolves({ | 
					
						
							|  |  |  |           ok: true, | 
					
						
							|  |  |  |           status: 200, | 
					
						
							|  |  |  |           json: fake.resolves({ success: false }), | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           await webauthn.register({}, contextPath, "my passkey"); | 
					
						
							|  |  |  |         } catch (err) { | 
					
						
							|  |  |  |           expect(err).to.be.an("error"); | 
					
						
							|  |  |  |           expect(err.message).to.equal('Registration failed. Server responded with: {"success":false}'); | 
					
						
							|  |  |  |           return; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         expect.fail("register should throw"); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | }); |