search

asbiin / laravel-webauthn

Webauthn adapter for Laravel
MIT License
266 stars 37 forks source link

fix: invalid challenge causes a query exception #473

Closed matthijs closed 6 months ago

matthijs commented 7 months ago

In our project there was a QueryException which was caused by an invalid challenge. The webauthnKey could not be found which throwed an ModelNotFoundException.

Because there was no handling in the catch statement it falled back to the parent class.

In that class the credential array is used to build a query to fetch the user. And that caused a query exception.

When there is a signed challenge and no webauthn key could be find just return null instead of calling the parent function.

I've also added a unit test to handle this situation.

asbiin commented 6 months ago

Thank you @matthijs !

github-actions[bot] commented 6 months ago

:tada: This PR is included in version 4.2.1 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: