Rename make_credential() to store_credential()

Since the credential is made on the client-side,
"make" is a bad name as it implies that the credential
is made on the server, but it isn't, it's merely "stored"
on the server.

Author: joelonsql

1.0--1.1.sql

@@ -0,0 +1,7 @@
+DROP FUNCTION webauthn.make_credential(
+  credential_id text,
+  credential_type webauthn.credential_type,
+  attestation_object text,
+  client_data_json text,
+  credential_at timestamptz
+);

1.1--1.2.sql

@@ -25,7 +25,7 @@ SELECT jsonb_pretty(webauthn.init_credential(
   challenge_at := '%10$s'
 ));
 
-SELECT * FROM webauthn.make_credential(
+SELECT * FROM webauthn.store_credential(
   credential_id := '%11$s',
   credential_type := '%12$s',
   attestation_object := '%13$s',

FUNCTIONS/generate_test.sql

@@ -1,4 +1,4 @@
-CREATE OR REPLACE FUNCTION webauthn.make_credential(
+CREATE OR REPLACE FUNCTION webauthn.store_credential(
   OUT user_id bytea,
   credential_id text,
   credential_type webauthn.credential_type,
@@ -11,15 +11,15 @@ LANGUAGE sql
 AS $$
 INSERT INTO webauthn.credentials (credential_id, credential_type, attestation_object, client_data_json, challenge, user_name, user_id, credential_at)
 SELECT
-  webauthn.base64url_decode(make_credential.credential_id),
-  make_credential.credential_type,
-  webauthn.base64url_decode(make_credential.attestation_object),
-  webauthn.base64url_decode(make_credential.client_data_json),
+  webauthn.base64url_decode(store_credential.credential_id),
+  store_credential.credential_type,
+  webauthn.base64url_decode(store_credential.attestation_object),
+  webauthn.base64url_decode(store_credential.client_data_json),
   credential_challenges.challenge,
   credential_challenges.user_name,
   credential_challenges.user_id,
-  make_credential.credential_at
+  store_credential.credential_at
 FROM webauthn.credential_challenges
-WHERE credential_challenges.challenge = webauthn.base64url_decode(webauthn.from_utf8(webauthn.base64url_decode(make_credential.client_data_json))::jsonb->>'challenge')
+WHERE credential_challenges.challenge = webauthn.base64url_decode(webauthn.from_utf8(webauthn.base64url_decode(store_credential.client_data_json))::jsonb->>'challenge')
 RETURNING credentials.user_id
 $$;

FUNCTIONS/make_credential.sql FUNCTIONS/store_credential.sqlFUNCTIONS/make_credential.sql renamed to FUNCTIONS/store_credential.sql

@@ -1,5 +1,5 @@
 EXTENSION = webauthn
-DATA = webauthn--1.1.sql webauthn--1.0--1.1.sql
+DATA = webauthn--1.2.sql webauthn--1.1--1.2.sql
 REGRESS = ok \
 	ok_user_handle \
 	error_assertions_check_user_verified_or_not_required \
@@ -13,13 +13,13 @@ REGRESS = ok \
 	error_replay_attack \
 	error_hijack_attack
 
-EXTRA_CLEAN = webauthn--1.1.sql webauthn--1.0--1.1.sql
+EXTRA_CLEAN = webauthn--1.2.sql webauthn--1.1--1.2.sql
 
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)
 include $(PGXS)
 
-all: webauthn--1.1.sql webauthn--1.0--1.1.sql
+all: webauthn--1.2.sql webauthn--1.1--1.2.sql
 
 SQL_SRC = \
   complain_header.sql \
@@ -45,19 +45,18 @@ SQL_SRC = \
   TABLES/assertions.sql \
 	FUNCTIONS/get_credential_creation_options.sql \
   FUNCTIONS/init_credential.sql \
-  FUNCTIONS/make_credential.sql \
+  FUNCTIONS/store_credential.sql \
   FUNCTIONS/get_credentials.sql \
   FUNCTIONS/verify_assertion.sql \
 	FUNCTIONS/generate_test.sql
 
-webauthn--1.1.sql: $(SQL_SRC)
+webauthn--1.2.sql: $(SQL_SRC)
 	cat $^ > $@
 
 SQL_SRC = \
   complain_header.sql \
-	FUNCTIONS/get_credential_creation_options.sql \
-  FUNCTIONS/init_credential.sql \
-  1.0--1.1.sql
+  FUNCTIONS/store_credential.sql \
+  1.1--1.2.sql
 
-webauthn--1.0--1.1.sql: $(SQL_SRC)
+webauthn--1.1--1.2.sql: $(SQL_SRC)
 	cat $^ > $@

Makefile

@@ -7,13 +7,13 @@
 1. [API](#api)
     1. [Sign-up functions](#sign-up)
         1. [webauthn.init_credential()]
-        1. [webauthn.make_credential()]
+        1. [webauthn.store_credential()]
     1. [Sign-in functions](#sign-in)
         1. [webauthn.get_credentials()]
         1. [webauthn.verify_assertion()]
 
 [webauthn.init_credential()]: #init-credential
-[webauthn.make_credential()]: #make-credential
+[webauthn.store_credential()]: #make-credential
 [webauthn.get_credentials()]: #get-credentials
 [webauthn.verify_assertion()]: #verify-assertion
 
@@ -85,7 +85,7 @@ The API consists of two sign-up functions and two sign-in functions.
 
