diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-04-16 12:57:34 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-16 12:57:34 +0200 |
| commit | 7eec3b5a7250d111868a4121d96f33e6c0305e72 (patch) | |
| tree | 23c76cd4b76f9e38199a5e4a45121e87da582f56 /lib | |
| parent | 90281375a3c9f991be79091450469cdfebc9277a (diff) | |
| parent | a1a74ccc209954c4ce87277ebeb05520472b7c07 (diff) | |
| download | nextcloud-server-7eec3b5a7250d111868a4121d96f33e6c0305e72.tar.gz nextcloud-server-7eec3b5a7250d111868a4121d96f33e6c0305e72.zip | |
Merge pull request #44761 from nextcloud/fix/deps-webauthn-lib
fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Authentication/WebAuthn/Manager.php | 48 | ||||
| -rw-r--r-- | lib/private/Log/PsrLoggerAdapter.php | 84 |
2 files changed, 71 insertions, 61 deletions
diff --git a/lib/private/Authentication/WebAuthn/Manager.php b/lib/private/Authentication/WebAuthn/Manager.php index 5a97a573b99..b05e1757267 100644 --- a/lib/private/Authentication/WebAuthn/Manager.php +++ b/lib/private/Authentication/WebAuthn/Manager.php @@ -83,14 +83,14 @@ class Manager { public function startRegistration(IUser $user, string $serverHost): PublicKeyCredentialCreationOptions { $rpEntity = new PublicKeyCredentialRpEntity( 'Nextcloud', //Name - $this->stripPort($serverHost), //ID + $this->stripPort($serverHost), //ID null //Icon ); $userEntity = new PublicKeyCredentialUserEntity( - $user->getUID(), //Name - $user->getUID(), //ID - $user->getDisplayName() //Display name + $user->getUID(), // Name + $user->getUID(), // ID + $user->getDisplayName() // Display name // 'https://foo.example.co/avatar/123e4567-e89b-12d3-a456-426655440000' //Icon ); @@ -108,8 +108,9 @@ class Manager { $authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( null, + AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED, + null, false, - AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED ); return new PublicKeyCredentialCreationOptions( @@ -117,11 +118,10 @@ class Manager { $userEntity, $challenge, $publicKeyCredentialParametersList, - $timeout, - $excludedPublicKeyDescriptors, $authenticatorSelectionCriteria, PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE, - null + $excludedPublicKeyDescriptors, + $timeout, ); } @@ -149,7 +149,7 @@ class Manager { try { // Load the data $publicKeyCredential = $publicKeyCredentialLoader->load($data); - $response = $publicKeyCredential->getResponse(); + $response = $publicKeyCredential->response; // Check if the response is an Authenticator Attestation Response if (!$response instanceof AuthenticatorAttestationResponse) { @@ -162,7 +162,9 @@ class Manager { $publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check( $response, $publicKeyCredentialCreationOptions, - $request); + $request, + ['localhost'], + ); } catch (\Throwable $exception) { throw $exception; } @@ -180,18 +182,18 @@ class Manager { $registeredPublicKeyCredentialDescriptors = array_map(function (PublicKeyCredentialEntity $entity) { $credential = $entity->toPublicKeyCredentialSource(); return new PublicKeyCredentialDescriptor( - $credential->getType(), - $credential->getPublicKeyCredentialId() + $credential->type, + $credential->publicKeyCredentialId, ); }, $this->credentialMapper->findAllForUid($uid)); // Public Key Credential Request Options return new PublicKeyCredentialRequestOptions( - random_bytes(32), // Challenge - 60000, // Timeout - $this->stripPort($serverHost), // Relying Party ID - $registeredPublicKeyCredentialDescriptors, // Registered PublicKeyCredentialDescriptor classes - AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED + random_bytes(32), // Challenge + $this->stripPort($serverHost), // Relying Party ID + $registeredPublicKeyCredentialDescriptors, // Registered PublicKeyCredentialDescriptor classes + AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED, + 60000, // Timeout ); } @@ -213,16 +215,15 @@ class Manager { $tokenBindingHandler, $extensionOutputCheckerHandler, $algorithmManager, - null, - $this->logger, ); + $authenticatorAssertionResponseValidator->setLogger($this->logger); try { $this->logger->debug('Loading publickey credentials from: ' . $data); // Load the data $publicKeyCredential = $publicKeyCredentialLoader->load($data); - $response = $publicKeyCredential->getResponse(); + $response = $publicKeyCredential->response; // Check if the response is an Authenticator Attestation Response if (!$response instanceof AuthenticatorAssertionResponse) { @@ -233,18 +234,17 @@ class Manager { $request = ServerRequest::fromGlobals(); $publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check( - $publicKeyCredential->getRawId(), + $publicKeyCredential->rawId, $response, $publicKeyCredentialRequestOptions, $request, - $uid + $uid, + ['localhost'], ); } catch (\Throwable $e) { throw $e; } - - return true; } diff --git a/lib/private/Log/PsrLoggerAdapter.php b/lib/private/Log/PsrLoggerAdapter.php index 12254bfc67f..8b397ef8905 100644 --- a/lib/private/Log/PsrLoggerAdapter.php +++ b/lib/private/Log/PsrLoggerAdapter.php @@ -7,7 +7,7 @@ declare(strict_types=1); * * @author Christoph Wurst <christoph@winzerhof-wurst.at> * - * @license GNU AGPL version 3 or any later version + * @license AGPL-3.0-or-later * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -31,6 +31,7 @@ use OCP\ILogger; use OCP\Log\IDataLogger; use Psr\Log\InvalidArgumentException; use Psr\Log\LoggerInterface; +use Stringable; use Throwable; use function array_key_exists; use function array_merge; @@ -52,19 +53,20 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { /** * System is unusable. