From 1aa685522634749341ea0e03030ef2d38305db29 Mon Sep 17 00:00:00 2001
From: Florent Morselli <florent.morselli@spomky-labs.com>
Date: Sun, 15 Oct 2023 13:54:31 +0200
Subject: [PATCH] Fix uncovered scenario with
 PublicKeyCredentialSourceRepository

---
 .../AuthenticatorAssertionResponseValidator.php    | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/webauthn/src/AuthenticatorAssertionResponseValidator.php b/src/webauthn/src/AuthenticatorAssertionResponseValidator.php
index 477fae1d..43b60408 100644
--- a/src/webauthn/src/AuthenticatorAssertionResponseValidator.php
+++ b/src/webauthn/src/AuthenticatorAssertionResponseValidator.php
@@ -139,9 +139,17 @@ public function check(
                     ->getHost(),
                 'userHandle' => $userHandle,
             ]);
-            $publicKeyCredentialSource = is_string(
-                $credentialId
-            ) ? $this->publicKeyCredentialSourceRepository?->findOneByCredentialId($credentialId) : $credentialId;
+            $publicKeyCredentialSource = null;
+            if ($credentialId instanceof PublicKeyCredentialSource) {
+                $publicKeyCredentialSource = $credentialId;
+            } else {
+                $this->publicKeyCredentialSourceRepository instanceof PublicKeyCredentialSourceRepository || throw AuthenticatorResponseVerificationException::create(
+                    'The parameter "$publicKeyCredentialSourceRepository" is required.'
+                );
+                $publicKeyCredentialSource = $this->publicKeyCredentialSourceRepository->findOneByCredentialId(
+                    $credentialId
+                );
+            }
             $publicKeyCredentialSource !== null || throw AuthenticatorResponseVerificationException::create(
                 'The credential ID is invalid.'
             );