3.0.0.alpha2 - Githubissues

cedarcode / webauthn-ruby

WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party

https://rubygems.org/gems/webauthn

MIT License

649 stars 53 forks source link

3.0.0.alpha2 #368

Closed bdewater closed 2 years ago

bdewater commented 2 years ago

This is a rebase of https://github.com/cedarcode/webauthn-ruby/pull/296 on top of the current master branch, addressing the concerns from https://github.com/cedarcode/webauthn-ruby/issues/367 that one would have to pick between either the OpenSSL 3.0 compatibility or support for multiple relying parties.

While I was here I bumped the minimum Ruby to 2.5 for a green build.

bdewater commented 2 years ago

@brauliomartinezlm @grzuy 👋 long time no speak. Any concerns with the master branch targeting a 3.0 alpha, now that there's a 2-stable branch?

Brantron commented 2 years ago

What's not clear to me is why was this reverted in the last attempt? Can we ensure we have specs that account for whatever the issue was previously? I'm happy to help test if we can understand that.

brauliomartinezlm commented 2 years ago

Hey @bdewater I'm definitely onboard on doing this. I'll take a look at the PR during the weekend and we can merge it. Thank you for opening this PR! Long time indeed :).

What's not clear to me is why was this reverted in the last attempt? Can we ensure we have specs that account for whatever the issue was previously? I'm happy to help test if we can understand that.

@Brantron there's actually no issue with version 3. We were waiting for a long time for signals that the new API was a good move from the gem users (regardless of being backwards compatible). That never came in the form we expected and it was more of a long process where I think now we have enough proof of adoption of v3.

That being said, all testing and being extra careful is highly appreciated given the sensitivity of our beloved gem 🙏

brauliomartinezlm commented 2 years ago

@bdewater did you have any issues between v3 and all the things that made it to 2-stable for the openssl3 upgrade?

bdewater commented 2 years ago

@brauliomartinezlm none 😄 after fixing the merge conflicts, the only test suite failures that I remember needing a closer look were the encoder.encode method calls, that now use [1] instead of last to access the result of create_credential due to the changes in f787a2f3a001ba991d08df6da48b21eab7d8f5c4

Brantron commented 1 year ago

Thanks for getting this merged in folks. I'm super pumped to start using the new release 🥳

brauliomartinezlm commented 1 year ago

Just released 3.0.0.alpha2 🎉 . Sorry for the delay 🙏