BS and BE flags added to the Symfony Token (#425)

web-auth · Jun 21, 2023 · 49b5bbc · 49b5bbc
1 parent 86647fd
commit 49b5bbc
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 3 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -916,6 +916,14 @@ parameters:
             count: 1
             path: src/symfony/src/Resources/config/services.php
 
+        -
+            message: """
+                #^Class Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnToken implements deprecated interface Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnTokenInterface\\:
+                since 4\\.7\\.0, use \\{@see \\\\Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnTokenInterface\\} instead$#
+            """
+            count: 1
+            path: src/symfony/src/Security/Authentication/Token/WebauthnToken.php
+
         -
             message: "#^Parameter \\#1 \\$data of method Symfony\\\\Component\\\\Security\\\\Core\\\\Authentication\\\\Token\\\\AbstractToken\\:\\:__unserialize\\(\\) expects array, mixed given\\.$#"
             count: 1
@@ -951,6 +959,16 @@ parameters:
             count: 1
             path: src/symfony/src/Security/Authentication/Token/WebauthnToken.php
 
+        -
+            message: "#^Property Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnToken\\:\\:\\$isBackedUp \\(bool\\) does not accept mixed\\.$#"
+            count: 1
+            path: src/symfony/src/Security/Authentication/Token/WebauthnToken.php
+
+        -
+            message: "#^Property Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnToken\\:\\:\\$isBackupEligible \\(bool\\) does not accept mixed\\.$#"
+            count: 1
+            path: src/symfony/src/Security/Authentication/Token/WebauthnToken.php
+
         -
             message: "#^Property Webauthn\\\\Bundle\\\\Security\\\\Authentication\\\\Token\\\\WebauthnToken\\:\\:\\$isUserPresent \\(bool\\) does not accept mixed\\.$#"
             count: 1

diff --git a/src/symfony/src/Security/Authentication/Token/WebauthnToken.php b/src/symfony/src/Security/Authentication/Token/WebauthnToken.php
@@ -30,7 +30,9 @@ public function __construct(
         private readonly int $signCount,
         private ?AuthenticationExtensionsClientOutputs $extensions,
         private readonly string $firewallName,
-        array $roles = []
+        array $roles = [],
+        private bool $isBackupEligible = false,
+        private bool $isBackedUp = false,
     ) {
         parent::__construct($roles);
     }
@@ -47,6 +49,8 @@ public function __serialize(): array
             json_encode($this->publicKeyCredentialOptions, JSON_THROW_ON_ERROR),
             $this->isUserPresent,
             $this->isUserVerified,
+            $this->isBackupEligible,
+            $this->isBackedUp,
             $this->reservedForFutureUse1,
             $this->reservedForFutureUse2,
             $this->signCount,
@@ -68,6 +72,8 @@ public function __unserialize(array $serialized): void
             $publicKeyCredentialOptions,
             $this->isUserPresent,
             $this->isUserVerified,
+            $this->isBackupEligible,
+            $this->isBackedUp,
             $this->reservedForFutureUse1,
             $this->reservedForFutureUse2,
             $this->signCount,
@@ -141,6 +147,16 @@ public function getSignCount(): int
         return $this->signCount;
     }
 
+    public function isBackupEligible(): bool
+    {
+        return $this->isBackupEligible;
+    }
+
+    public function isBackedUp(): bool
+    {
+        return $this->isBackedUp;
+    }
+
     public function getExtensions(): ?AuthenticationExtensionsClientOutputs
     {
         return $this->extensions;

diff --git a/src/symfony/src/Security/Authentication/Token/WebauthnTokenInterface.php b/src/symfony/src/Security/Authentication/Token/WebauthnTokenInterface.php
@@ -10,6 +10,9 @@
 use Webauthn\PublicKeyCredentialOptions;
 use Webauthn\PublicKeyCredentialUserEntity;
 
+/**
+ * @deprecated since 4.7.0, use {@see \Webauthn\Bundle\Security\Authentication\Token\WebauthnTokenInterface} instead
+ */
 interface WebauthnTokenInterface extends TokenInterface
 {
     public function getCredentials(): PublicKeyCredentialDescriptor;

diff --git a/src/symfony/src/Security/Http/Authenticator/WebauthnAuthenticator.php b/src/symfony/src/Security/Http/Authenticator/WebauthnAuthenticator.php
@@ -140,7 +140,9 @@ public function createToken(Passport $passport, string $firewallName): TokenInte
             $authData->getExtensions(),
             $credentialsBadge->getFirewallName(),
             $userBadge->getUser()
-                ->getRoles()
+                ->getRoles(),
+            $authData->isBackupEligible(),
+            $authData->isBackedUp(),
         );
         $token->setUser($userBadge->getUser());
         return $token;

diff --git a/tests/symfony/functional/Attestation/AdditionalAuthenticatorTest.php b/tests/symfony/functional/Attestation/AdditionalAuthenticatorTest.php
@@ -185,7 +185,9 @@ private function logIn(): void
             100,
             null,
             $firewallName,
-            $user->getRoles()
+            $user->getRoles(),
+            true,
+            true
         );
         $token->setUser($user);