Ceremony steps (#513)

Ceremony steps

Makefile

@@ -4,7 +4,7 @@ mu: vendor ## Mutation tests
 
 .PHONY: tests
 tests: vendor ## Run all tests
-	vendor/bin/phpunit  --color
+	bin/phpunit  --color
 	yarn test
 
 .PHONY: cc
@@ -15,18 +15,6 @@ cc: vendor ## Show test coverage rates (HTML)
 cs: vendor ## Fix all files using defined ECS rules
 	vendor/bin/ecs check --fix
 
-.PHONY: tu
-tu: vendor ## Run only unit tests
-	vendor/bin/phpunit --color --group Unit
-
-.PHONY: ti
-ti: vendor ## Run only integration tests
-	vendor/bin/phpunit --color --group Integration
-
-.PHONY: tf
-tf: vendor ## Run only functional tests
-	vendor/bin/phpunit --color --group Functional
-
 .PHONY: st
 st: vendor ## Run static analyse
 	XDEBUG_MODE=off vendor/bin/phpstan analyse

RELEASES.md

@@ -13,10 +13,8 @@ Such releases will be considered as "pre-releases".
 ## Minor Release Support Matrix
 
 | Version | Supported          |
-|---------|--------------------|
+|---------| ------------------ |
+| 5.0.x   | :white_check_mark: |
 | 4.8.x   | :white_check_mark: |
 | 4.7.x   | :white_check_mark: |
-| 4.6.x   | :white_check_mark: |
-| <4.6.x  | :x:                |
-| 3.3.x   | :x:                |
-| < 3.3.x | :x:                |
+| <4.7.x  | :x:                |

bin/phpunit

@@ -0,0 +1,21 @@
+#!/usr/bin/env php
+<?php
+
+if (!ini_get('date.timezone')) {
+    ini_set('date.timezone', 'UTC');
+}
+
+
+if (is_file(dirname(__DIR__).'/vendor/phpunit/phpunit/phpunit')) {
+    define('PHPUNIT_COMPOSER_INSTALL', dirname(__DIR__).'/vendor/autoload.php');
+    require PHPUNIT_COMPOSER_INSTALL;
+
+exit((new \PHPUnit\TextUI\Application())->run($GLOBALS['argv']));
+} else {
+    if (!is_file(dirname(__DIR__).'/vendor/symfony/phpunit-bridge/bin/simple-phpunit.php')) {
+        echo "Unable to find the `simple-phpunit.php` script in `vendor/symfony/phpunit-bridge/bin/`.\n";
+        exit(1);
+    }
+
+    require dirname(__DIR__).'/vendor/symfony/phpunit-bridge/bin/simple-phpunit.php';
+}

composer.json

@@ -121,6 +121,7 @@
         "symfony/filesystem": "^6.1",
         "symfony/finder": "^6.1",
         "symfony/monolog-bundle": "^3.8",
+        "symfony/phpunit-bridge": "^6.3",
         "symfony/var-dumper": "^6.1",
         "symfony/yaml": "^6.1",
         "symplify/easy-coding-standard": "^12.0",

deptrac.yaml

@@ -42,7 +42,3 @@ parameters:
       - 'Vendors'
       - 'Webauthn'
       - 'MetadataService'
-  skip_violations:
-    Webauthn\Bundle\Service\AuthenticatorAssertionResponseValidator:
-      - Webauthn\Util\CoseSignatureFixer
-      - Webauthn\U2FPublicKey

package.json

@@ -25,7 +25,7 @@
         "babel-jest": "^29.0",
         "clean-css-cli": "^5.6.2",
         "eslint": "^8.1.0",
-        "eslint-config-prettier": "^8.0.0",
+        "eslint-config-prettier": "^9.0.0",
         "eslint-plugin-jest": "^27.0.0",
         "jest": "^29.0.0",
         "jest-environment-jsdom": "^29.0",

phpstan-baseline.neon

@@ -847,6 +847,16 @@ parameters:
             count: 1
             path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
 