 <h3 id="sign-up">5.1. Sign-up functions</h3>
 
-To sign-up, the browser first calls [webauthn.init_credential()] to get a list of supported crypto algorithms together with a random challenge to be used in the subsequent [webauthn.make_credential()] call to save the public key credential generated by the browser.
+To sign-up, the browser first calls [webauthn.init_credential()] to get a list of supported crypto algorithms together with a random challenge to be used in the subsequent [webauthn.store_credential()] call to save the public key credential generated by the browser.
 
 <h3 id="init-credential"><code>webauthn.init_credential(...) → jsonb</code></h3>
 
@@ -173,7 +173,7 @@ SELECT jsonb_pretty(webauthn.init_credential(
 }
 ```
 
-<h3 id="make-credential"><code>webauthn.make_credential(...) → user_id bytea</code></h3>
+<h3 id="make-credential"><code>webauthn.store_credential(...) → user_id bytea</code></h3>
 
 Input Parameter      | Type
 -------------------- | ------------------------
@@ -189,14 +189,14 @@ Input Parameter      | Type
 [client_data_json]: https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson
 [base64url]: https://tools.ietf.org/html/rfc4648#section-5
 
-Source code: [FUNCTIONS/make_credential.sql](https://github.com/truthly/pg-webauthn/blob/master/FUNCTIONS/make_credential.sql#L1)
+Source code: [FUNCTIONS/store_credential.sql](https://github.com/truthly/pg-webauthn/blob/master/FUNCTIONS/store_credential.sql#L1)
 
 Stores the public key for the credential generated by the browser to the [webauthn.credentials](https://github.com/truthly/pg-webauthn/blob/master/TABLES/credentials.sql#L1) table.
 The [challenge] can only be used once to prevent replay attacks.
 If successful, returns the corresponding [user_id] bytea value given as input to [webauthn.init_credential()], or `NULL` to indicate failure.
 
 ```sql
-SELECT * FROM webauthn.make_credential(
+SELECT * FROM webauthn.store_credential(
   credential_id := 'TMvc9cgQ4S3H498Qez2ilQdkDS02s0sR7wXyiaKrUphXQRNqiP1pfzoBPsEey8wjHDUXh_A-91zqP_H0bkeohA',
   credential_type := 'public-key',
   attestation_object := 'o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEzL3PXIEOEtx-PfEHs9opUHZA0tNrNLEe8F8omiq1KYV0ETaoj9aX86AT7BHsvMIxw1F4fwPvdc6j_x9G5HqISlAQIDJiABIVggf6kt0GZu7nwT3be2JJsMj5-6Q2CFfE4V0vxjSitaH48iWCDbmYOzGUadNecZo7k-GsKShUzT_yrVCJhoGwoy_7y8ag',
@@ -224,7 +224,7 @@ Input Parameter                | Type                                     | Defa
 
 Source code: [FUNCTIONS/get_credentials.sql](https://github.com/truthly/pg-webauthn/blob/master/FUNCTIONS/get_credentials.sql#L1)
 
-Stores the random challenge to the [webauthn.assertion_challenges](https://github.com/truthly/pg-webauthn/blob/master/TABLES/assertion_challenges.sql#L1) table. If [user_name] is set, the returned *publicKey.allowCredentials* field will contain a list of all public keys matching [relying_party_id] and [user_name]. Such public keys have previously been created by the [webauthn.make_credential()] function,
+Stores the random challenge to the [webauthn.assertion_challenges](https://github.com/truthly/pg-webauthn/blob/master/TABLES/assertion_challenges.sql#L1) table. If [user_name] is set, the returned *publicKey.allowCredentials* field will contain a list of all public keys matching [relying_party_id] and [user_name]. Such public keys have previously been created by the [webauthn.store_credential()] function,
 stored in the [webauthn.credentials](https://github.com/truthly/pg-webauthn/blob/master/TABLES/credentials.sql#L1) table.
 
 The [timeout] value, if specified, must lie [within a reasonable range](https://www.w3.org/TR/webauthn-2/#sctn-discover-from-external-source) between 30 seconds to 10 minutes.

