From bb5070b5fda81b4aa161d476539814a8ced4152d Mon Sep 17 00:00:00 2001 From: Alexis Saettler Date: Sun, 21 Jul 2024 21:31:42 +0200 Subject: [PATCH] feat: remove deprecated AndroidSafetynet (#489) --- config/webauthn.php | 12 ----------- src/Actions/AttemptToAuthenticate.php | 3 +-- src/Actions/EnsureLoginIsNotThrottled.php | 3 +-- src/Actions/LoginUserRetrieval.php | 3 +-- src/Actions/PrepareAuthenticatedSession.php | 3 +-- src/Events/WebauthnLogin.php | 3 +-- src/Events/WebauthnLoginData.php | 3 +-- src/Events/WebauthnRegister.php | 3 +-- src/Events/WebauthnRegisterData.php | 3 +-- src/Events/WebauthnRegisterFailed.php | 3 +-- src/Exceptions/ResponseMismatchException.php | 4 +--- src/Exceptions/WrongUserHandleException.php | 4 +--- src/Http/Middleware/WebauthnMiddleware.php | 3 +-- src/Http/Responses/LockoutResponse.php | 3 +-- src/Models/Casts/TrustPath.php | 4 ++-- src/Services/LoginRateLimiter.php | 3 +-- src/Services/Webauthn/CredentialValidator.php | 3 +-- src/WebauthnServiceProvider.php | 21 ++----------------- tests/Unit/Services/WebauthnTest.php | 4 +--- 19 files changed, 20 insertions(+), 68 deletions(-) diff --git a/config/webauthn.php b/config/webauthn.php index 67a8f6ea..52aad5f1 100644 --- a/config/webauthn.php +++ b/config/webauthn.php @@ -216,18 +216,6 @@ 'attestation_conveyance' => 'none', - /* - |-------------------------------------------------------------------------- - | Google Safetynet ApiKey - |-------------------------------------------------------------------------- - | - | Api key to use Google Safetynet. - | See https://developer.android.com/training/safetynet/attestation - | - */ - - 'google_safetynet_api_key' => env('GOOGLE_SAFETYNET_API_KEY'), - /* |-------------------------------------------------------------------------- | Webauthn Public Key Credential Parameters diff --git a/src/Actions/AttemptToAuthenticate.php b/src/Actions/AttemptToAuthenticate.php index 147884cd..fbad0e1e 100644 --- a/src/Actions/AttemptToAuthenticate.php +++ b/src/Actions/AttemptToAuthenticate.php @@ -20,8 +20,7 @@ class AttemptToAuthenticate public function __construct( protected StatefulGuard $guard, protected LoginRateLimiter $limiter - ) { - } + ) {} /** * Handle the incoming request. diff --git a/src/Actions/EnsureLoginIsNotThrottled.php b/src/Actions/EnsureLoginIsNotThrottled.php index e40084d6..2b5596a3 100644 --- a/src/Actions/EnsureLoginIsNotThrottled.php +++ b/src/Actions/EnsureLoginIsNotThrottled.php @@ -15,8 +15,7 @@ class EnsureLoginIsNotThrottled */ public function __construct( protected LoginRateLimiter $limiter - ) { - } + ) {} /** * Handle the incoming request. diff --git a/src/Actions/LoginUserRetrieval.php b/src/Actions/LoginUserRetrieval.php index 8f98cb12..9ffaa276 100644 --- a/src/Actions/LoginUserRetrieval.php +++ b/src/Actions/LoginUserRetrieval.php @@ -18,8 +18,7 @@ class LoginUserRetrieval */ public function __construct( protected LoginRateLimiter $limiter - ) { - } + ) {} /** * Handle the incoming request. diff --git a/src/Actions/PrepareAuthenticatedSession.php b/src/Actions/PrepareAuthenticatedSession.php index f92e4edb..ff650245 100644 --- a/src/Actions/PrepareAuthenticatedSession.php +++ b/src/Actions/PrepareAuthenticatedSession.php @@ -13,8 +13,7 @@ class PrepareAuthenticatedSession */ public function __construct( protected LoginRateLimiter $limiter - ) { - } + ) {} /** * Handle the incoming request. diff --git a/src/Events/WebauthnLogin.php b/src/Events/WebauthnLogin.php index fbfd5c3c..922f705c 100644 --- a/src/Events/WebauthnLogin.php +++ b/src/Events/WebauthnLogin.php @@ -19,6 +19,5 @@ class WebauthnLogin public function __construct( public User $user, public bool $eloquent = false - ) { - } + ) {} } diff --git