+        -
+            message: "#^Parameter \\#3 \\$securedRpIds of method Webauthn\\\\Bundle\\\\DependencyInjection\\\\Factory\\\\Security\\\\WebauthnServicesFactory\\:\\:createAuthenticatorAssertionResponseValidator\\(\\) expects array\\<string\\>, mixed given\\.$#"
+            count: 1
+            path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
+
+        -
+            message: "#^Parameter \\#3 \\$securedRpIds of method Webauthn\\\\Bundle\\\\DependencyInjection\\\\Factory\\\\Security\\\\WebauthnServicesFactory\\:\\:createAuthenticatorAttestationResponseValidator\\(\\) expects array\\<string\\>, mixed given\\.$#"
+            count: 1
+            path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
+
         -
             message: "#^Parameter \\#4 \\$method of method Webauthn\\\\Bundle\\\\DependencyInjection\\\\Factory\\\\Security\\\\WebauthnFactory\\:\\:createResponseControllerAndRoute\\(\\) expects string, mixed given\\.$#"
             count: 2
@@ -917,11 +927,6 @@ parameters:
             count: 1
             path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
 
-        -
-            message: "#^Parameter \\#8 \\$securedRpIds of method Webauthn\\\\Bundle\\\\DependencyInjection\\\\Factory\\\\Security\\\\WebauthnFactory\\:\\:createAuthenticatorService\\(\\) expects array\\<string\\>, mixed given\\.$#"
-            count: 1
-            path: src/symfony/src/DependencyInjection/Factory/Security/WebauthnFactory.php
-
         -
             message: "#^Parameter \\#9 \\$failureHandlerId of method Webauthn\\\\Bundle\\\\DependencyInjection\\\\Factory\\\\Security\\\\WebauthnFactory\\:\\:createAssertionRequestControllerAndRoute\\(\\) expects string, mixed given\\.$#"
             count: 1
@@ -984,7 +989,7 @@ parameters:
 
         -
             message: "#^Cannot access offset 'secured_rp_ids' on mixed\\.$#"
-            count: 3
+            count: 2
             path: src/symfony/src/DependencyInjection/WebauthnExtension.php
 
         -
@@ -1054,7 +1059,7 @@ parameters:
             path: src/symfony/src/Doctrine/Type/AAGUIDDataType.php
 
         -
-            message: "#^Method Webauthn\\\\Bundle\\\\Doctrine\\\\Type\\\\AAGUIDDataType\\:\\:convertToPHPValue\\(\\) should return Symfony\\\\Component\\\\Uid\\\\AbstractUid\\|null but returns mixed\\.$#"
+            message: "#^Method Webauthn\\\\Bundle\\\\Doctrine\\\\Type\\\\AAGUIDDataType\\:\\:convertToPHPValue\\(\\) should return Symfony\\\\Component\\\\Uid\\\\Uuid\\|null but returns mixed\\.$#"
             count: 1
             path: src/symfony/src/Doctrine/Type/AAGUIDDataType.php
 
@@ -1159,14 +1164,6 @@ parameters:
             count: 1
             path: src/symfony/src/Resources/config/services.php
 
-        -
-            message: """
-                #^Fetching class constant class of deprecated class Webauthn\\\\TokenBinding\\\\TokenBindingHandler\\:
-                Since 4\\.3\\.0 and will be removed in 5\\.0\\.0$#
-            """
-            count: 2
-            path: src/symfony/src/Resources/config/services.php
-
         -
             message: """
                 #^Fetching class constant class of deprecated class Webauthn\\\\TokenBinding\\\\TokenBindingNotSupportedHandler\\:
@@ -1457,27 +1454,6 @@ parameters:
             count: 1
             path: src/symfony/src/Security/WebauthnFirewallConfig.php
 
