Merge pull request #600 from web-auth/temp-9acfe9

Merge up 4.8.7 to 4.9.x
web-auth · Jun 15, 2024 · 684f7cb · 684f7cb
2 parents 858de96 + d440667
commit 684f7cb
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 7 deletions.
diff --git a/src/metadata-service/src/Statement/MetadataStatement.php b/src/metadata-service/src/Statement/MetadataStatement.php
@@ -361,7 +361,7 @@ public function getDescription(): string
      * @deprecated since 4.7.0. Please use the property directly.
      * @infection-ignore-all
      */
-    public function getAlternativeDescriptions(): AlternativeDescriptions
+    public function getAlternativeDescriptions(): null|AlternativeDescriptions
     {
         return $this->alternativeDescriptions;
     }

diff --git a/src/symfony/src/Resources/config/doctrine-mapping/PublicKeyCredentialSource.orm.xml b/src/symfony/src/Resources/config/doctrine-mapping/PublicKeyCredentialSource.orm.xml
@@ -15,5 +15,8 @@
         <field name="userHandle"/>
         <field name="counter" type="integer"/>
         <field name="otherUI" type="array" nullable="true"/>
+        <field name="backupEligible" type="boolean" nullable="true"/>
+        <field name="backupStatus" type="boolean" nullable="true"/>
+        <field name="uvInitialized" type="boolean" nullable="true"/>
     </mapped-superclass>
 </doctrine-mapping>
diff --git a/tests/symfony/config/config.yml b/tests/symfony/config/config.yml
@@ -111,6 +111,8 @@ doctrine:
     auto_generate_proxy_classes: true
     naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
     auto_mapping: true
+    controller_resolver:
+      auto_mapping: false
     mappings:
       App:
         is_bundle: false

diff --git a/tests/symfony/functional/Firewall/NonSecuredAreaTest.php b/tests/symfony/functional/Firewall/NonSecuredAreaTest.php
@@ -6,6 +6,7 @@
 
 use PHPUnit\Framework\Attributes\Test;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 
 /**
  * @internal
@@ -16,7 +17,7 @@ final class NonSecuredAreaTest extends WebTestCase
     public function aClientWantsToAccessOnNonSecuredResource(): void
     {
         $client = static::createClient();
-        $client->request('GET', '/', [], [], [
+        $client->request(Request::METHOD_GET, '/', [], [], [
             'HTTPS' => 'on',
         ]);
 

diff --git a/tests/symfony/functional/Firewall/SecuredAreaTest.php b/tests/symfony/functional/Firewall/SecuredAreaTest.php
@@ -7,6 +7,7 @@
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use PHPUnit\Framework\Attributes\Test;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Webauthn\Bundle\Security\Storage\Item;
 use Webauthn\PublicKeyCredentialDescriptor;
@@ -26,7 +27,7 @@ public function aClientCannotAccessToTheResourceIfUserIsNotAuthenticated(): void
         $client = static::createClient([], [
             'HTTPS' => 'on',
         ]);
-        $client->request('GET', '/admin', [], [], [
+        $client->request(Request::METHOD_GET, '/admin', [], [], [
             'HTTPS' => 'on',
         ]);
 
@@ -42,7 +43,7 @@ public function aClientCanSubmitUsernameToGetWebauthnOptions(): void
         $client = static::createClient([], [
             'HTTPS' => 'on',
         ]);
-        $client->request('POST', '/api/login/options', [], [], [
+        $client->request(Request::METHOD_POST, '/api/login/options', [], [], [
             'CONTENT_TYPE' => 'application/json',
             'HTTP_HOST' => 'test.com',
             'HTTPS' => 'on',
@@ -65,7 +66,7 @@ public function aUserCannotBeBeAuthenticatedInAbsenceOfOptions(): void
         $client = static::createClient([], [
             'HTTPS' => 'on',
         ]);
-        $client->request('POST', '/api/login', [], [], [
+        $client->request(Request::METHOD_POST, '/api/login', [], [], [
             'CONTENT_TYPE' => 'application/json',
             'HTTP_HOST' => 'test.com',
         ], $assertion);
@@ -107,7 +108,7 @@ public function aUserCanBeAuthenticatedAndAccessToTheProtectedResource(): void
 
         $assertion = '{"id":"eHouz_Zi7-BmByHjJ_tx9h4a1WZsK4IzUmgGjkhyOodPGAyUqUp_B9yUkflXY3yHWsNtsrgCXQ3HjAIFUeZB-w","type":"public-key","rawId":"eHouz/Zi7+BmByHjJ/tx9h4a1WZsK4IzUmgGjkhyOodPGAyUqUp/B9yUkflXY3yHWsNtsrgCXQ3HjAIFUeZB+w==","response":{"authenticatorData":"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAew","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJHMEpiTExuZGVmM2EwSXkzUzJzU1FBOHVPNFNPX3plNkZaTUF1UEk2LXhJIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0MyIsInR5cGUiOiJ3ZWJhdXRobi5nZXQifQ","signature":"MEUCIEY/vcNkbo/LdMTfLa24ZYLlMMVMRd8zXguHBvqud9AJAiEAwCwpZpvcMaqCrwv85w/8RGiZzE+gOM61ffxmgEDeyhM=","userHandle":null}}';
 
-        $client->request('POST', '/api/login', [], [], [
+        $client->request(Request::METHOD_POST, '/api/login', [], [], [
             'CONTENT_TYPE' => 'application/json',
             'HTTP_HOST' => 'localhost',
         ], $assertion);
@@ -120,7 +121,7 @@ public function aUserCanBeAuthenticatedAndAccessToTheProtectedResource(): void
         );
         static::assertTrue($client->getRequest()->getSession()->has('_security_main'));
 
-        $client->request('GET', '/admin');
+        $client->request(Request::METHOD_GET, '/admin');
 
         static::assertSame('["Hello admin"]', $client->getResponse()->getContent());
         static::assertResponseIsSuccessful();