Revert "change origin verify to use fully qualified origin (#208)" (#211)

aseigler · web-flow · commit acda23d58695 · 2021-03-17T18:41:35.000-04:00
This reverts commit fb5b952.
diff --git a/Src/Fido2/AuthenticatorResponse.cs b/Src/Fido2/AuthenticatorResponse.cs
@@ -68,7 +68,7 @@ protected void BaseVerify(string expectedOrigin, byte[] originalChallenge, byte[
                 throw new Fido2VerificationException("Challenge not equal to original challenge");
 
             // 5. Verify that the value of C.origin matches the Relying Party's origin.
-            if (!string.Equals(FullyQualifiedOrigin(this.Origin), expectedOrigin, StringComparison.OrdinalIgnoreCase))
+            if (Origin != expectedOrigin)
                 throw new Fido2VerificationException($"Origin {Origin} not equal to original origin {expectedOrigin}");
 
             // 6. Verify that the value of C.tokenBinding.status matches the state of Token Binding for the TLS connection over which the assertion was obtained. 
@@ -78,12 +78,5 @@ protected void BaseVerify(string expectedOrigin, byte[] originalChallenge, byte[
                 TokenBinding.Verify(requestTokenBindingId);
             }
         }
-
-        private string FullyQualifiedOrigin(string origin)
-        {
-            var uri = new Uri(origin);
-
-            return $"{uri.Scheme}://{uri.Host}";
-        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ protected void BaseVerify(string expectedOrigin, byte[] originalChallenge, byte[`
`68`	`68`	`throw new Fido2VerificationException("Challenge not equal to original challenge");`
`69`	`69`
`70`	`70`	`// 5. Verify that the value of C.origin matches the Relying Party's origin.`
`71`		`- if (!string.Equals(FullyQualifiedOrigin(this.Origin), expectedOrigin, StringComparison.OrdinalIgnoreCase))`
	`71`	`+ if (Origin != expectedOrigin)`
`72`	`72`	`throw new Fido2VerificationException($"Origin {Origin} not equal to original origin {expectedOrigin}");`
`73`	`73`
`74`	`74`	`// 6. Verify that the value of C.tokenBinding.status matches the state of Token Binding for the TLS connection over which the assertion was obtained.`
`@@ -78,12 +78,5 @@ protected void BaseVerify(string expectedOrigin, byte[] originalChallenge, byte[`
`78`	`78`	`TokenBinding.Verify(requestTokenBindingId);`
`79`	`79`	`}`
`80`	`80`	`}`
`81`		`-`
`82`		`- private string FullyQualifiedOrigin(string origin)`
`83`		`- {`
`84`		`- var uri = new Uri(origin);`
`85`		`-`
`86`		`- return $"{uri.Scheme}://{uri.Host}";`
`87`		`- }`
`88`	`81`	`}`
`89`	`82`	`}`