diff --git a/composer.json b/composer.json index 09513e8e..06613f3f 100644 --- a/composer.json +++ b/composer.json @@ -61,7 +61,7 @@ "symfony/deprecation-contracts": "^3.2", "symfony/framework-bundle": "^6.1|^7.0", "symfony/http-client": "^6.1|^7.0", - "symfony/psr-http-message-bridge": "^2.1|^6.1", + "symfony/psr-http-message-bridge": "^2.1|^6.1|^7.0", "symfony/security-bundle": "^6.1|^7.0", "symfony/security-core": "^6.1|^7.0", "symfony/security-http": "^6.1|^7.0", @@ -91,9 +91,9 @@ "symfony/security-bundle": "Symfony firewall using a JSON API (perfect for script applications)" }, "require-dev": { - "doctrine/dbal": "^3.4", + "doctrine/dbal": "^3.8|4.0", "doctrine/doctrine-bundle": "^2.11", - "doctrine/orm": "^2.14", + "doctrine/orm": "^2.14|^3.0", "doctrine/persistence": "^3.1", "ekino/phpstan-banned-code": "^1.0", "infection/infection": "^0.27", diff --git a/src/symfony/composer.json b/src/symfony/composer.json index ac57da73..a0ed428f 100644 --- a/src/symfony/composer.json +++ b/src/symfony/composer.json @@ -30,7 +30,7 @@ "symfony/dependency-injection": "^6.1|^7.0", "symfony/framework-bundle": "^6.1|^7.0", "symfony/http-client": "^6.1|^7.0", - "symfony/psr-http-message-bridge": "^2.1|^6.1", + "symfony/psr-http-message-bridge": "^2.1|^6.1|^7.0", "symfony/security-bundle": "^6.1|^7.0", "symfony/security-core": "^6.1|^7.0", "symfony/security-http": "^6.1|^7.0", diff --git a/src/symfony/src/Repository/DoctrineCredentialSourceRepository.php b/src/symfony/src/Repository/DoctrineCredentialSourceRepository.php index 6083efd7..f64da34b 100644 --- a/src/symfony/src/Repository/DoctrineCredentialSourceRepository.php +++ b/src/symfony/src/Repository/DoctrineCredentialSourceRepository.php @@ -16,6 +16,9 @@ */ class DoctrineCredentialSourceRepository extends ServiceEntityRepository implements PublicKeyCredentialSourceRepositoryInterface, CanSaveCredentialSource { + /** + * @var class-string + */ protected readonly string $class; /** diff --git a/src/symfony/src/Resources/config/security.php b/src/symfony/src/Resources/config/security.php index 41395a08..3e7c2ce1 100644 --- a/src/symfony/src/Resources/config/security.php +++ b/src/symfony/src/Resources/config/security.php @@ -58,10 +58,7 @@ $container ->set(WebauthnFactory::FIREWALL_CONFIG_DEFINITION_ID, WebauthnFirewallConfig::class) ->abstract() - ->args([ - [], // Firewall settings - abstract_arg('Firewall name'), service('security.http_utils'), - ]); + ->args([[], abstract_arg('Firewall name'), service('security.http_utils')]); $container->set(CurrentUserEntityGuesser::class)->args( [service(TokenStorageInterface::class), service(PublicKeyCredentialUserEntityRepositoryInterface::class)] ); diff --git a/src/webauthn/src/CeremonyStep/CheckOrigin.php b/src/webauthn/src/CeremonyStep/CheckOrigin.php index fbb3519e..950cf6f8 100644 --- a/src/webauthn/src/CeremonyStep/CheckOrigin.php +++ b/src/webauthn/src/CeremonyStep/CheckOrigin.php @@ -76,36 +76,3 @@ private function getFacetId( return $appId; } } - -/* -$rpId = $publicKeyCredentialCreationOptions->rp - ->id ?? (is_string($request) ? $request : $request->getUri()->getHost()); -$facetId = $this->getFacetId( - $rpId, - $publicKeyCredentialCreationOptions->extensions, - $authenticatorAttestationResponse->attestationObject - ->authData - ->extensions -); -$parsedRelyingPartyId = parse_url($C->origin); -is_array($parsedRelyingPartyId) || throw AuthenticatorResponseVerificationException::create( - sprintf('The origin URI "%s" is not valid', $C->origin) -); -array_key_exists( - 'scheme', - $parsedRelyingPartyId -) || throw AuthenticatorResponseVerificationException::create('Invalid origin rpId.'); -$clientDataRpId = $parsedRelyingPartyId['host'] ?? ''; -$clientDataRpId !== '' || throw AuthenticatorResponseVerificationException::create('Invalid origin rpId.'); -$rpIdLength = mb_strlen($facetId); -mb_substr( - '.' . $clientDataRpId, - -($rpIdLength + 1) -) === '.' . $facetId || throw AuthenticatorResponseVerificationException::create('rpId mismatch.'); -if (! in_array($facetId, $securedRelyingPartyId, true)) { - $scheme = $parsedRelyingPartyId['scheme']; - $scheme === 'https' || throw AuthenticatorResponseVerificationException::create( - 'Invalid scheme. HTTPS required.' - ); -} - */ diff --git a/tests/symfony/functional/Attestation/AttestationTest.php b/tests/symfony/functional/Attestation/AttestationTest.php index 2c158732..208e80a9 100644 --- a/tests/symfony/functional/Attestation/AttestationTest.php +++ b/tests/symfony/functional/Attestation/AttestationTest.php @@ -55,13 +55,6 @@ public function foo(): void ); $descriptor = $publicKeyCredential->getPublicKeyCredentialDescriptor(); static::assertSame(PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY, $descriptor->type); - /*static::assertSame( - base64_decode( - 'mMihuIx9LukswxBOMjMHDf6EAONOy7qdWhaQQ7dOtViR2cVB/MNbZxURi2cvgSvKSILb3mISe9lPNG9sYgojuY5iNinYOg6hRVxmm0VssuNG2pm1+RIuTF9DUtEJZEEK', - true - ), - $descriptor->id - );*/ static::assertSame([], $descriptor->transports); $response = $publicKeyCredential->response; static::assertInstanceOf(AuthenticatorAttestationResponse::class, $response);