README.md

@@ -47,7 +47,7 @@ ALTER TABLE webauthn.credentials ADD UNIQUE (user_name, user_id, challenge);
 ALTER TABLE webauthn.credential_challenges ADD UNIQUE (user_name, user_id, challenge);
 ALTER TABLE webauthn.credentials ADD FOREIGN KEY (user_name, user_id, challenge) REFERENCES webauthn.credential_challenges (user_name, user_id, challenge);
 
-COMMENT ON TABLE webauthn.credentials IS 'Used by webauthn.make_credential() to store credentials.';
+COMMENT ON TABLE webauthn.credentials IS 'Used by webauthn.store_credential() to store credentials.';
 
 COMMENT ON COLUMN webauthn.credentials.credential_id IS 'https://www.w3.org/TR/webauthn-2/#credential-id';
 COMMENT ON COLUMN webauthn.credentials.challenge IS 'https://www.w3.org/TR/webauthn-2/#dom-collectedclientdata-challenge';
@@ -65,4 +65,4 @@ COMMENT ON COLUMN webauthn.credentials.client_data_json IS 'https://www.w3.org/T
 COMMENT ON COLUMN webauthn.credentials.origin IS 'https://www.w3.org/TR/webauthn-2/#dom-collectedclientdata-origin';
 COMMENT ON COLUMN webauthn.credentials.cross_origin IS 'https://www.w3.org/TR/webauthn-2/#dom-collectedclientdata-crossorigin';
 COMMENT ON COLUMN webauthn.credentials.user_id IS 'https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-id';
-COMMENT ON COLUMN webauthn.credentials.credential_at IS 'Timestamp of when the credential was created by webauthn.make_credential()';
+COMMENT ON COLUMN webauthn.credentials.credential_at IS 'Timestamp of when the credential was created by webauthn.store_credential()';

TABLES/credentials.sql

@@ -43,7 +43,7 @@ SELECT jsonb_pretty(webauthn.init_credential(
  }
 (1 row)
 
-SELECT * FROM webauthn.make_credential(
+SELECT * FROM webauthn.store_credential(
   credential_id := 'TMvc9cgQ4S3H498Qez2ilQdkDS02s0sR7wXyiaKrUphXQRNqiP1pfzoBPsEey8wjHDUXh_A-91zqP_H0bkeohA',
   credential_type := 'public-key',
   attestation_object := 'o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEzL3PXIEOEtx-PfEHs9opUHZA0tNrNLEe8F8omiq1KYV0ETaoj9aX86AT7BHsvMIxw1F4fwPvdc6j_x9G5HqISlAQIDJiABIVggf6kt0GZu7nwT3be2JJsMj5-6Q2CFfE4V0vxjSitaH48iWCDbmYOzGUadNecZo7k-GsKShUzT_yrVCJhoGwoy_7y8ag',

expected/error_assertions_check_reasonable_timeout.out

@@ -43,7 +43,7 @@ SELECT jsonb_pretty(webauthn.init_credential(
  }
 (1 row)
 
-SELECT * FROM webauthn.make_credential(
+SELECT * FROM webauthn.store_credential(
   credential_id := 'TMvc9cgQ4S3H498Qez2ilQdkDS02s0sR7wXyiaKrUphXQRNqiP1pfzoBPsEey8wjHDUXh_A-91zqP_H0bkeohA',
   credential_type := 'public-key',
   attestation_object := 'o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEzL3PXIEOEtx-PfEHs9opUHZA0tNrNLEe8F8omiq1KYV0ETaoj9aX86AT7BHsvMIxw1F4fwPvdc6j_x9G5HqISlAQIDJiABIVggf6kt0GZu7nwT3be2JJsMj5-6Q2CFfE4V0vxjSitaH48iWCDbmYOzGUadNecZo7k-GsKShUzT_yrVCJhoGwoy_7y8ag',

expected/error_assertions_check_user_handle_equal_or_null.out

@@ -43,7 +43,7 @@ SELECT jsonb_pretty(webauthn.init_credential(
  }
 (1 row)
 
-SELECT * FROM webauthn.make_credential(
+SELECT * FROM webauthn.store_credential(
   credential_id := 'TMvc9cgQ4S3H498Qez2ilQdkDS02s0sR7wXyiaKrUphXQRNqiP1pfzoBPsEey8wjHDUXh_A-91zqP_H0bkeohA',
   credential_type := 'public-key',
   attestation_object := 'o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEzL3PXIEOEtx-PfEHs9opUHZA0tNrNLEe8F8omiq1KYV0ETaoj9aX86AT7BHsvMIxw1F4fwPvdc6j_x9G5HqISlAQIDJiABIVggf6kt0GZu7nwT3be2JJsMj5-6Q2CFfE4V0vxjSitaH48iWCDbmYOzGUadNecZo7k-GsKShUzT_yrVCJhoGwoy_7y8ag',