Closed Jorgu5 closed 9 months ago
Spomky
commented
11 months ago Hi,
You are right, if a CredentialId is passed as a argument, the repository shall be defined. There is a deprecation notice for the CredentialId at line 122, but if the repository argument is set to null it will fails. I created a PR for fixing this and indicates the reason for failure.
Spomky
commented
9 months ago PR was merged and tag added.
github-actions[bot]
commented
8 months ago This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Version(s) affected
4.7.2
Description
The AuthenticatorAssertionResponseValidator claims to have optional dependency on PublicKeyCredentialSourceRepository starting from version 4.6.0. However, this isn't entirely accurate. In line 144, the code checks if $credentialId is a string. If it is, the findOneByCredentialId method within PublicKeyCredentialSourceRepository is called. Since this method returns null when the repository is not set, the system outputs "The credential ID is invalid."
How to reproduce
$this->authenticatorAssertionResponseValidator::create( null, null, ExtensionOutputCheckerHandler::create() AlgorithmManager::init(), null )
will return
The credential ID is invalid.Possible Solution
Return directly $credential ID and bypass findOneByCredentialId method.
Additional Context
No response