Merge branch 'main' into dependabot/github_actions/actions/cache-4

.github/workflows/tests.yml

@@ -159,7 +159,7 @@ jobs:
 
       - name: SonarCloud Scan
         if: env.SONAR_TOKEN != ''
-        uses: SonarSource/sonarcloud-github-action@v2.0.2
+        uses: SonarSource/sonarcloud-github-action@v2.1.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

composer.json

@@ -22,9 +22,13 @@
     "require": {
         "php": ">=8.1",
         "illuminate/support": "^9.0 || ^10.0",
+        "phpdocumentor/reflection-docblock": "^5.3",
         "psr/http-factory-implementation": "1.0",
+        "symfony/property-access": "^6.4 || ^7.0",
+        "symfony/property-info": "^6.4 || ^7.0",
+        "symfony/serializer": "^6.4 || ^7.0",
         "web-auth/cose-lib": "^4.0",
-        "web-auth/webauthn-lib": "^4.7.1",
+        "web-auth/webauthn-lib": "^4.8.0",
         "web-token/jwt-signature": "^3.0"
     },
     "conflict": {

src/Actions/AttemptToAuthenticate.php

@@ -113,7 +113,7 @@ protected function throwFailedAuthenticationException(Request $request): void
     /**
      * Fire the failed authentication attempt event with the given arguments.
      */
-    protected function fireFailedEvent(Request $request, User $user = null): void
+    protected function fireFailedEvent(Request $request, ?User $user = null): void
     {
         event(new Failed(config('webauthn.guard'), $user, [
             Webauthn::username() => $user !== null

src/Actions/PrepareCreationData.php

@@ -28,7 +28,7 @@ public function __invoke(User $user): PublicKeyCredentialCreationOptions
      *
      * @throws \Illuminate\Validation\ValidationException
      */
-    protected function throwFailedRegisterException(User $user, Exception $e = null): void
+    protected function throwFailedRegisterException(User $user, ?Exception $e = null): void
     {
         WebauthnRegisterFailed::dispatch($user, $e);
 

src/Actions/ValidateKeyCreation.php

@@ -45,7 +45,7 @@ protected function validateAttestation(User $user, array $data, string $keyName)
      *
      * @throws \Illuminate\Validation\ValidationException
      */
-    protected function throwFailedRegisterException(User $user, Exception $e = null): void
+    protected function throwFailedRegisterException(User $user, ?Exception $e = null): void
     {
         WebauthnRegisterFailed::dispatch($user, $e);
 

src/Http/Middleware/WebauthnMiddleware.php

@@ -21,7 +21,7 @@ public function __construct(
     /**
      * Handle an incoming request.
      */
-    public function handle(Request $request, Closure $next, string $guard = null): mixed
+    public function handle(Request $request, Closure $next, ?string $guard = null): mixed
     {
         if (Webauthn::webauthnEnabled() && ! Webauthn::check()) {
             abort_if($this->auth->guard($guard)->guest(), 401, /** @var string $m */ $m = trans('webauthn::errors.user_unauthenticated'));

src/Models/WebauthnKey.php

@@ -89,7 +89,7 @@ public function publicKeyCredentialSource(): Attribute
                 (string) $this->user_id,
                 $this->counter
             ),
-            set: function (PublicKeyCredentialSource $value, array $attributes = null): array {
+            set: function (PublicKeyCredentialSource $value, ?array $attributes = null): array {
                 if (((string) Arr::get($attributes, 'user_id')) !== $value->userHandle) {
                     throw new WrongUserHandleException();
                 }

src/Services/Webauthn.php

@@ -50,7 +50,7 @@ public static function username(): string
     /**
      * Get a completion redirect path for a specific feature.
      */
-    public static function redirects(string $redirect, string $default = null): string
+    public static function redirects(string $redirect, ?string $default = null): string
     {
         return config('webauthn.redirects.'.$redirect) ?? $default ?? config('webauthn.home');
     }

