Merge branch 'main' into main

.github/workflows/lint.yml

@@ -0,0 +1,14 @@
+name: Lint files
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+concurrency:
+  group: Lint files ${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  php:
+    name: Lint PHP files
+    uses: monicahq/workflows/.github/workflows/lint_php.yml@v2

.github/workflows/static.yml

@@ -4,72 +4,13 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 
-jobs:
-  psalm:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-version: ['8.2']
-
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v4
-
-      - name: Setup PHP ${{ matrix.php-version }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php-version }}
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-      - name: Cache composer files
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}-${{ matrix.php-version }}
-          restore-keys: |
-            ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}-${{ matrix.php-version }}
-            ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}
-            ${{ runner.os }}-composer-v4-
-
-      - name: Install dependencies
-        run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
-
-      - name: Run psalm
-        run: vendor/bin/psalm --output-format=github
-
+concurrency:
+  group: Static ${{ github.ref }}
+  cancel-in-progress: true
 
-  phpstan:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-version: ['8.2']
-
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v4
-
-      - name: Setup PHP ${{ matrix.php-version }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php-version }}
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-      - name: Cache composer files
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}-${{ matrix.php-version }}
-          restore-keys: |
-            ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}-${{ matrix.php-version }}
-            ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}
-            ${{ runner.os }}-composer-v4-
-
-      - name: Install dependencies
-        run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
-
-      - name : Run phpstan
-        run: vendor/bin/phpstan analyse
+jobs:
+  statics:
+    name: Static analysis
+    uses: monicahq/workflows/.github/workflows/static.yml@v2
+    with:
+      php-version: 8.2

.github/workflows/tests.yml

@@ -19,7 +19,11 @@ on:
 env:
   default-php-version: '8.2'
   default-laravel-version: '10.*'
-  semantic-node-version: 18
+  semantic-node-version: 20
+
+concurrency:
+  group: Tests ${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   tests:
@@ -29,8 +33,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['8.1','8.2']
-        laravel-version: [9.*,10.*]
+        php-version: ['8.1', '8.2', '8.3']
+        laravel-version: ['9.*', '10.*']
         psr7: ['guzzle']
         include:
           - php-version: '8.1'
@@ -63,6 +67,8 @@ jobs:
         run: composer -V
       - name: Check PHP Extensions
         run: php -m
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
       - name: Validate composer.json
         run: composer validate
@@ -71,7 +77,7 @@ jobs:
         id: composer-cache
         run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
       - name: Cache composer files
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-v4-${{ hashFiles('**/composer.json') }}-${{ matrix.php-version }}-${{ matrix.laravel-version }}
@@ -104,24 +110,25 @@ jobs:
         run: |
           composer update --no-interaction --no-progress --prefer-dist
 
-      - name: Setup problem matchers
-        run: |
-          echo "::add-matcher::${{ runner.tool_cache }}/php.json"
-          echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+      - name: Set results artifact name
+        id: artifact
+        run: echo "name=${{ matrix.php-version }}_${{ matrix.laravel-version }}${{ matrix.psr7 }}" | sed -e "s/*//g" >> $GITHUB_OUTPUT
 
+      - name: Setup problem matchers
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
       - name: Run test suite
         run: vendor/bin/phpunit -c phpunit.xml --log-junit ./results/results_${{ matrix.psr7 }}.xml --coverage-clover ./results/coverage_${{ matrix.psr7 }}.xml
 
       - name: Fix results files
+        if: success() || failure()
         run: sed -i -e "s%$GITHUB_WORKSPACE/%%g" *.xml
         working-directory: results
-        if: success() || failure()
 
       - name: Store results
-        if: matrix.php-version == env.default-php-version && matrix.laravel-version == env.default-laravel-version && (success() || failure())
-        uses: actions/upload-artifact@v3
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
         with:
-          name: results
+          name: results_${{ steps.artifact.outputs.name }}
           path: results
 
 
@@ -140,16 +147,19 @@ jobs:
           fetch-depth: 0
 
       - name: Download results
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: results
+          pattern: ${{ format('results_{0}_{1}', env.default-php-version, env.default-laravel-version) }}
           path: results
+          merge-multiple: true
 
       - name: Merge junit files
         run: |
+          mkdir -p $RUNNER_TEMP/junit-merge
+          cd $RUNNER_TEMP/junit-merge
           npm init -y
           yarn set version berry
-          yarn dlx junit-report-merger ./results/results.xml "./results/results*.xml"
+          yarn dlx junit-merge --recursive --dir $GITHUB_WORKSPACE/results --out $GITHUB_WORKSPACE/results/results.xml
 
       - name: Set coverage list
         id: coverage
@@ -159,7 +169,7 @@ jobs:
 
       - name: SonarCloud Scan
         if: env.SONAR_TOKEN != ''
-        uses: SonarSource/sonarcloud-github-action@v2.0.2
+        uses: SonarSource/sonarcloud-github-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -207,7 +217,7 @@ jobs:
 
