fix(webauthn): Increase database column for public key id

* Resolves https://github.com/nextcloud/server/issues/34476

There is no maximum length defined in the standard,
most common the length is between 128 and 200 characters,
but as we store it not in plain data but base64 encoded the length can grow about 1/3.
We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64.
So to be save we increase the size to 512 bytes.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

diff --git a/core/Migrations/Version19000Date20200211083441.php b/core/Migrations/Version19000Date20200211083441.php
index 4e5c48a3b881f0b7dc49b01b1cf01a74641daff6..c1cfca2c1b709f89b3525261c5cf6b08978c72a7 100644 (file)
--- a/core/Migrations/Version19000Date20200211083441.php
+++ b/core/Migrations/Version19000Date20200211083441.php
@@ -53,7 +53,7 @@ class Version19000Date20200211083441 extends SimpleMigrationStep {
                        ]);
                        $table->addColumn('public_key_credential_id', 'string', [
                                'notnull' => true,
-                               'length' => 255
+                               'length' => 512
                        ]);
                        $table->addColumn('data', 'text', [
                                'notnull' => true,

diff --git a/core/Migrations/Version30000Date20240814180800.php b/core/Migrations/Version30000Date20240814180800.php
new file mode 100644 (file)
index 0000000..199af8c
--- /dev/null
+++ b/core/Migrations/Version30000Date20240814180800.php
@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OC\Core\Migrations;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version30000Date20240814180800 extends SimpleMigrationStep {
+       public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+               /** @var ISchemaWrapper $schema */
+               $schema = $schemaClosure();
+
+               $table = $schema->getTable('webauthn');
+               $column = $table->getColumn('public_key_credential_id');
+
+               /**
+                * There is no maximum length defined in the standard,
+                * most common the length is between 128 and 200 characters,
+                * but as we store it not in plain data but base64 encoded the length can grow about 1/3.
+                * We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64.
+                * So to be save we increase the size to 512 bytes.
+                */
+               if ($column->getLength() < 512) {
+                       $column->setLength(512);
+               }
+
+               return $schema;
+       }
+}

diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index a09bbb25038a652e23e788ecdd6d9efe22d8185a..4872a042b53fdd031a61eeebb32b453fd30ba55d 100644 (file)
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -1279,6 +1279,7 @@ return array(
     'OC\\Core\\Migrations\\Version29000Date20240124132201' => $baseDir . '/core/Migrations/Version29000Date20240124132201.php',
     'OC\\Core\\Migrations\\Version29000Date20240124132202' => $baseDir . '/core/Migrations/Version29000Date20240124132202.php',
     'OC\\Core\\Migrations\\Version29000Date20240131122720' => $baseDir . '/core/Migrations/Version29000Date20240131122720.php',
+    'OC\\Core\\Migrations\\Version30000Date20240814180800' => $baseDir . '/core/Migrations/Version30000Date20240814180800.php',
     'OC\\Core\\Notification\\CoreNotifier' => $baseDir . '/core/Notification/CoreNotifier.php',
     'OC\\Core\\Service\\LoginFlowV2Service' => $baseDir . '/core/Service/LoginFlowV2Service.php',
     'OC\\DB\\Adapter' => $baseDir . '/lib/private/DB/Adapter.php',

diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 16fb699964c46060dd37ca59931981a00817ee0f..4dba8372083df94da8e27c208427d7b452e863c2 100644 (file)
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -1312,6 +1312,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Core\\Migrations\\Version29000Date20240124132201' => __DIR__ . '/../../..' . '/core/Migrations/Version29000Date20240124132201.php',
         'OC\\Core\\Migrations\\Version29000Date20240124132202' => __DIR__ . '/../../..' . '/core/Migrations/Version29000Date20240124132202.php',
         'OC\\Core\\Migrations\\Version29000Date20240131122720' => __DIR__ . '/../../..' . '/core/Migrations/Version29000Date20240131122720.php',
+        'OC\\Core\\Migrations\\Version30000Date20240814180800' => __DIR__ . '/../../..' . '/core/Migrations/Version30000Date20240814180800.php',
         'OC\\Core\\Notification\\CoreNotifier' => __DIR__ . '/../../..' . '/core/Notification/CoreNotifier.php',
         'OC\\Core\\Service\\LoginFlowV2Service' => __DIR__ . '/../../..' . '/core/Service/LoginFlowV2Service.php',
         'OC\\DB\\Adapter' => __DIR__ . '/../../..' . '/lib/private/DB/Adapter.php',