fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-04-10 01:38:08 +02:00 · 2024-04-10 01:38:08 +02:00 · e8452d9ef1
parent fea0278947
commit e8452d9ef1
2 changed files with 25 additions and 25 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit e2747858e408e4d9dde72a8a7cf99f2d7f750d98
+Subproject commit 202c6195d28ac55f08e5b3c31a95fff6a7093659
--- a/lib/private/Authentication/WebAuthn/Manager.php
+++ b/lib/private/Authentication/WebAuthn/Manager.php
@ -83,14 +83,14 @@ class Manager {
 	public function startRegistration(IUser $user, string $serverHost): PublicKeyCredentialCreationOptions {
 		$rpEntity = new PublicKeyCredentialRpEntity(
 			'Nextcloud', //Name
-			$this->stripPort($serverHost),        //ID
+			$this->stripPort($serverHost),  //ID
 			null                            //Icon
 		);

 		$userEntity = new PublicKeyCredentialUserEntity(
-			$user->getUID(),                              //Name
-			$user->getUID(),                              //ID
-			$user->getDisplayName()                      //Display name
+			$user->getUID(),                             // Name
+			$user->getUID(),                             // ID
+			$user->getDisplayName()                      // Display name
 			//            'https://foo.example.co/avatar/123e4567-e89b-12d3-a456-426655440000' //Icon
 		);

@ -107,9 +107,10 @@ class Manager {
 		];

 		$authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(
+			null,
+			AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED,
 			null,
 			false,
-			AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
 		);

 		return new PublicKeyCredentialCreationOptions(
@ -117,11 +118,10 @@ class Manager {
 			$userEntity,
 			$challenge,
 			$publicKeyCredentialParametersList,
-			$timeout,
-			$excludedPublicKeyDescriptors,
 			$authenticatorSelectionCriteria,
 			PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
-			null
+			$excludedPublicKeyDescriptors,
+			$timeout,
 		);
 	}

@ -149,7 +149,7 @@ class Manager {
 		try {
 			// Load the data
 			$publicKeyCredential = $publicKeyCredentialLoader->load($data);
-			$response = $publicKeyCredential->getResponse();
+			$response = $publicKeyCredential->response;

 			// Check if the response is an Authenticator Attestation Response
 			if (!$response instanceof AuthenticatorAttestationResponse) {
@ -162,7 +162,9 @@ class Manager {
 			$publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
 				$response,
 				$publicKeyCredentialCreationOptions,
-				$request);
+				$request,
+				['localhost'],
+			);
 		} catch (\Throwable $exception) {
 			throw $exception;
 		}
@ -180,18 +182,18 @@ class Manager {
 		$registeredPublicKeyCredentialDescriptors = array_map(function (PublicKeyCredentialEntity $entity) {
 			$credential = $entity->toPublicKeyCredentialSource();
 			return new PublicKeyCredentialDescriptor(
-				$credential->getType(),
-				$credential->getPublicKeyCredentialId()
+				$credential->type,
+				$credential->publicKeyCredentialId,
 			);
 		}, $this->credentialMapper->findAllForUid($uid));

 		// Public Key Credential Request Options
 		return new PublicKeyCredentialRequestOptions(
-			random_bytes(32),                                                    // Challenge
-			60000,                                                              // Timeout
-			$this->stripPort($serverHost),                                                                  // Relying Party ID
-			$registeredPublicKeyCredentialDescriptors,                                  // Registered PublicKeyCredentialDescriptor classes
-			AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
+			random_bytes(32),                                                          // Challenge
+			$this->stripPort($serverHost),                                             // Relying Party ID
+			$registeredPublicKeyCredentialDescriptors,                                 // Registered PublicKeyCredentialDescriptor classes
+			AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED,
+			60000,                                                                     // Timeout
 		);
 	}

@ -213,16 +215,15 @@ class Manager {
 			$tokenBindingHandler,
 			$extensionOutputCheckerHandler,
 			$algorithmManager,
-			null,
-			$this->logger,
 		);
+		$authenticatorAssertionResponseValidator->setLogger($this->logger);

 		try {
 			$this->logger->debug('Loading publickey credentials from: ' . $data);

 			// Load the data
 			$publicKeyCredential = $publicKeyCredentialLoader->load($data);
-			$response = $publicKeyCredential->getResponse();
+			$response = $publicKeyCredential->response;

 			// Check if the response is an Authenticator Attestation Response
 			if (!$response instanceof AuthenticatorAssertionResponse) {
@ -233,18 +234,17 @@ class Manager {
 			$request = ServerRequest::fromGlobals();

 			$publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check(
-				$publicKeyCredential->getRawId(),
+				$publicKeyCredential->rawId,
 				$response,
 				$publicKeyCredentialRequestOptions,
 				$request,
-				$uid
+				$uid,
+				['localhost'],
 			);
 		} catch (\Throwable $e) {
 			throw $e;
 		}

-
-
 		return true;
 	}