-        -
-            message: "#^Parameter \\#1 \\$credentialId of class Webauthn\\\\Bundle\\\\Event\\\\AuthenticatorAssertionResponseValidationSucceededEvent constructor expects string, string\\|null given\\.$#"
-            count: 1
-            path: src/symfony/src/Service/AuthenticatorAssertionResponseValidator.php
-
-        -
-            message: """
-                #^Parameter \\$tokenBindingHandler of method Webauthn\\\\Bundle\\\\Service\\\\AuthenticatorAssertionResponseValidator\\:\\:__construct\\(\\) has typehint with deprecated interface Webauthn\\\\TokenBinding\\\\TokenBindingHandler\\:
-                Since 4\\.3\\.0 and will be removed in 5\\.0\\.0$#
-            """
-            count: 1
-            path: src/symfony/src/Service/AuthenticatorAssertionResponseValidator.php
-
-        -
-            message: """
-                #^Parameter \\$tokenBindingHandler of method Webauthn\\\\Bundle\\\\Service\\\\AuthenticatorAttestationResponseValidator\\:\\:__construct\\(\\) has typehint with deprecated interface Webauthn\\\\TokenBinding\\\\TokenBindingHandler\\:
-                Since 4\\.3\\.0 and will be removed in 5\\.0\\.0$#
-            """
-            count: 1
-            path: src/symfony/src/Service/AuthenticatorAttestationResponseValidator.php
-
         -
             message: """
                 #^Call to method create\\(\\) of deprecated class Webauthn\\\\AuthenticationExtensions\\\\AuthenticationExtensions\\:
@@ -2063,19 +2039,6 @@ parameters:
             count: 1
             path: src/webauthn/src/AuthenticationExtensions/AuthenticationExtensionsClientOutputsLoader.php
 
-        -
-            message: """
-                #^Call to deprecated method getTokenBinding\\(\\) of class Webauthn\\\\CollectedClientData\\:
-                Since 4\\.3\\.0 and will be removed in 5\\.0\\.0$#
-            """
-            count: 2
-            path: src/webauthn/src/AuthenticatorAssertionResponseValidator.php
-
-        -
-            message: "#^Parameter \\#1 \\$data of static method Cose\\\\Key\\\\Key\\:\\:create\\(\\) expects array\\<int\\|string, mixed\\>, array given\\.$#"
-            count: 1
-            path: src/webauthn/src/AuthenticatorAssertionResponseValidator.php
-
         -
             message: "#^Parameter \\$publicKeyCredentialSourceRepository of method Webauthn\\\\AuthenticatorAssertionResponseValidator\\:\\:__construct\\(\\) has typehint with deprecated interface Webauthn\\\\PublicKeyCredentialSourceRepository\\.$#"
             count: 1
@@ -2102,30 +2065,6 @@ parameters:
             count: 1
             path: src/webauthn/src/AuthenticatorAssertionResponseValidator.php
 
-        -
-            message: """
-                #^Call to deprecated method getTokenBinding\\(\\) of class Webauthn\\\\CollectedClientData\\:
-                Since 4\\.3\\.0 and will be removed in 5\\.0\\.0$#
-            """
-            count: 2
-            path: src/webauthn/src/AuthenticatorAttestationResponseValidator.php
-
-        -
-            message: """
-                #^Fetching deprecated class constant ATTESTATION_ECDAA of class Webauthn\\\\MetadataService\\\\Statement\\\\MetadataStatement\\:
-                since 4\\.2\\.0 and will be removed in 5\\.0\\.0\\. The ECDAA Trust Anchor does no longer exist in Webauthn specification\\.$#
-            """
-            count: 1
-            path: src/webauthn/src/AuthenticatorAttestationResponseValidator.php
-
-        -
-            message: """
-                #^Fetching deprecated class constant TYPE_ECDAA of class Webauthn\\\\AttestationStatement\\\\AttestationStatement\\:
-                since 4\\.2\\.0 and will be removed in 5\\.0\\.0\\. The ECDAA Trust Anchor does no longer exist in Webauthn specification\\.$#
-            """
-            count: 1
-            path: src/webauthn/src/AuthenticatorAttestationResponseValidator.php
-
         -
             message: "#^Parameter \\$publicKeyCredentialSourceRepository of method Webauthn\\\\AuthenticatorAttestationResponseValidator\\:\\:__construct\\(\\) has typehint with deprecated interface Webauthn\\\\PublicKeyCredentialSourceRepository\\.$#"
             count: 1
@@ -2195,6 +2134,22 @@ parameters:
             count: 1
             path: src/webauthn/src/AuthenticatorSelectionCriteria.php
 
