Fix Base64UrlSafe decoding (#399)

* Fix Base64UrlSafe decoding
* PHPStan baseline
* @simplewebauthn/browser 7.0
* Exported files fixed
* JS fixed

Author: Spomky

.gitattributes

@@ -14,6 +14,7 @@
 /jest.config.js export-ignore
 /Makefile export-ignore
 /phpstan.neon export-ignore
+/phpstan-baseline.neon export-ignore
 /phpunit.xml.dist export-ignore
 /rector.php export-ignore
 /rollup.config.js export-ignore

phpstan-baseline.neon

@@ -1,76 +1,7 @@
 parameters:
-    level: 8
+    level: max
     paths:
         - src
-    ignoreErrors:
-        - '#Call to function method_exists\(\) with Symfony\\Component\\HttpFoundation\\Request and .* will always evaluate to true\.#'
-        - '#Method Webauthn\\Bundle\\Security\\Storage\\OptionsStorage::get\(\) invoked with 1 parameter, 0 required\.#'
-        -
-            message: '#Class Webauthn\\CertificateChainChecker\\PhpCertificateChainChecker extends @final class Webauthn\\MetadataService\\CertificateChain\\PhpCertificateChainValidator\.#'
-            path: src/webauthn/src/CertificateChainChecker/PhpCertificateChainChecker.php
-            count: 1
-        -
-            message: '#Method Webauthn\\Bundle\\DependencyInjection\\Factory\\Security\\WebauthnFactory::.*\(\) has parameter \$config(s)? with no value type specified in iterable type array\.#'
-            path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
-            count: 4
-        -
-            message: '#Method Webauthn\\Bundle\\DependencyInjection\\WebauthnExtension::.*\(\) has parameter \$config(s)? with no value type specified in iterable type array\.#'
-            path: src/symfony/src/DependencyInjection/WebauthnExtension.php
-            count: 1
-        -
-            message: '#Method Webauthn\\Bundle\\Security\\Authorization\\Voter\\IsUserPresentVoter::vote\(\) has parameter \$attributes with no value type specified in iterable type array\.#'
-            path: src/symfony/src/Security/Authorization/Voter/IsUserPresentVoter.php
-            count: 1
-        -
-            message: '#Method Webauthn\\Bundle\\Security\\Authorization\\Voter\\IsUserVerifiedVoter::vote\(\) has parameter \$attributes with no value type specified in iterable type array\.#'
-            path: src/symfony/src/Security/Authorization/Voter/IsUserVerifiedVoter.php
-            count: 1
-        -
-            message: '#Cannot call method (scalar|integer)Node\(\) on Symfony\\Component\\Config\\Definition\\Builder\\NodeParentInterface\|null.#'
-            path: src/symfony/src/DependencyInjection/Configuration.php
-            count: 6
-        -
-            message: '#Cannot call method scalarNode\(\) on Symfony\\Component\\Config\\Definition\\Builder\\NodeParentInterface\|null\.#'
-            path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
-            count: 1
-        -
-            message: '#Access to deprecated property \$authenticatorSelection of class Webauthn\\Bundle\\Dto\\PublicKeyCredentialCreationOptionsRequest.*#'
-            path: src/symfony/src/CredentialOptionsBuilder/ProfileBasedCreationOptionsBuilder.php
-            count: 1
-        -
-            message: '#Access to deprecated property \$requireResidentKey of class Webauthn\\AuthenticatorSelectionCriteria\:\nWill be removed in 5\.0\. Please use residentKey instead#'
-            path: src/webauthn/src/AuthenticatorSelectionCriteria.php
-            count: 1
-        -
-            message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
-            path: src/webauthn/src/AuthenticatorSelectionCriteria.php
-            count: 1
-        -
-            message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
-            path: src/symfony/src/CredentialOptionsBuilder/ProfileBasedCreationOptionsBuilder.php
-            count: 1
-        -
-            message: '#Call to deprecated method setRequireResidentKey\(\) of class Webauthn\\AuthenticatorSelectionCriteria\:\nsince v4\.1\. Please use setResidentKey instead#'
-            path: src/symfony/src/Service/PublicKeyCredentialCreationOptionsFactory.php
-            count: 1
-        -
-            message: '#.*ECDAA.*#'
-            path: src/webauthn/src/AuthenticatorAttestationResponseValidator.php
-            count: 2
-        -
-            message: '#.*ECDAA.*#'
-            path: src/webauthn/src/AttestationStatement/PackedAttestationStatementSupport.php
-            count: 2
-        -
-            message: '#Strict comparison using === between mixed and null will always evaluate to false\.#'
-            path: src/metadata-service/src/Statement/StatusReport.php
-            count: 1
-        - '#.*Binding.*#'
-        - '#Parameter \#\d+ \$.* of .* expects .*, .* given\.#'
-        - '#Property .* does not accept .*\|false\.#'
-        - '#Cannot access offset \d+ on array\|false\.#'
-        - '#Method .* should return string but returns string\|false\.#'
-        - '#Call to deprecated method getContentType\(\) of class Symfony\\Component\\HttpFoundation\\Request#'
     checkMissingIterableValueType: true
     checkGenericClassInNonGenericObjectType: true
     checkUninitializedProperties: true
@@ -84,3 +15,4 @@ includes:
     - vendor/phpstan/phpstan-phpunit/extension.neon
     - vendor/phpstan/phpstan-strict-rules/rules.neon
     - vendor/ekino/phpstan-banned-code/extension.neon
+    - phpstan-baseline.neon

phpstan.neon

@@ -15,10 +15,10 @@
     },
     "peerDependencies": {
         "@hotwired/stimulus": "^3.0.0",
-        "@simplewebauthn/browser": "^6.0.0"
+        "@simplewebauthn/browser": "^7.0.0"
     },
     "devDependencies": {
         "@hotwired/stimulus": "^3.0.0",
-        "@simplewebauthn/browser": "^6.0.0"
+        "@simplewebauthn/browser": "^7.0.0"
     }
 }

src/stimulus/Resources/assets/package.json

@@ -131,6 +131,7 @@ export default class extends Controller {
     _getData() {
         let data = new FormData();
         try {
+            // @ts-ignore
             data = new FormData(this.element);
         } catch (e) {
             //Nothing to do

src/stimulus/Resources/assets/src/controller.ts

@@ -4,7 +4,7 @@
 
 namespace Webauthn;
 
-use ParagonIE\ConstantTime\Base64;
+use Webauthn\Util\Base64;
 
 /**
  * @see https://www.w3.org/TR/webauthn/#authenticatorassertionresponse
@@ -36,6 +36,6 @@ public function getUserHandle(): ?string
             return $this->userHandle;
         }
 
-        return Base64::decode($this->userHandle, true);
+        return Base64::decode($this->userHandle);
     }
 }