src/Services/Webauthn/CredentialAssertionValidator.php

@@ -8,18 +8,18 @@
 use LaravelWebauthn\Exceptions\ResponseMismatchException;
 use LaravelWebauthn\Services\Webauthn;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use Symfony\Component\Serializer\SerializerInterface;
 use Webauthn\AuthenticatorAssertionResponse;
 use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\PublicKeyCredential;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialRequestOptions;
 
 class CredentialAssertionValidator extends CredentialValidator
 {
     public function __construct(
         Request $request,
         Cache $cache,
-        protected PublicKeyCredentialLoader $loader,
+        protected SerializerInterface $loader,
         protected AuthenticatorAssertionResponseValidator $validator
     ) {
         parent::__construct($request, $cache);
@@ -33,7 +33,8 @@ public function __construct(
     public function __invoke(User $user, array $data): bool
     {
         // Load the data
-        $publicKeyCredential = $this->loader->loadArray($data);
+        $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
+        $publicKeyCredential = $this->loader->deserialize($content, PublicKeyCredential::class, 'json');
 
         // Check the response against the request
         $this->validator->check(
@@ -53,9 +54,9 @@ public function __invoke(User $user, array $data): bool
     protected function pullPublicKey(User $user): PublicKeyCredentialRequestOptions
     {
         try {
-            $value = json_decode($this->cache->pull($this->cacheKey($user)), true, flags: JSON_THROW_ON_ERROR);
+            $value = $this->cache->pull($this->cacheKey($user));
 
-            return PublicKeyCredentialRequestOptions::createFromArray($value);
+            return $this->loader->deserialize($value, PublicKeyCredentialRequestOptions::class, 'json');
         } catch (\Exception $e) {
             app('webauthn.log')->debug('Webauthn publickKey deserialize error', ['exception' => $e]);
             abort(404);

src/Services/Webauthn/CredentialAttestationValidator.php

@@ -6,19 +6,19 @@
 use Illuminate\Contracts\Cache\Repository as Cache;
 use Illuminate\Http\Request;
 use LaravelWebauthn\Exceptions\ResponseMismatchException;
+use Symfony\Component\Serializer\SerializerInterface;
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\PublicKeyCredential;
 use Webauthn\PublicKeyCredentialCreationOptions;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialSource;
 
 class CredentialAttestationValidator extends CredentialValidator
 {
     public function __construct(
         Request $request,
         Cache $cache,
-        protected PublicKeyCredentialLoader $loader,
+        protected SerializerInterface $loader,
         protected AuthenticatorAttestationResponseValidator $validator
     ) {
         parent::__construct($request, $cache);
@@ -32,7 +32,8 @@ public function __construct(
     public function __invoke(User $user, array $data): PublicKeyCredentialSource
     {
         // Load the data
-        $publicKeyCredential = $this->loader->loadArray($data);
+        $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
+        $publicKeyCredential = $this->loader->deserialize($content, PublicKeyCredential::class, 'json');
 
         // Check the response against the request
         return $this->validator->check(
@@ -48,9 +49,9 @@ public function __invoke(User $user, array $data): PublicKeyCredentialSource
     protected function pullPublicKey(User $user): PublicKeyCredentialCreationOptions
     {
         try {
-            $value = json_decode($this->cache->pull($this->cacheKey($user)), true, flags: JSON_THROW_ON_ERROR);
+            $value = $this->cache->pull($this->cacheKey($user));
 
-            return PublicKeyCredentialCreationOptions::createFromArray($value);
+            return $this->loader->deserialize($value, PublicKeyCredentialCreationOptions::class, 'json');
         } catch (\Exception $e) {
             app('webauthn.log')->debug('Webauthn publicKey deserialize error', ['exception' => $e]);
             abort(404);

src/WebauthnServiceProvider.php

@@ -39,6 +39,7 @@
 use Psr\Http\Message\StreamFactoryInterface;
 use Psr\Http\Message\UploadedFileFactoryInterface;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
+use Symfony\Component\Serializer\SerializerInterface;
 use Webauthn\AttestationStatement\AndroidKeyAttestationStatementSupport;
 use Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport;
 use Webauthn\AttestationStatement\AppleAttestationStatementSupport;
@@ -52,9 +53,9 @@
 use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
+use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
 use Webauthn\Counter\CounterChecker;
 use Webauthn\Counter\ThrowExceptionIfInvalid;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialRpEntity;
 
