feat: update dependencies, use php 8.2 and fix webauthn (#7251)

This commit is contained in:
Alexis Saettler
2024-05-02 12:44:13 +02:00
committed by GitHub
parent deaecec7f1
commit b2156909b8
14 changed files with 2723 additions and 2117 deletions
+2 -2
View File
@@ -12,8 +12,8 @@ on:
types: [completed]
env:
php-version: '8.1'
node-version: 18
php-version: '8.2'
node-version: 20
concurrency:
group: Build ${{ github.ref }}
+2 -2
View File
@@ -5,7 +5,7 @@ on:
types: [labeled, opened, synchronize, reopened]
env:
node-version: 18
node-version: 20
concurrency:
group: Cypress tests ${{ github.ref }}
@@ -20,7 +20,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php-version: ['8.1']
php-version: ['8.2']
browser: [chrome]
containers: [1, 2, 3, 4, 5, 6, 7, 8]
+2 -2
View File
@@ -14,8 +14,8 @@ on:
workflow_dispatch:
env:
php-version: '8.1'
node-version: 18
php-version: '8.2'
node-version: 20
concurrency:
group: Deploy ${{ github.ref }}
+4 -3
View File
@@ -6,8 +6,8 @@ on:
- main
env:
php-version: '8.1'
node-version: 18
php-version: '8.2'
node-version: 20
concurrency:
group: Docker ${{ github.ref }}
@@ -32,7 +32,8 @@ jobs:
uses: crazy-max/ghaction-docker-meta@v4
with:
images: ghcr.io/monicahq/monica
tag-sha: true
tags: |
type=sha
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
+1 -1
View File
@@ -26,7 +26,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php-version: ['8.1']
php-version: ['8.2']
connection: [mysql]
steps:
+3 -3
View File
@@ -13,9 +13,9 @@ on:
workflow_dispatch:
env:
php-version: '8.1'
build-node-version: 18
semantic-node-version: 18
php-version: '8.2'
build-node-version: 20
semantic-node-version: 20
jobs:
####################
+67 -67
View File
@@ -1,82 +1,82 @@
name: Static analysis
# name: Static analysis
on:
pull_request:
types: [opened, synchronize, reopened]
# on:
# pull_request:
# types: [opened, synchronize, reopened]
workflow_run:
workflows: ['Compress images']
types: [completed]
# workflow_run:
# workflows: ['Compress images']
# types: [completed]
env:
php-version: '8.1'
# env:
# php-version: '8.2'
concurrency:
group: Static analysis ${{ github.ref }}
cancel-in-progress: true
# concurrency:
# group: Static analysis ${{ github.ref }}
# cancel-in-progress: true
jobs:
psalm:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
# jobs:
# psalm:
# runs-on: ubuntu-latest
# steps:
# - name: Checkout sources
# uses: actions/checkout@v4
- name: Setup PHP ${{ env.php-version }}
uses: shivammathur/setup-php@v2
with:
php-version: ${{ env.php-version }}
extensions: redis
coverage: none
# - name: Setup PHP ${{ env.php-version }}
# uses: shivammathur/setup-php@v2
# with:
# php-version: ${{ env.php-version }}
# extensions: redis
# coverage: none
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer files
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
${{ runner.os }}-composer-${{ env.php-version }}
${{ runner.os }}-composer-
# - name: Get Composer Cache Directory
# id: composer-cache
# run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
# - name: Cache composer files
# uses: actions/cache@v3
# with:
# path: ${{ steps.composer-cache.outputs.dir }}
# key: ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
# restore-keys: |
# ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
# ${{ runner.os }}-composer-${{ env.php-version }}
# ${{ runner.os }}-composer-
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
# - name: Install dependencies
# run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
- name: Run psalm
run: vendor/bin/psalm --output-format=github
# - name: Run psalm
# run: vendor/bin/psalm --output-format=github
phpstan:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
# phpstan:
# runs-on: ubuntu-latest
# steps:
# - name: Checkout sources
# uses: actions/checkout@v4
- name: Setup PHP ${{ env.php-version }}
uses: shivammathur/setup-php@v2
with:
php-version: ${{ env.php-version }}
extensions: redis
coverage: none
# - name: Setup PHP ${{ env.php-version }}
# uses: shivammathur/setup-php@v2
# with:
# php-version: ${{ env.php-version }}
# extensions: redis
# coverage: none
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer files
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
${{ runner.os }}-composer-${{ env.php-version }}
${{ runner.os }}-composer-
# - name: Get Composer Cache Directory
# id: composer-cache
# run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
# - name: Cache composer files
# uses: actions/cache@v3
# with:
# path: ${{ steps.composer-cache.outputs.dir }}
# key: ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
# restore-keys: |
# ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
# ${{ runner.os }}-composer-${{ env.php-version }}
# ${{ runner.os }}-composer-
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
# - name: Install dependencies
# run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
- name: Run phpstan
run: vendor/bin/phpstan analyse
# - name: Run phpstan
# run: vendor/bin/phpstan analyse
+4 -4
View File
@@ -14,8 +14,8 @@ on:
types: [completed]
env:
default-php-version: '8.1'
node-version: 18
default-php-version: '8.2'
node-version: 20
concurrency:
group: Unit tests ${{ github.ref }}