a/src/Events/WebauthnLoginData.php b/src/Events/WebauthnLoginData.php index 3199092b..f4cf287c 100644 --- a/src/Events/WebauthnLoginData.php +++ b/src/Events/WebauthnLoginData.php @@ -20,6 +20,5 @@ class WebauthnLoginData public function __construct( public User $user, public PublicKeyCredentialRequestOptions $publicKey - ) { - } + ) {} } diff --git a/src/Events/WebauthnRegister.php b/src/Events/WebauthnRegister.php index 57420723..ad87ed65 100644 --- a/src/Events/WebauthnRegister.php +++ b/src/Events/WebauthnRegister.php @@ -17,6 +17,5 @@ class WebauthnRegister */ public function __construct( public Model $webauthnKey - ) { - } + ) {} } diff --git a/src/Events/WebauthnRegisterData.php b/src/Events/WebauthnRegisterData.php index 47309b6f..15a3517b 100644 --- a/src/Events/WebauthnRegisterData.php +++ b/src/Events/WebauthnRegisterData.php @@ -20,6 +20,5 @@ class WebauthnRegisterData public function __construct( public User $user, public PublicKeyCredentialCreationOptions $publicKey - ) { - } + ) {} } diff --git a/src/Events/WebauthnRegisterFailed.php b/src/Events/WebauthnRegisterFailed.php index ca69af2f..a3b527bb 100644 --- a/src/Events/WebauthnRegisterFailed.php +++ b/src/Events/WebauthnRegisterFailed.php @@ -20,6 +20,5 @@ class WebauthnRegisterFailed public function __construct( public User $user, public ?Exception $exception = null - ) { - } + ) {} } diff --git a/src/Exceptions/ResponseMismatchException.php b/src/Exceptions/ResponseMismatchException.php index feb5e20f..5998661a 100644 --- a/src/Exceptions/ResponseMismatchException.php +++ b/src/Exceptions/ResponseMismatchException.php @@ -7,6 +7,4 @@ /** * Exception thrown if the response type is wrong. */ -class ResponseMismatchException extends RuntimeException -{ -} +class ResponseMismatchException extends RuntimeException {} diff --git a/src/Exceptions/WrongUserHandleException.php b/src/Exceptions/WrongUserHandleException.php index 5dadde77..970a71d8 100644 --- a/src/Exceptions/WrongUserHandleException.php +++ b/src/Exceptions/WrongUserHandleException.php @@ -7,6 +7,4 @@ /** * Exception thrown if the user handle is wrong. */ -class WrongUserHandleException extends RuntimeException -{ -} +class WrongUserHandleException extends RuntimeException {} diff --git a/src/Http/Middleware/WebauthnMiddleware.php b/src/Http/Middleware/WebauthnMiddleware.php index cb8d97d3..7c1d79cb 100644 --- a/src/Http/Middleware/WebauthnMiddleware.php +++ b/src/Http/Middleware/WebauthnMiddleware.php @@ -15,8 +15,7 @@ class WebauthnMiddleware */ public function __construct( protected AuthFactory $auth - ) { - } + ) {} /** * Handle an incoming request. diff --git a/src/Http/Responses/LockoutResponse.php b/src/Http/Responses/LockoutResponse.php index 643fb53a..4668142b 100644 --- a/src/Http/Responses/LockoutResponse.php +++ b/src/Http/Responses/LockoutResponse.php @@ -15,8 +15,7 @@ class LockoutResponse implements LockoutResponseContract */ public function __construct( protected LoginRateLimiter $limiter - ) { - } + ) {} /** * Create an HTTP response that represents the object. diff --git a/src/Models/Casts/TrustPath.php b/src/Models/Casts/TrustPath.php index c2b3254d..cf2862cd 100644 --- a/src/Models/Casts/TrustPath.php +++ b/src/Models/Casts/TrustPath.php @@ -3,8 +3,8 @@ namespace LaravelWebauthn\Models\Casts; use Illuminate\Contracts\Database\Eloquent\CastsAttributes; +use Symfony\Component\Serializer\SerializerInterface; use Webauthn\TrustPath\TrustPath as TrustPathLib; -use Webauthn\TrustPath\TrustPathLoader; /** * @implements CastsAttributes @@ -19,7 +19,7 @@ class TrustPath implements CastsAttributes */ public function get($model, string $key, $value, array $attributes): ?TrustPathLib { - return $value !