 class WebauthnServiceProvider extends ServiceProvider
@@ -188,15 +189,24 @@ protected function bindWebAuthnPackage(): void
             ), fn (AuthenticatorAttestationResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log'])
             )
         );
+        $this->app->bind(
+            CeremonyStepManagerFactory::class,
+            fn ($app) => tap(new CeremonyStepManagerFactory, function (CeremonyStepManagerFactory $factory) use ($app) {
+                $factory->setExtensionOutputCheckerHandler($app[ExtensionOutputCheckerHandler::class]);
+                $factory->setAlgorithmManager($app[CoseAlgorithmManager::class]);
+                $factory->setCounterChecker($app[CounterChecker::class]);
+            })
+        );
         $this->app->bind(
             AuthenticatorAssertionResponseValidator::class,
             fn ($app) => tap((new AuthenticatorAssertionResponseValidator(
                 null,
                 null,
                 $app[ExtensionOutputCheckerHandler::class],
-                $app[CoseAlgorithmManager::class]
-            ))
-                ->setCounterChecker($app[CounterChecker::class]), fn (AuthenticatorAssertionResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log'])
+                $app[CoseAlgorithmManager::class],
+                null,
+                ($app[CeremonyStepManagerFactory::class])->requestCeremony()
+            )), fn (AuthenticatorAssertionResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log'])
             )
         );
         $this->app->bind(
@@ -207,7 +217,6 @@ protected function bindWebAuthnPackage(): void
                 $app['config']->get('webauthn.userless')
             )
         );
-
         $this->app->bind(
             PublicKeyCredentialRpEntity::class,
             fn ($app) => new PublicKeyCredentialRpEntity(
@@ -216,14 +225,6 @@ protected function bindWebAuthnPackage(): void
                 $app['config']->get('webauthn.icon')
             )
         );
-        $this->app->bind(
-            PublicKeyCredentialLoader::class,
-            fn ($app) => tap(new PublicKeyCredentialLoader(
-                $app[AttestationObjectLoader::class]
-            ), fn (PublicKeyCredentialLoader $loader) => $loader->setLogger($app['webauthn.log'])
-            )
-        );
-
         $this->app->bind(
             CoseAlgorithmManager::class,
             fn ($app) => $app[CoseAlgorithmManagerFactory::class]
@@ -256,6 +257,10 @@ protected function bindWebAuthnPackage(): void
                 }
             })
         );
+        $this->app->bind(
+            SerializerInterface::class,
+            fn ($app) => (new \Webauthn\Denormalizer\WebauthnSerializerFactory($app[AttestationStatementSupportManager::class]))->create()
+        );
     }
 
     /**

tests/Unit/Services/WebauthnTest.php

@@ -5,6 +5,7 @@
 use CBOR\ListObject;
 use CBOR\MapItem;
 use CBOR\MapObject;
+use CBOR\NegativeIntegerObject;
 use CBOR\TextStringObject;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
@@ -65,8 +66,8 @@ public function test_do_register_data()
             'transports' => '[]',
             'attestationType' => 'none',
             'trustPath' => '{"type":"Webauthn\\\\TrustPath\\\\EmptyTrustPath"}',
-            'aaguid' => '00000000-0000-0000-0000-000000000000',
-            'credentialPublicKey' => 'oWNrZXlldmFsdWU=',
+            'aaguid' => '30303030-3030-3030-3030-303030303030',
+            'credentialPublicKey' => 'omExZXZhbHVlYTMm',
             'counter' => '1',
         ]);
     }
@@ -141,9 +142,13 @@ private function getAttestationData($publicKey)
                             pack('n', 1).'0'. // credentialLength
                             ((string) new MapObject([
                                 new MapItem(
-                                    new TextStringObject('key'),
+                                    new TextStringObject('1'),
                                     new TextStringObject('value')
                                 ),
+                                new MapItem(
+                                    new TextStringObject('3'),
+                                    new NegativeIntegerObject(6, null)
+                                ),
                             ])) // credentialPublicKey
                         )
                     ),