Skip to content

Commit 129700d

Browse files
authored
Merge pull request from GHSA-v9hx-v6vf-g36j
Release 0.9.1
2 parents ad81ea0 + 8726269 commit 129700d

File tree

4 files changed

+18
-11
lines changed

4 files changed

+18
-11
lines changed

Diff for: README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ If you are using Maven, just add the webauthn4j-spring-security as a dependency:
2424
<properties>
2525
...
2626
<!-- Use the latest version whenever possible. -->
27-
<webauthn4j-spring-security.version>0.9.0.RELEASE</webauthn4j-spring-security.version>
27+
<webauthn4j-spring-security.version>0.9.1.RELEASE</webauthn4j-spring-security.version>
2828
...
2929
</properties>
3030

Diff for: gradle.properties

+2-2
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@
1313
# See the License for the specific language governing permissions and
1414
# limitations under the License.
1515
#
16-
webAuthn4JSpringSecurityVersion=0.9.1-SNAPSHOT
17-
latestReleasedWebAuthn4JSpringSecurityVersion=0.9.0.RELEASE
16+
webAuthn4JSpringSecurityVersion=0.9.1.RELEASE
17+
latestReleasedWebAuthn4JSpringSecurityVersion=0.9.1.RELEASE

Diff for: samples/spa/src/test/java/e2e/RegistrationAndAuthenticationE2ETest.java

+14-1
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
package e2e;
1818

19+
import com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService;
1920
import com.webauthn4j.springframework.security.webauthn.sample.SampleSPA;
2021
import e2e.page.AuthenticatorLoginComponent;
2122
import e2e.page.PasswordLoginComponent;
@@ -34,18 +35,24 @@
3435
import org.openqa.selenium.support.ui.WebDriverWait;
3536
import org.openqa.selenium.virtualauthenticator.HasVirtualAuthenticator;
3637
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
38+
import org.springframework.beans.factory.annotation.Autowired;
3739
import org.springframework.boot.test.context.SpringBootTest;
3840
import org.springframework.test.context.junit4.SpringRunner;
3941

4042
import java.time.Duration;
4143

44+
import static org.assertj.core.api.Assertions.assertThat;
45+
4246
@RunWith(SpringRunner.class)
4347
@SpringBootTest(classes = SampleSPA.class, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
4448
public class RegistrationAndAuthenticationE2ETest {
4549

4650
private WebDriver driver;
4751
private WebDriverWait wait;
4852

53+
@Autowired
54+
private WebAuthnAuthenticatorService webAuthnAuthenticatorService;
55+
4956
@BeforeClass
5057
public static void setupClassTest() {
5158
WebDriverManager.chromedriver().setup();
@@ -86,8 +93,10 @@ public void test() {
8693
signupComponent.waitRegisterClickable();
8794
signupComponent.clickRegister();
8895

89-
// Password authentication
9096
wait.until(ExpectedConditions.urlToBe("http://localhost:8080/angular/login"));
97+
long counterValueAtRegistrationPhase = webAuthnAuthenticatorService.loadAuthenticatorsByUserPrincipal("john.doe@example.com").get(0).getCounter();
98+
99+
// Password authentication
91100
PasswordLoginComponent passwordLoginComponent = new PasswordLoginComponent(driver);
92101
passwordLoginComponent.setUsername("john.doe@example.com");
93102
passwordLoginComponent.setPassword("password");
@@ -98,6 +107,10 @@ public void test() {
98107
// nop
99108

100109
wait.until(ExpectedConditions.urlToBe("http://localhost:8080/angular/profile"));
110+
long counterValueAtAuthenticationPhase = webAuthnAuthenticatorService.loadAuthenticatorsByUserPrincipal("john.doe@example.com").get(0).getCounter();
111+
112+
assertThat(counterValueAtAuthenticationPhase).isGreaterThan(counterValueAtRegistrationPhase);
113+
101114
ProfileComponent profileComponent = new ProfileComponent(driver);
102115

103116
}

Diff for: webauthn4j-spring-security-core/src/main/java/com/webauthn4j/springframework/security/WebAuthnAuthenticationProvider.java

+1-7
Original file line numberDiff line numberDiff line change
@@ -136,13 +136,7 @@ void doAuthenticate(WebAuthnAssertionAuthenticationToken authenticationToken, We
136136
);
137137
AuthenticationParameters authenticationParameters = new AuthenticationParameters(
138138
parameters.getServerProperty(),
139-
new AuthenticatorImpl(
140-
webAuthnAuthenticator.getAttestedCredentialData(),
141-
webAuthnAuthenticator.getAttestationStatement(),
142-
webAuthnAuthenticator.getCounter(),
143-
webAuthnAuthenticator.getTransports(),
144-
webAuthnAuthenticator.getClientExtensions(),
145-
webAuthnAuthenticator.getAuthenticatorExtensions()),
139+
webAuthnAuthenticator,
146140
null,
147141
parameters.isUserVerificationRequired(),
148142
parameters.isUserPresenceRequired()

0 commit comments

Comments
 (0)