+        -
+            message: """
+                #^Fetching deprecated class constant ATTESTATION_ECDAA of class Webauthn\\\\MetadataService\\\\Statement\\\\MetadataStatement\\:
+                since 4\\.2\\.0 and will be removed in 5\\.0\\.0\\. The ECDAA Trust Anchor does no longer exist in Webauthn specification\\.$#
+            """
+            count: 1
+            path: src/webauthn/src/CeremonyStep/CheckMetadataStatement.php
+
+        -
+            message: """
+                #^Fetching deprecated class constant TYPE_ECDAA of class Webauthn\\\\AttestationStatement\\\\AttestationStatement\\:
+                since 4\\.2\\.0 and will be removed in 5\\.0\\.0\\. The ECDAA Trust Anchor does no longer exist in Webauthn specification\\.$#
+            """
+            count: 1
+            path: src/webauthn/src/CeremonyStep/CheckMetadataStatement.php
+
         -
             message: """
                 #^Access to deprecated property \\$tokenBinding of class Webauthn\\\\CollectedClientData\\:
@@ -2635,6 +2590,16 @@ parameters:
             count: 1
             path: src/webauthn/src/PublicKeyCredentialSource.php
 
+        -
+            message: "#^Parameter \\#11 \\$backupEligible of static method Webauthn\\\\PublicKeyCredentialSource\\:\\:create\\(\\) expects bool\\|null, mixed given\\.$#"
+            count: 1
+            path: src/webauthn/src/PublicKeyCredentialSource.php
+
+        -
+            message: "#^Parameter \\#12 \\$backupStatus of static method Webauthn\\\\PublicKeyCredentialSource\\:\\:create\\(\\) expects bool\\|null, mixed given\\.$#"
+            count: 1
+            path: src/webauthn/src/PublicKeyCredentialSource.php
+
         -
             message: "#^Parameter \\#2 \\$type of static method Webauthn\\\\PublicKeyCredentialSource\\:\\:create\\(\\) expects string, mixed given\\.$#"
             count: 1

phpunit.xml.dist

@@ -5,7 +5,7 @@
     bootstrap="tests/bootstrap.php"
     colors="true"
     cacheDirectory=".phpunit.cache"
-    displayDetailsOnTestsThatTriggerWarnings="true"
+    displayDetailsOnTestsThatTriggerDeprecations="true"
 >
     <coverage />
     <testsuites>
@@ -20,7 +20,7 @@
         <server name="SHELL_VERBOSITY" value="-1"/>
         <server name="SYMFONY_PHPUNIT_REMOVE" value=""/>
         <server name="SYMFONY_PHPUNIT_VERSION" value="10.1"/>
-        <env name="SYMFONY_DEPRECATIONS_HELPER" value="weak"/>
+        <env name="SYMFONY_DEPRECATIONS_HELPER" value="max[self]=0"/>
         <env name="APP_DEBUG" value="true"/>
         <server name="KERNEL_CLASS" value="Webauthn\Tests\Bundle\Functional\AppKernel"/>
         <ini name="memory_limit" value="-1"/>

src/stimulus/assets/package.json

@@ -22,10 +22,10 @@
     },
     "peerDependencies": {
         "@hotwired/stimulus": "^3.0.0",
-        "@simplewebauthn/browser": "^7.0.0"
+        "@simplewebauthn/browser": "^8.0.0"
     },
     "devDependencies": {
         "@hotwired/stimulus": "^3.0.0",
-        "@simplewebauthn/browser": "^7.0.0"
+        "@simplewebauthn/browser": "^8.0.0"
     }
 }

