search

web-auth / webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework
MIT License
381 stars 51 forks source link

TypeError in AuthenticationExtensionsDenormalizer #571

Closed danielburger1337 closed 3 months ago

danielburger1337 commented 4 months ago

Version(s) affected

4.8.2

Description

Just upgraded to 4.8.2, migrated to the WebauthnSerializerFactory and the CeremonyStepManagerFactory and I get the following error when trying to register a new passkey (using a passkey works just fine):

TypeError: Webauthn\AuthenticationExtensions\AuthenticationExtensions::create(): Argument #1 ($extensions) must be of type array, Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientOutputs given, called in /iam/vendor/web-auth/webauthn-lib/src/Denormalizer/AuthenticationExtensionsDenormalizer.php on line 33

How to reproduce

The payload my JS app sends to the server is the following:

{
    "id": "2f-[...]-RY4ec8YrzauF",
    "rawId": "2f-[...]-RY4ec8YrzauF",
    "response": {
        "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjCSZYN5YgOjGh0CDZ_5_e-KXsu[...]oEXpS8IHycCVyQtboWtjcmVkUHJvdGVjdAM",
        "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoieVd2ekJKVzduZTBiX0d2cUJaQ3EtUSIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0OjgwMDAiLCJjcm9zc09yaWdpbiI6ZmFsc2V9",
        "transports": ["nfc", "usb"],
        "publicKeyAlgorithm": -7,
        "publicKey": "MFkw[...]",
        "authenticatorData": "SZYN5YgOjGh0-[..]-pcmVkUHJvdGVjdAM"
    },
    "type": "public-key",
    "clientExtensionResults": {},
    "authenticatorAttachment": "cross-platform"
}

Possible Solution

I think this must be fixed in AuthenticationExtensionsDenormalizer::denormalize. The following fixes my issue, but I don't know if it may cause any other:

final class AuthenticationExtensionsDenormalizer implements DenormalizerInterface, DenormalizerAwareInterface
{
    use DenormalizerAwareTrait;

    public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): mixed
    {
        if ($this->denormalizer === null) {
            throw new BadMethodCallException('Please set a denormalizer before calling denormalize()!');
        }

        if ($data instanceof AuthenticationExtensionsClientOutputs) {
            $data = $data->extensions;
        } elseif ($data instanceof AuthenticationExtensionsClientInputs) {
            $data = $data->extensions;
        }

        foreach ($data as $key => $value) {
            if (!\is_string($key)) {
                continue;
            }
            $data[$key] = AuthenticationExtension::create($key, $value);
        }

        return AuthenticationExtensions::create($data);
    }
    ...
}

Additional Context

No response

Spomky commented 4 months ago

Hello @danielburger1337,

Many thanks for reporting this issue. I will fix it ASAP.

github-actions[bot] commented 2 months ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.