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function emergency($message, array $context = []): void { + public function emergency(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::FATAL, ], $context )); } else { - $this->logger->emergency($message, $context); + $this->logger->emergency((string)$message, $context); } } @@ -74,19 +76,20 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * Example: Entire website down, database unavailable, etc. This should * trigger the SMS alerts and wake you up. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function alert($message, array $context = []): void { + public function alert(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::ERROR, ], $context )); } else { - $this->logger->alert($message, $context); + $this->logger->alert((string)$message, $context); } } @@ -95,19 +98,20 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * * Example: Application component unavailable, unexpected exception. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function critical($message, array $context = []): void { + public function critical(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::ERROR, ], $context )); } else { - $this->logger->critical($message, $context); + $this->logger->critical((string)$message, $context); } } @@ -115,19 +119,20 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * Runtime errors that do not require immediate action but should typically * be logged and monitored. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function error($message, array $context = []): void { + public function error(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::ERROR, ], $context )); } else { - $this->logger->error($message, $context); + $this->logger->error((string)$message, $context); } } @@ -137,38 +142,40 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * Example: Use of deprecated APIs, poor use of an API, undesirable things * that are not necessarily wrong. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function warning($message, array $context = []): void { + public function warning(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::WARN, ], $context )); } else { - $this->logger->warning($message, $context); + $this->logger->warning((string)$message, $context); } } /** * Normal but significant events. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function notice($message, array $context = []): void { + public function notice(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::INFO, ], $context )); } else { - $this->logger->notice($message, $context); + $this->logger->notice((string)$message, $context); } } @@ -177,38 +184,40 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * * Example: User logs in, SQL logs. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function info($message, array $context = []): void { + public function info(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::INFO, ], $context )); } else { - $this->logger->info($message, $context); + $this->logger->info((string)$message, $context); } } /** * Detailed debug information. * - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context */ - public function debug($message, array $context = []): void { + public function debug(string|Stringable $message, array $context = []): void { if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => ILogger::DEBUG, ], $context )); } else { - $this->logger->debug($message, $context); + $this->logger->debug((string)$message, $context); } } @@ -216,24 +225,25 @@ final class PsrLoggerAdapter implements LoggerInterface, IDataLogger { * Logs with an arbitrary level. * * @param mixed $level - * @param string $message + * @param string|Stringable $message + * @param mixed[] $context * * @throws InvalidArgumentException */ - public function log($level, $message, array $context = []): void { + public function log($level, string|Stringable $message, array $context = []): void { if (!is_int($level) || $level < ILogger::DEBUG || $level > ILogger::FATAL) { throw new InvalidArgumentException('Nextcloud allows only integer log levels'); } if ($this->containsThrowable($context)) { $this->logger->logException($context['exception'], array_merge( [ - 'message' => $message, + 'message' => (string)$message, 'level' => $level, ], $context )); } else { - $this->logger->log($level, $message, $context); + $this->logger->log($level, (string)$message, $context); } } |