Merge release 4.5.2 into 4.6.x (#400)

* Fix Base64UrlSafe decoding (#399) * Fix Base64UrlSafe decoding * PHPStan baseline * @simplewebauthn/browser 7.0 * Exported files fixed * JS fixed * PHPStan baseline updated * baseline updated
web-auth · May 13, 2023 · 8944b9e · 8944b9e
1 parent b084f8b
commit 8944b9e
Show file tree

Hide file tree

Showing 6 changed files with 1,994 additions and 77 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -14,6 +14,7 @@
 /jest.config.js export-ignore
 /Makefile export-ignore
 /phpstan.neon export-ignore
+/phpstan-baseline.neon export-ignore
 /phpunit.xml.dist export-ignore
 /rector.php export-ignore
 /rollup.config.js export-ignore

diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
diff --git a/phpstan.neon b/phpstan.neon
@@ -1,79 +1,7 @@
 parameters:
- level: 8
+ level: max
  paths:
  - src
- ignoreErrors:
- - '#Call to function method_exists\(\) with Symfony\\Component\\HttpFoundation\\Request and .* will always evaluate to true\.#'
- - '#Method Webauthn\\Bundle\\Security\\Storage\\OptionsStorage::get\(\) invoked with 1 parameter, 0 required\.#'
- -
- message: '#Class Webauthn\\CertificateChainChecker\\PhpCertificateChainChecker extends @final class Webauthn\\MetadataService\\CertificateChain\\PhpCertificateChainValidator\.#'
- path: src/webauthn/src/CertificateChainChecker/PhpCertificateChainChecker.php
- count: 1
- -
- message: '#Method Webauthn\\Bundle\\DependencyInjection\\Factory\\Security\\WebauthnFactory::.*\(\) has parameter \$config(s)? with no value type specified in iterable type array\.#'
- path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
- count: 4
- -
- message: '#Method Webauthn\\Bundle\\DependencyInjection\\WebauthnExtension::.*\(\) has parameter \$config(s)? with no value type specified in iterable type array\.#'
- path: src/symfony/src/DependencyInjection/WebauthnExtension.php
- count: 1
- -
- message: '#Method Webauthn\\Bundle\\Security\\Authorization\\Voter\\IsUserPresentVoter::vote\(\) has parameter \$attributes with no value type specified in iterable type array\.#'
- path: src/symfony/src/Security/Authorization/Voter/IsUserPresentVoter.php
- count: 1
- -
- message: '#Method Webauthn\\Bundle\\Security\\Authorization\\Voter\\IsUserVerifiedVoter::vote\(\) has parameter \$attributes with no value type specified in iterable type array\.#'
- path: src/symfony/src/Security/Authorization/Voter/IsUserVerifiedVoter.php
- count: 1
- -
- message: '#Cannot call method (scalar|integer)Node\(\) on Symfony\\Component\\Config\\Definition\\Builder\\NodeParentInterface\|null.#'
- path: src/symfony/src/DependencyInjection/Configuration.php
- count: 6
- -
- message: '#Cannot call method scalarNode\(\) on Symfony\\Component\\Config\\Definition\\Builder\\NodeParentInterface\|null\.#'
- path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
- count: 1
- -
- message: '#Access to deprecated property \$authenticatorSelection of class Webauthn\\Bundle\\Dto\\PublicKeyCredentialCreationOptionsRequest.*#'
- path: src/symfony/src/CredentialOptionsBuilder/ProfileBasedCreationOptionsBuilder.php
- count: 1
- -
- message: '#Access to deprecated property \$requireResidentKey of class Webauthn\\AuthenticatorSelectionCriteria\:\nWill be removed in 5\.0\. Please use residentKey instead#'
- path: src/webauthn/src/AuthenticatorSelectionCriteria.php
- count: 2
- -
- message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
- path: src/webauthn/src/AuthenticatorSelectionCriteria.php
- count: 1
- -
- message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
- path: src/symfony/src/CredentialOptionsBuilder/ProfileBasedCreationOptionsBuilder.php
- count: 1
- -
- message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
- path: src/symfony/src/Service/PublicKeyCredentialCreationOptionsFactory.php
- count: 1
- -
- message: '#.*ECDAA.*#'
- path: src/webauthn/src/AuthenticatorAttestationResponseValidator.php
- count: 2
- -
- message: '#.*ECDAA.*#'
- path: src/webauthn/src/AttestationStatement/PackedAttestationStatementSupport.php
- count: 2
- -
- message: '#Strict comparison using === between mixed and null will always evaluate to false\.#'
- path: src/metadata-service/src/Statement/StatusReport.php
- count: 1
- - '#Fetching class constant class of deprecated class Webauthn\\PublicKeyCredentialSourceRepository\.#'
- - '#Fetching class constant class of deprecated class Webauthn\\Bundle\\Repository\\PublicKeyCredentialUserEntityRepository.*#'
- - '#.*Binding.*#'
- - '#Parameter .* of method .* has typehint with deprecated interface Webauthn\\PublicKeyCredentialSourceRepository\.#'
- - '#Parameter \#\d+ \$.* of .* expects .*, .* given\.#'
- - '#Property .* does not accept .*\|false\.#'
- - '#Cannot access offset \d+ on array\|false\.#'
- - '#Method .* should return string but returns string\|false\.#'
- - '#Call to deprecated method getContentType\(\) of class Symfony\\Component\\HttpFoundation\\Request#'
  checkMissingIterableValueType: true
  checkGenericClassInNonGenericObjectType: true
  checkUninitializedProperties: true
@@ -87,3 +15,4 @@ includes:
  - vendor/phpstan/phpstan-phpunit/extension.neon
  - vendor/phpstan/phpstan-strict-rules/rules.neon
  - vendor/ekino/phpstan-banned-code/extension.neon
+ - phpstan-baseline.neon
diff --git a/src/stimulus/Resources/assets/package.json b/src/stimulus/Resources/assets/package.json
@@ -15,10 +15,10 @@
  },
  "peerDependencies": {
  "@hotwired/stimulus": "^3.0.0",
- "@simplewebauthn/browser": "^6.0.0"
+ "@simplewebauthn/browser": "^7.0.0"
  },
  "devDependencies": {
  "@hotwired/stimulus": "^3.0.0",
- "@simplewebauthn/browser": "^6.0.0"
+ "@simplewebauthn/browser": "^7.0.0"
  }
 }
diff --git a/src/stimulus/Resources/assets/src/controller.ts b/src/stimulus/Resources/assets/src/controller.ts
@@ -131,6 +131,7 @@ export default class extends Controller {
  _getData() {
  let data = new FormData();
  try {
+ // @ts-ignore
  data = new FormData(this.element);
  } catch (e) {
  //Nothing to do

diff --git a/src/webauthn/src/AuthenticatorAssertionResponse.php b/src/webauthn/src/AuthenticatorAssertionResponse.php
@@ -4,7 +4,7 @@
 
 namespace Webauthn;
 
-use ParagonIE\ConstantTime\Base64;
+use Webauthn\Util\Base64;
 
 /**
  * @see https://www.w3.org/TR/webauthn/#authenticatorassertionresponse
@@ -36,6 +36,6 @@ public function getUserHandle(): ?string
  return $this->userHandle;
  }
 
- return Base64::decode($this->userHandle, true);
+ return Base64::decode($this->userHandle);
  }
 }