src/symfony/src/Controller/AssertionControllerFactory.php

@@ -32,7 +32,7 @@ public function __construct(
         private readonly ValidatorInterface $validator,
         private readonly PublicKeyCredentialRequestOptionsFactory $publicKeyCredentialRequestOptionsFactory,
         private readonly PublicKeyCredentialLoader $publicKeyCredentialLoader,
-        private readonly AuthenticatorAssertionResponseValidator $attestationResponseValidator,
+        private readonly AuthenticatorAssertionResponseValidator $authenticatorAssertionResponseValidator,
         private readonly PublicKeyCredentialUserEntityRepositoryInterface $publicKeyCredentialUserEntityRepository,
         private readonly PublicKeyCredentialSourceRepository|PublicKeyCredentialSourceRepositoryInterface $publicKeyCredentialSourceRepository
     ) {
@@ -101,17 +101,18 @@ public function createAssertionResponseController(
     }
 
     /**
-     * @param string[] $securedRelyingPartyIds
+     * @param null|string[] $securedRelyingPartyIds
      */
     public function createResponseController(
         OptionsStorage $optionStorage,
         SuccessHandler $successHandler,
         FailureHandler|AuthenticationFailureHandlerInterface $failureHandler,
-        array $securedRelyingPartyIds
+        null|array $securedRelyingPartyIds = null,
+        null|AuthenticatorAssertionResponseValidator $authenticatorAssertionResponseValidator = null,
     ): AssertionResponseController {
         return new AssertionResponseController(
             $this->publicKeyCredentialLoader,
-            $this->attestationResponseValidator,
+            $authenticatorAssertionResponseValidator ?? $this->authenticatorAssertionResponseValidator,
             $this->logger,
             $optionStorage,
             $successHandler,

src/symfony/src/Controller/AssertionResponseController.php

@@ -24,7 +24,7 @@
 final class AssertionResponseController
 {
     /**
-     * @param string[] $securedRelyingPartyIds
+     * @param null|string[] $securedRelyingPartyIds
      */
     public function __construct(
         private readonly PublicKeyCredentialLoader $publicKeyCredentialLoader,
@@ -33,7 +33,7 @@ public function __construct(
         private readonly OptionsStorage $optionsStorage,
         private readonly SuccessHandler $successHandler,
         private readonly FailureHandler|AuthenticationFailureHandlerInterface $failureHandler,
-        private readonly array $securedRelyingPartyIds,
+        private readonly null|array $securedRelyingPartyIds = null,
         private readonly ?PublicKeyCredentialSourceRepositoryInterface $publicKeyCredentialSourceRepository = null
     ) {
     }

src/symfony/src/Controller/AttestationControllerFactory.php

@@ -76,36 +76,30 @@ public function createRequestController(
     }
 
     /**
-     * @param string[] $securedRelyingPartyIds
      * @deprecated since 4.5.0 and will be removed in 5.0.0. Please use createResponseController instead.
      * @infection-ignore-all
      */
     public function createAttestationResponseController(
         OptionsStorage $optionStorage,
         SuccessHandler $successHandler,
-        FailureHandler|AuthenticationFailureHandlerInterface $failureHandler,
-        array $securedRelyingPartyIds
+        FailureHandler|AuthenticationFailureHandlerInterface $failureHandler
     ): AttestationResponseController {
-        return $this->createResponseController(
-            $optionStorage,
-            $successHandler,
-            $failureHandler,
-            $securedRelyingPartyIds
-        );
+        return $this->createResponseController($optionStorage, $successHandler, $failureHandler);
     }
 
     /**
-     * @param string[] $securedRelyingPartyIds
+     * @param null|string[] $securedRelyingPartyIds
      */
     public function createResponseController(
         OptionsStorage $optionStorage,
         SuccessHandler $successHandler,
         FailureHandler|AuthenticationFailureHandlerInterface $failureHandler,
-        array $securedRelyingPartyIds
+        null|array $securedRelyingPartyIds = null,
+        null|AuthenticatorAttestationResponseValidator $attestationResponseValidator = null,
     ): AttestationResponseController {
         return new AttestationResponseController(
             $this->publicKeyCredentialLoader,
-            $this->attestationResponseValidator,
+            $attestationResponseValidator ?? $this->attestationResponseValidator,
             $this->publicKeyCredentialSourceRepository,
             $optionStorage,
             $successHandler,