Skip to content

Commit

Permalink
Release 2.5.2
Browse files Browse the repository at this point in the history
Fixes:

- Allow unknown properties in `credProps` client extension output.
  • Loading branch information
emlun committed Apr 22, 2024
2 parents a3698be + 821e211 commit fed0930
Show file tree
Hide file tree
Showing 7 changed files with 89 additions and 63 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/release-verify-signatures.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:

strategy:
matrix:
java: ["17.0.7"]
java: ["17.0.10"]
distribution: [temurin, zulu, microsoft]

steps:
Expand Down
7 changes: 7 additions & 0 deletions NEWS
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
== Version 2.5.2 ==

Fixes:

* Allow unknown properties in `credProps` client extension output.


== Version 2.5.1 ==

Changes:
Expand Down
110 changes: 55 additions & 55 deletions README

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,15 @@
import java.util.Set;

public interface ExtensionOutputs {
/** Returns a {@link Set} of the extension IDs for which an extension output is present. */
/**
* Returns a {@link Set} of recognized extension IDs for which an extension output is present.
*
* <p>This only includes extension identifiers recognized by the java-webauthn-server library.
* Recognized extensions can be found as the properties of {@link
* ClientRegistrationExtensionOutputs} for registration ceremonies, and {@link
* ClientAssertionExtensionOutputs} for authentication ceremonies. Unknown extension identifiers
* are silently ignored.
*/
@JsonIgnore
Set<String> getExtensionIds();
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package com.yubico.webauthn.data;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonValue;
import com.upokecenter.cbor.CBORObject;
Expand Down Expand Up @@ -63,6 +64,7 @@ public static class CredentialProperties {
* Credential Properties Extension (credProps)</a>
*/
@Value
@JsonIgnoreProperties(ignoreUnknown = true)
public static class CredentialPropertiesOutput {
@JsonProperty("rk")
private final Boolean rk;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -258,12 +258,21 @@ class RelyingPartyRegistrationSpec
},
"clientExtensionResults": {
"appidExclude": true,
"org.example.foo": "bar"
"org.example.foo": "bar",
"credProps": {
"rk": false,
"authenticatorDisplayName": "My passkey",
"unknownProperty": ["unknown-value"]
}
}
}""")
pkc.getClientExtensionResults.getExtensionIds should contain(
"appidExclude"
)
pkc.getClientExtensionResults.getExtensionIds should contain(
"credProps"
)
pkc.getClientExtensionResults.getExtensionIds should not contain ("org.example.foo")
}
}

Expand Down
10 changes: 5 additions & 5 deletions webauthn-server-demo/README
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ layer.
This layer manages the general architecture of the system, and is where most
business logic and integration code would go. The demo server implements the
"persistent" storage of users and credential registrations - the
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.1/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.2/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
integration point - as the
link:src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`]
class, which simply keeps them stored in memory for a limited time. The
Expand All @@ -58,7 +58,7 @@ would be specific to a particular Relying Party (RP) would go in this layer.
- The server layer in turn calls the *library layer*, which is where the
link:../webauthn-server-core/[`webauthn-server-core`]
library gets involved. The entry point into the library is the
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.1/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.2/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
class.
+
This layer implements the Web Authentication
Expand All @@ -69,11 +69,11 @@ and exposes integration points for storage of challenges and credentials. Some
notable integration points are:
+
** The library user must provide an implementation of the
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.1/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.2/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
interface to use for looking up stored public keys, user handles and signature
counters.
** The library user can optionally provide an instance of the
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.1/com/yubico/webauthn/attestation/AttestationTrustSource.html[`AttestationTrustSource`]
link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.5.2/com/yubico/webauthn/attestation/AttestationTrustSource.html[`AttestationTrustSource`]
interface to enable identification and validation of authenticator models. This
instance is then used to look up trusted attestation root certificates. The
link:../webauthn-server-attestation/[`webauthn-server-attestation`]
Expand Down Expand Up @@ -158,7 +158,7 @@ correct environment.
Authentication demo'`

- `YUBICO_WEBAUTHN_USE_FIDO_MDS`: If set to `true` (case-insensitive), use
https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-attestation/2.5.1/com/yubico/fido/metadata/FidoMetadataService.html[`FidoMetadataService`]
https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-attestation/2.5.2/com/yubico/fido/metadata/FidoMetadataService.html[`FidoMetadataService`]
from the link:../webauthn-server-attestation[`webauthn-server-attestation`]
module as a source of attestation data in addition to the static JSON file
bundled with the demo. This will write cache files to the
Expand Down

1 comment on commit fed0930

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mutation test results

Package Coverage Stats Prev Prev
Overall 81 % 🔻 1285 🔻 / 1583 🔻 81 % 1368 / 1669
com.yubico.fido.metadata 69 % 🟢 225 🔺 / 323 🔹 68 % 222 / 323
com.yubico.internal.util 47 % 🟢 57 🔹 / 120 🔻 46 % 57 / 123
com.yubico.webauthn 86 % 🔻 570 🔻 / 656 🔻 88 % 647 / 733
com.yubico.webauthn.attestation 92 % 🔹 13 🔹 / 14 🔹 92 % 13 / 14
com.yubico.webauthn.data 93 % 🔻 395 🔻 / 423 🔻 94 % 404 / 429
com.yubico.webauthn.extension.appid 100 % 🏆 13 🔹 / 13 🔹 100 % 13 / 13
com.yubico.webauthn.extension.uvm 50 % 🔹 12 🔹 / 24 🔹 50 % 12 / 24
com.yubico.webauthn.meta 0 % 🔹 0 🔹 / 10 🔹 0 % 0 / 10

Previous run: c0145d9 - Diff

Detailed reports: workflow run #269

Please sign in to comment.