fix deprecation on webauthn

fiste788 · Mar 27, 2024 · 492f215 · 492f215
1 parent 4cd2e9e
commit 492f215
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 14 deletions.
diff --git a/composer.json b/composer.json
@@ -20,6 +20,7 @@
         "spomky-labs/web-push-lib": "v2.0.x-dev",
         "symfony/css-selector": "^7.0",
         "symfony/dom-crawler": "^7.0",
+        "symfony/serializer": "^7.0",
         "symfony/uid": "^7.0",
         "web-auth/webauthn-lib": "^4.7",
         "web-token/jwt-library": "^3.3",
@@ -100,4 +101,4 @@
         "test:typing": "@stan",
         "test:unit": "@test"
     }
-}
+}
diff --git a/composer.lock b/composer.lock
diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
@@ -72,7 +72,10 @@ public function initialize(): void
     }
 
     /**
-     * @inheritDoc
+     * beforeRender callback.
+     *
+     * @param \Cake\Event\EventInterface<\Cake\Controller\Controller> $event Event.
+     * @return void
      */
     public function beforeRender(EventInterface $event) {
         $this->response = $this->response->withType('application/json');

diff --git a/src/Service/WebauthnService.php b/src/Service/WebauthnService.php
@@ -20,6 +20,7 @@
 use GuzzleHttp\Psr7\HttpFactory;
 use Psr\Http\Message\ServerRequestInterface;
 use RuntimeException;
+use Symfony\Component\Serializer\SerializerInterface;
 use Symfony\Component\Uid\Uuid;
 use Webauthn\AttestationStatement\AndroidKeyAttestationStatementSupport;
 use Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport;
@@ -37,6 +38,8 @@
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
+use Webauthn\Denormalizer\WebauthnSerializerFactory;
+use Webauthn\PublicKeyCredential;
 use Webauthn\PublicKeyCredentialCreationOptions;
 use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialParameters;
@@ -57,14 +60,14 @@ class WebauthnService
     use LocatorAwareTrait;
     use ServiceAwareTrait;
 
-    protected PublicKeyCredentialLoader $publicKeyCredentialLoader;
-
     protected AuthenticatorAttestationResponseValidator $authenticatorAttestationResponseValidator;
 
     protected AuthenticatorAssertionResponseValidator $authenticatorAssertionResponseValidator;
 
     protected PublicKeyCredentialSourceRepositoryService $PublicKeyCredentialSourceRepository;
 
+    protected SerializerInterface $serializer;
+
     /**
      * Costructor
      *
@@ -77,11 +80,8 @@ public function __construct()
         $this->loadService('PublicKeyCredentialSourceRepository');
         $attestationStatementSupportManager = $this->createStatementSupportManager();
 
-        // Attestation Object Loader
-        $attestationObjectLoader = new AttestationObjectLoader($attestationStatementSupportManager);
-
-        // Public Key Credential Loader
-        $this->publicKeyCredentialLoader = new PublicKeyCredentialLoader($attestationObjectLoader);
+        $factory = new WebauthnSerializerFactory($attestationStatementSupportManager);
+        $this->serializer = $factory->create();
 
         $this->authenticatorAttestationResponseValidator = new AuthenticatorAttestationResponseValidator(
             $attestationStatementSupportManager,
@@ -291,12 +291,22 @@ public function signin(
         ServerRequestInterface $request,
         ?string $userHandle = null
     ): PublicKeyCredentialSource {
-        $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString($publicKey);
+        // $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString();
+
+        $publicKeyCredentialRequestOptions = $this->serializer->deserialize(
+            $publicKey,
+            PublicKeyCredentialRequestOptions::class,
+            'json'
+        );
 
         // Load the data
         /** @var array<string, mixed> $body */
         $body = $request->getParsedBody();
-        $publicKeyCredential = $this->publicKeyCredentialLoader->loadArray($body);
+        $publicKeyCredential = $this->serializer->deserialize(
+            $body,
+            PublicKeyCredential::class,
+            'json'
+        );
         $authenticatorAssertionResponse = $publicKeyCredential->response;
 
         // Check if the response is an Authenticator Assertion Response
@@ -397,12 +407,20 @@ public function registerRequest(ServerRequestInterface $request): PublicKeyCrede
     public function registerResponse(ServerRequestInterface $request): ?EntityPublicKeyCredentialSource
     {
         $publicKey = (string)$request->getSession()->consume('User.PublicKey');
-        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromString($publicKey);
+        $publicKeyCredentialCreationOptions = $this->serializer->deserialize(
+            $publicKey,
+            PublicKeyCredentialCreationOptions::class,
+            'json'
+        );
 
         // Load the data
         /** @var array<string, mixed> $body */
         $body = $request->getParsedBody();
-        $publicKeyCredential = $this->publicKeyCredentialLoader->loadArray($body);
+        $publicKeyCredential = $this->serializer->deserialize(
+            $body,
+            PublicKeyCredential::class,
+            'json'
+        );
         $authenticatorAttestationResponse = $publicKeyCredential->response;
 
         // Check if the response is an Authenticator Attestation Response