-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5 #44761
Conversation
219a973
to
6740b3f
Compare
psalm does not complain here but PsrLoggerAdapter needs to be adjusted. Will do so, but that psalm ignores it is weird... |
67e5a1d
to
f7efd2a
Compare
We’d need psalm level 3 I think |
Regarding psr/log composer installed psr/log 2 because all our dependencies does support it now. We could also enforce psr/log 1 here and update psr/log in a follow-up pr. main:
this branch:
|
Once merged, we need to log an issue for Christoph and Richard to also update the shipped copy in twofactor_webauthn to avoid conflicts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 👍
Worked fine with my YubiKey (add, delete, passwordless login).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't work on my machine. Do I need to do something else other than check out this branch and disable twofactor_webauthn?
The following error is thrown on the final step when saving the key after typing a name.
Message: "Call to undefined method ParagonIE\ConstantTime\Base64UrlSafe::decodeNoPadding()"
File: "/[...]/master/3rdparty/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php:84"
Although PHPStorm tells me that the method exists ... 🤔
totp app has a different version of that lib installed: If I enable totp with installed deps it also doesn't work for me anymore. |
the stream of conflicts is troublesome. |
Yes but in this case without fixing the frontend, server would not work because the custom implementation was using invalid encoding that conflicts with the RFC and webauth-lib dropped support for anything not RFC compliant. |
Sure, I just wanted to wait for someone (Daniel) to test it with real hardware as I only have software keys. |
I tested with a hardware device and passwordless authentication worked (if TOTP app is disabled) |
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This simplifies the code a lot and fixes errors with the exisiting custom code, where slightly different base64 values were emitted which are not valid according to the standard. ref: web-auth/webauthn-framework#510 Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
…w \Stringable as message) Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works when twofactor_top and twofactor_webauthn are disabled.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
f7efd2a
to
a1a74cc
Compare
Rebased and using merge commit ✅ |
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! |
Summary
3.x is EOL and as we now bumped to 8.1 we can update to 4.x
Note that a lot of the used functions and classes are deprecated, so if we want to update for 5.x we need to rework our code.
Changes I did:
@simplewebauthn
for frontend logicThis simplifies the code a lot and fixes errors with the exisiting custom code,
where slightly different base64 values were emitted which are not valid according to the standard.
ref: Webauthn\CollectedClientData::createFormJson not working web-auth/webauthn-framework#510
Checklist