Skip to content

Commit

Permalink
Merge pull request #1056 from CakeDC/hotfix/yubico-webauth-utf8-mongo
Browse files Browse the repository at this point in the history
Fix issue when storing session data from Webauthn in a mongo database
  • Loading branch information
steinkel authored Nov 22, 2023
2 parents 579663b + 60515d8 commit 50fd9e1
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 6 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ Changelog
=========
Releases for CakePHP 4.5
------------------------
* 11.3.4
* Fix `Detected invalid UTF-8 for field...` issue when storing session data from `Webauthn` in a mongo database.

* 11.3.3
* Add display of unauthorized url in flash message when debug is true

Expand Down
7 changes: 5 additions & 2 deletions src/Webauthn/AuthenticateAdapter.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ public function getOptions(): PublicKeyCredentialRequestOptions
);
$this->request->getSession()->write(
'Webauthn2fa.authenticateOptions',
$options
json_encode($options)
);

return $options;
Expand All @@ -47,7 +47,10 @@ public function getOptions(): PublicKeyCredentialRequestOptions
*/
public function verifyResponse(): \Webauthn\PublicKeyCredentialSource
{
$options = $this->request->getSession()->read('Webauthn2fa.authenticateOptions');
/** @var \Webauthn\PublicKeyCredentialRequestOptions $options */
$options = PublicKeyCredentialRequestOptions::createFromString(
(string)$this->request->getSession()->read('Webauthn2fa.authenticateOptions')
);

return $this->loadAndCheckAssertionResponse($options);
}
Expand Down
7 changes: 5 additions & 2 deletions src/Webauthn/RegisterAdapter.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public function getOptions(): PublicKeyCredentialCreationOptions
PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
[]
);
$this->request->getSession()->write('Webauthn2fa.registerOptions', $options);
$this->request->getSession()->write('Webauthn2fa.registerOptions', json_encode($options));
$this->request->getSession()->write('Webauthn2fa.userEntity', $userEntity);

return $options;
Expand All @@ -41,7 +41,10 @@ public function getOptions(): PublicKeyCredentialCreationOptions
*/
public function verifyResponse(): \Webauthn\PublicKeyCredentialSource
{
$options = $this->request->getSession()->read('Webauthn2fa.registerOptions');
/** @var \Webauthn\PublicKeyCredentialCreationOptions $options */
$options = PublicKeyCredentialCreationOptions::createFromString(
(string)$this->request->getSession()->read('Webauthn2fa.registerOptions')
);
$credential = $this->loadAndCheckAttestationResponse($options);
$this->repository->saveCredentialSource($credential);

Expand Down
2 changes: 1 addition & 1 deletion tests/TestCase/Webauthn/AuthenticateAdapterTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public function testGetOptions()
$adapter = new AuthenticateAdapter($request);
$options = $adapter->getOptions();
$this->assertInstanceOf(PublicKeyCredentialRequestOptions::class, $options);
$this->assertSame($options, $request->getSession()->read('Webauthn2fa.authenticateOptions'));
$this->assertSame(json_encode($options), $request->getSession()->read('Webauthn2fa.authenticateOptions'));
$data = json_decode('{"id":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA","rawId":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA","response":{"authenticatorData":"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAAA","signature":"MEYCIQCv7EqsBRtf2E4o_BjzZfBwNpP8fLjd5y6TUOLWt5l9DQIhANiYig9newAJZYTzG1i5lwP-YQk9uXFnnDaHnr2yCKXL","userHandle":"","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJ4ZGowQ0JmWDY5MnFzQVRweTBrTmM4NTMzSmR2ZExVcHFZUDh3RFRYX1pFIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwidHlwZSI6IndlYmF1dGhuLmdldCJ9"},"type":"public-key"}', true);
$request = $request->withParsedBody($data);

Expand Down
2 changes: 1 addition & 1 deletion tests/TestCase/Webauthn/RegisterAdapterTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public function testGetOptions()
$this->assertFalse($adapter->hasCredential());
$options = $adapter->getOptions();
$this->assertInstanceOf(PublicKeyCredentialCreationOptions::class, $options);
$this->assertSame($options, $request->getSession()->read('Webauthn2fa.registerOptions'));
$this->assertSame(json_encode($options), $request->getSession()->read('Webauthn2fa.registerOptions'));

$data = '{"id":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA","rawId":"LFdoCFJTyB82ZzSJUHc-c72yraRc_1mPvGX8ToE8su39xX26Jcqd31LUkKOS36FIAWgWl6itMKqmDvruha6ywA","response":{"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJOeHlab3B3VktiRmw3RW5uTWFlXzVGbmlyN1FKN1FXcDFVRlVLakZIbGZrIiwiY2xpZW50RXh0ZW5zaW9ucyI6e30sImhhc2hBbGdvcml0aG0iOiJTSEEtMjU2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9","attestationObject":"o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEcwRQIgVzzvX3Nyp_g9j9f2B-tPWy6puW01aZHI8RXjwqfDjtQCIQDLsdniGPO9iKr7tdgVV-FnBYhvzlZLG3u28rVt10YXfGN4NWOBWQJOMIICSjCCATKgAwIBAgIEVxb3wDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowLDEqMCgGA1UEAwwhWXViaWNvIFUyRiBFRSBTZXJpYWwgMjUwNTY5MjI2MTc2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZNkcVNbZV43TsGB4TEY21UijmDqvNSfO6y3G4ytnnjP86ehjFK28-FdSGy9MSZ-Ur3BVZb4iGVsptk5NrQ3QYqM7MDkwIgYJKwYBBAGCxAoCBBUxLjMuNi4xLjQuMS40MTQ4Mi4xLjUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwDQYJKoZIhvcNAQELBQADggEBAHibGMqbpNt2IOL4i4z96VEmbSoid9Xj--m2jJqg6RpqSOp1TO8L3lmEA22uf4uj_eZLUXYEw6EbLm11TUo3Ge-odpMPoODzBj9aTKC8oDFPfwWj6l1O3ZHTSma1XVyPqG4A579f3YAjfrPbgj404xJns0mqx5wkpxKlnoBKqo1rqSUmonencd4xanO_PHEfxU0iZif615Xk9E4bcANPCfz-OLfeKXiT-1msixwzz8XGvl2OTMJ_Sh9G9vhE-HjAcovcHfumcdoQh_WM445Za6Pyn9BZQV3FCqMviRR809sIATfU5lu86wu_5UGIGI7MFDEYeVGSqzpzh6mlcn8QSIZoYXV0aERhdGFYxEmWDeWIDoxodDQXD2R2YFuP5K65ooYyx5lc87qDHZdjQQAAAAAAAAAAAAAAAAAAAAAAAAAAAEAsV2gIUlPIHzZnNIlQdz5zvbKtpFz_WY-8ZfxOgTyy7f3Ffbolyp3fUtSQo5LfoUgBaBaXqK0wqqYO-u6FrrLApQECAyYgASFYIPr9-YH8DuBsOnaI3KJa0a39hyxh9LDtHErNvfQSyxQsIlgg4rAuQQ5uy4VXGFbkiAt0uwgJJodp-DymkoBcrGsLtkI"},"type":"public-key"}';
$request = $request->withParsedBody(
Expand Down

0 comments on commit 50fd9e1

Please sign in to comment.