PublicKeyCredentialUserEntity::createFromArray uses wrong base64 decoder

arokettu commented 7 months ago

Version(s) affected

4.7.7

Description

How to reproduce

<?php

use Webauthn\PublicKeyCredentialUserEntity;

require __DIR__ . '/../vendor/autoload.php';

$ue = new PublicKeyCredentialUserEntity("test test", "\0\1\2\xff", "test test");
$ue2 = PublicKeyCredentialUserEntity::createFromString(json_encode($ue));
// Base64::decode() only expects characters in the correct base64 alphabet in .../paragonie/constant_time_encoding/src/Base64.php:219
// #0 .../web-auth/webauthn-lib/src/PublicKeyCredentialUserEntity.php(72): ParagonIE\ConstantTime\Base64::decode()
// #1 .../web-auth/webauthn-lib/src/PublicKeyCredentialUserEntity.php(55): Webauthn\PublicKeyCredentialUserEntity::createFromArray()
// #2 debug.php(8): Webauthn\PublicKeyCredentialUserEntity::createFromString()

Possible Solution

I guess it should use \Webauthn\Util\Base64 instead of \ParagonIE\ConstantTime\Base64

Additional Context

No response

Spomky commented 7 months ago

Hi,

Indeed, there is something wrong with the encoding/decoding process. I will fix it ASAP.

Regards.

arokettu commented 6 months ago

Can I speed it up by a MR?

Spomky commented 6 months ago

Hi,

It is now fixed in the last bug release.

Regards.

arokettu commented 6 months ago

Seems working, thanks

github-actions[bot] commented 5 months ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

web-auth / webauthn-framework