== null ? TrustPathLoader::loadTrustPath(json_decode($value, true, flags: JSON_THROW_ON_ERROR)) : null; + return $value !== null ? app(SerializerInterface::class)->deserialize($value, TrustPathLib::class, 'json') : null; } /** diff --git a/src/Services/LoginRateLimiter.php b/src/Services/LoginRateLimiter.php index 17f1100e..ab5c31a7 100644 --- a/src/Services/LoginRateLimiter.php +++ b/src/Services/LoginRateLimiter.php @@ -13,8 +13,7 @@ class LoginRateLimiter */ public function __construct( protected RateLimiter $limiter - ) { - } + ) {} /** * Get the number of attempts for the given key. diff --git a/src/Services/Webauthn/CredentialValidator.php b/src/Services/Webauthn/CredentialValidator.php index 722eb20b..38e09014 100644 --- a/src/Services/Webauthn/CredentialValidator.php +++ b/src/Services/Webauthn/CredentialValidator.php @@ -16,8 +16,7 @@ abstract class CredentialValidator public function __construct( protected Request $request, protected Cache $cache - ) { - } + ) {} /** * Returns the cache key to remember the challenge for the user. diff --git a/src/WebauthnServiceProvider.php b/src/WebauthnServiceProvider.php index d6dfdfe1..9da05ef7 100644 --- a/src/WebauthnServiceProvider.php +++ b/src/WebauthnServiceProvider.php @@ -41,7 +41,6 @@ use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory; use Symfony\Component\Serializer\SerializerInterface; use Webauthn\AttestationStatement\AndroidKeyAttestationStatementSupport; -use Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport; use Webauthn\AttestationStatement\AppleAttestationStatementSupport; use Webauthn\AttestationStatement\AttestationObjectLoader; use Webauthn\AttestationStatement\AttestationStatementSupportManager; @@ -130,15 +129,6 @@ protected function bindWebAuthnPackage(): void $app[CoseAlgorithmManager::class] ) ); - $this->app->bind( - AndroidSafetyNetAttestationStatementSupport::class, - fn ($app) => (new AndroidSafetyNetAttestationStatementSupport()) - ->enableApiVerification( - $app[ClientInterface::class], - $app['config']->get('webauthn.google_safetynet_api_key'), - $app[RequestFactoryInterface::class] - ) - ); $this->app->bind( AttestationStatementSupportManager::class, fn ($app) => tap(new AttestationStatementSupportManager(), function ($manager) use ($app) { @@ -157,11 +147,6 @@ protected function bindWebAuthnPackage(): void // https://www.w3.org/TR/webauthn/#sctn-packed-attestation $manager->add($app[PackedAttestationStatementSupport::class]); - // https://www.w3.org/TR/webauthn/#sctn-android-safetynet-attestation - if ($app['config']->get('webauthn.google_safetynet_api_key') !== null) { - $manager->add($app[AndroidSafetyNetAttestationStatementSupport::class]); - } - // https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation $manager->add($app[AppleAttestationStatementSupport::class]); }) @@ -182,10 +167,8 @@ protected function bindWebAuthnPackage(): void $this->app->bind( AuthenticatorAttestationResponseValidator::class, fn ($app) => tap(new AuthenticatorAttestationResponseValidator( - $app[AttestationStatementSupportManager::class], - null, - null, - $app[ExtensionOutputCheckerHandler::class] + attestationStatementSupportManager: $app[AttestationStatementSupportManager::class], + extensionOutputCheckerHandler: $app[ExtensionOutputCheckerHandler::class] ), fn (AuthenticatorAttestationResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log']) ) ); diff --git a/tests/Unit/Services/WebauthnTest.php b/tests/Unit/Services/WebauthnTest.php index cd12d6d1..7eac8871 100644 --- a/tests/Unit/Services/WebauthnTest.php +++ b/tests/Unit/Services/WebauthnTest.php @@ -289,6 +289,4 @@ public function it_creates_model_anyway() } } -class WebauthnKeyTest extends WebauthnKey -{ -} +class WebauthnKeyTest extends WebauthnKey {}