fix: conflict with web-auth/webauthn-lib:4.7.0 (#439)

asbiin · web-flow · commit 270e3841e4fc · 2023-09-03T15:06:46.000+02:00
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -152,7 +152,7 @@ jobs:
 
       - name: SonarCloud Scan
         if: env.SONAR_TOKEN != ''
-        uses: SonarSource/sonarcloud-github-action@v1.9
+        uses: SonarSource/sonarcloud-github-action@v2.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/composer.json b/composer.json
@@ -27,6 +27,9 @@
         "web-auth/webauthn-lib": "^4.0",
         "web-token/jwt-signature": "^3.0"
     },
+    "conflict": {
+        "web-auth/webauthn-lib": "4.7.0"
+    },
     "require-dev": {
         "ext-sqlite3": "*",
         "guzzlehttp/psr7": "^2.1",
diff --git a/tests/Unit/Models/UserTest.php b/tests/Unit/Models/UserTest.php
@@ -2,11 +2,14 @@
 
 namespace LaravelWebauthn\Tests\Unit\Models;
 
+use Illuminate\Foundation\Testing\DatabaseTransactions;
 use LaravelWebauthn\Models\WebauthnKey;
 use LaravelWebauthn\Tests\FeatureTestCase;
 
 class UserTest extends FeatureTestCase
 {
+    use DatabaseTransactions;
+
     /**
      * @test
      */
diff --git a/tests/Unit/Services/WebauthnTest.php b/tests/Unit/Services/WebauthnTest.php
@@ -17,6 +17,7 @@
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use Symfony\Component\Uid\NilUuid;
 use Symfony\Component\Uid\Uuid;
+use Webauthn\AuthenticatorData;
 use Webauthn\PublicKeyCredentialSource;
 
 class WebauthnTest extends FeatureTestCase
@@ -93,67 +94,6 @@ public function test_get_authenticate_data()
         $this->assertCount(0, $publicKey->getExtensions());
     }
 
-    /**
-     * @test
-     */
-    public function test_do_authenticate()
-    {
-        $user = $this->signIn();
-        $webauthnKey = factory(WebauthnKey::class)->create([
-            'user_id' => $user->getAuthIdentifier(),
-            'credentialPublicKey' => (string) new MapObject([
-                new MapItem(
-                    new TextStringObject('1'),
-                    new TextStringObject('0')
-                ),
-                new MapItem(
-                    new TextStringObject('3'),
-                    new TextStringObject('-7')
-                ),
-            ]),
-        ]);
-
-        $publicKey = $this->app[PrepareAssertionData::class]($user);
-        $this->assertInstanceOf(\Webauthn\PublicKeyCredentialRequestOptions::class, $publicKey);
-
-        $data = [
-            'id' => Base64UrlSafe::encodeUnpadded($webauthnKey->credentialId),
-            'rawId' => Base64UrlSafe::encode($webauthnKey->credentialId),
-            'type' => 'public-key',
-            'response' => [
-                'clientDataJSON' => Base64UrlSafe::encodeUnpadded(json_encode([
-                    'type' => 'webauthn.get',
-                    'challenge' => Base64UrlSafe::encodeUnpadded($publicKey->getChallenge()),
-                    'origin' => 'https://localhost',
-                    'tokenBinding' => [
-                        'status' => 'supported',
-                        'id' => Base64UrlSafe::encodeUnpadded(1),
-                    ],
-                ])),
-                'authenticatorData' => Base64UrlSafe::encodeUnpadded(
-                    hash('sha256', 'localhost', true). // rp_id_hash
-                    pack('C', 65). // flags
-                    pack('N', 1). // signCount
-                    '0000000000000000'. // aaguid
-                    pack('n', 1).'0'. // credentialLength
-                    ((string) new MapObject([
-                        new MapItem(
-                            new TextStringObject('key'),
-                            new TextStringObject('value')
-                        ),
-                    ])) // credentialPublicKey
-                ),
-                'signature' => Base64UrlSafe::encode(new TextStringObject('00000100000001000000010000000100000001000000010000000100000001')),
-                'userHandle' => base64_encode($user->getAuthIdentifier()),
-            ],
-        ];
-
-        $this->expectException(\InvalidArgumentException::class);
-        $result = Webauthn::validateAssertion($user, $data);
-
-        $this->assertTrue($result); // Not yet ...
-    }
-
     /**
      * @test
      */
@@ -194,7 +134,7 @@ private function getAttestationData($publicKey)
                         new TextStringObject('authData'),
                         new TextStringObject(
                             hash('sha256', 'localhost', true). // rp_id_hash
-                            pack('C', 65). // flags
+                            pack('C', AuthenticatorData::FLAG_AT | AuthenticatorData::FLAG_UP). // flags
                             pack('N', 1). // signCount
                             '0000000000000000'. // aaguid
                             pack('n', 1).'0'. // credentialLength