       - name: Store changelog file
         if: steps.semantic.outputs.new_release_published == 'true'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: changelog
           path: CHANGELOG.md

composer.json

@@ -22,9 +22,13 @@
     "require": {
         "php": ">=8.1",
         "illuminate/support": "^9.0 || ^10.0",
+        "phpdocumentor/reflection-docblock": "^5.3",
         "psr/http-factory-implementation": "1.0",
+        "symfony/property-access": "^6.4 || ^7.0",
+        "symfony/property-info": "^6.4 || ^7.0",
+        "symfony/serializer": "^6.4 || ^7.0",
         "web-auth/cose-lib": "^4.0",
-        "web-auth/webauthn-lib": "^4.7.1",
+        "web-auth/webauthn-lib": "^4.8.0",
         "web-token/jwt-signature": "^3.0"
     },
     "conflict": {

src/Actions/AttemptToAuthenticate.php

@@ -113,7 +113,7 @@ protected function throwFailedAuthenticationException(Request $request): void
     /**
      * Fire the failed authentication attempt event with the given arguments.
      */
-    protected function fireFailedEvent(Request $request, User $user = null): void
+    protected function fireFailedEvent(Request $request, ?User $user = null): void
     {
         event(new Failed(config('webauthn.guard'), $user, [
             Webauthn::username() => $user !== null

src/Actions/PrepareCreationData.php

@@ -28,7 +28,7 @@ public function __invoke(User $user): PublicKeyCredentialCreationOptions
      *
      * @throws \Illuminate\Validation\ValidationException
      */
-    protected function throwFailedRegisterException(User $user, Exception $e = null): void
+    protected function throwFailedRegisterException(User $user, ?Exception $e = null): void
     {
         WebauthnRegisterFailed::dispatch($user, $e);
 

src/Actions/ValidateKeyCreation.php

@@ -45,7 +45,7 @@ protected function validateAttestation(User $user, array $data, string $keyName)
      *
      * @throws \Illuminate\Validation\ValidationException
      */
-    protected function throwFailedRegisterException(User $user, Exception $e = null): void
+    protected function throwFailedRegisterException(User $user, ?Exception $e = null): void
     {
         WebauthnRegisterFailed::dispatch($user, $e);
 

src/Http/Middleware/WebauthnMiddleware.php

@@ -21,7 +21,7 @@ public function __construct(
     /**
      * Handle an incoming request.
      */
-    public function handle(Request $request, Closure $next, string $guard = null): mixed
+    public function handle(Request $request, Closure $next, ?string $guard = null): mixed
     {
         if (Webauthn::webauthnEnabled() && ! Webauthn::check()) {
             abort_if($this->auth->guard($guard)->guest(), 401, /** @var string $m */ $m = trans('webauthn::errors.user_unauthenticated'));

src/Models/WebauthnKey.php

@@ -89,7 +89,7 @@ public function publicKeyCredentialSource(): Attribute
                 (string) $this->user_id,
                 $this->counter
             ),
-            set: function (PublicKeyCredentialSource $value, array $attributes = null): array {
+            set: function (PublicKeyCredentialSource $value, ?array $attributes = null): array {
                 if (((string) Arr::get($attributes, 'user_id')) !== $value->userHandle) {
                     throw new WrongUserHandleException();
                 }

src/Services/Webauthn.php

@@ -50,7 +50,7 @@ public static function username(): string
     /**
      * Get a completion redirect path for a specific feature.
      */
-    public static function redirects(string $redirect, string $default = null): string
+    public static function redirects(string $redirect, ?string $default = null): string
     {
         return config('webauthn.redirects.'.$redirect) ?? $default ?? config('webauthn.home');
     }

src/Services/Webauthn/CredentialAssertionValidator.php

@@ -8,18 +8,18 @@
 use LaravelWebauthn\Exceptions\ResponseMismatchException;
 use LaravelWebauthn\Services\Webauthn;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use Symfony\Component\Serializer\SerializerInterface;
 use Webauthn\AuthenticatorAssertionResponse;
 use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\PublicKeyCredential;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialRequestOptions;
 
 class CredentialAssertionValidator extends CredentialValidator
 {
     public function __construct(
         Request $request,
         Cache $cache,
-        protected PublicKeyCredentialLoader $loader,
+        protected SerializerInterface $loader,
         protected AuthenticatorAssertionResponseValidator $validator
     ) {
         parent::__construct($request, $cache);
@@ -33,7 +33,8 @@ public function __construct(
     public function __invoke(User $user, array $data): bool
     {
         // Load the data
-        $publicKeyCredential = $this->loader->loadArray($data);
+        $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
+        $publicKeyCredential = $this->loader->deserialize($content, PublicKeyCredential::class, 'json');
 
         // Check the response against the request
         $this->validator->check(
@@ -53,9 +54,9 @@ public function __invoke(User $user, array $data): bool
     protected function pullPublicKey(User $user): PublicKeyCredentialRequestOptions
     {
         try {
-            $value = json_decode($this->cache->pull($this->cacheKey($user)), true, flags: JSON_THROW_ON_ERROR);
+            $value = $this->cache->pull($this->cacheKey($user));
 
-            return PublicKeyCredentialRequestOptions::createFromArray($value);
+            return $this->loader->deserialize($value, PublicKeyCredentialRequestOptions::class, 'json');
         } catch (\Exception $e) {
             app('webauthn.log')->debug('Webauthn publickKey deserialize error', ['exception' => $e]);
             abort(404);