@@ -32,7 +32,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php-version: ['8.1']
php-version: ['8.2']
connection: [mysql]
testsuite: [Api, Feature, Commands-Other, Commands-Scheduling, Unit-Models, Unit-Services]
# exclude:
@@ -152,7 +152,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php-version: ['8.1']
php-version: ['8.2']
connection: [mysql]
steps:
+2 -2
View File
@@ -16,7 +16,7 @@
"ext-intl": "*",
"ext-redis": "*",
"asbiin/laravel-adorable": "^1.0",
"asbiin/laravel-webauthn": "^3.0",
"asbiin/laravel-webauthn": "^4.0",
"bacon/bacon-qr-code": "^2.0",
"creativeorange/gravatar": "^1.0",
"doctrine/dbal": "^3.0",
@@ -31,7 +31,7 @@
"laravel/socialite": "^5.0",
"laravel/ui": "^4.0",
"laravolt/avatar": "^4.0",
"lcobucci/clock": "3.0.0",
"lcobucci/clock": "^3.0.0",
"league/flysystem-aws-s3-v3": "^3.0",
"mariuzzo/laravel-js-localization": "^1.7",
"matriphe/iso-639": "^1.0",
Generated
+2461 -1930
View File
File diff suppressed because it is too large Load Diff
+163 -82
View File
@@ -1,5 +1,7 @@
<?php
use LaravelWebauthn\Models\WebauthnKey;
return [
/*
@@ -15,12 +17,53 @@ return [
/*
|--------------------------------------------------------------------------
| Route Middleware
| Webauthn Guard
|--------------------------------------------------------------------------
|
| These middleware will be assigned to Webauthn routes, giving you
| the chance to add your own middleware to this list or change any of
| the existing middleware. Or, you can simply stick with this list.
| Here you may specify which authentication guard Webauthn will use while
| authenticating users. This value should correspond with one of your
| guards that is already present in your "auth" configuration file.
|
*/
'guard' => 'web',
/*
|--------------------------------------------------------------------------
| Username / Email
|--------------------------------------------------------------------------
|
| This value defines which model attribute should be considered as your
| application's "username" field. Typically, this might be the email
| address of the users but you are free to change this value here.
|
*/
'username' => 'email',
/*
|--------------------------------------------------------------------------
| Webauthn Routes Prefix / Subdomain
|--------------------------------------------------------------------------
|
| Here you may specify which prefix Webauthn will assign to all the routes
| that it registers with the application. If necessary, you may change
| subdomain under which all of the Webauthn routes will be available.
|
*/
'prefix' => 'webauthn',
'domain' => null,
/*
|--------------------------------------------------------------------------
| Webauthn Routes Middleware
|--------------------------------------------------------------------------
|
| Here you may specify which middleware Webauthn will assign to the routes
| that it registers with the application. If necessary, you may change
| these middleware but typically this provided default is preferred.
|
*/
@@ -32,74 +75,80 @@ return [
/*
|--------------------------------------------------------------------------
| Prefix path
| Webauthn key model
|--------------------------------------------------------------------------
|
| The uri prefix for all webauthn requests.
| Here you may specify the model used to create Webauthn keys.
|
*/
'prefix' => 'webauthn',
'model' => WebauthnKey::class,
'authenticate' => [
/*
|--------------------------------------------------------------------------
| View to load after middleware login request.
|--------------------------------------------------------------------------
|
| The name of blade template to load whe a user login and it request to validate
| the Webauthn 2nd factor.
|
*/
'view' => 'auth.validatewebauthn',
/*
|--------------------------------------------------------------------------
| Rate Limiting
|--------------------------------------------------------------------------
|
| By default, Laravel Webauthn will throttle logins to five requests per
| minute for every email and IP address combination. However, if you would
| like to specify a custom rate limiter to call then you may specify it here.
|
*/
/*
|--------------------------------------------------------------------------
| Redirect with callback url after login.
|--------------------------------------------------------------------------
|
| Save the destination url, then after a succesful login, redirect to this
| url.
|
*/
'postSuccessCallback' => false,
/*
|--------------------------------------------------------------------------
| Redirect route
|--------------------------------------------------------------------------
|
| The route to redirect to after login request is complete.
| Default: empty, for let the client side redirection.
|
*/
'postSuccessRedirectRoute' => '',
'limiters' => [
'login' => null,
],
'register' => [
/*
|--------------------------------------------------------------------------
| View to load on register request.
|--------------------------------------------------------------------------
|
| The name of blade template to load whe a user request a creation of
| Webauthn key.
|
*/
'view' => '',
/*
|--------------------------------------------------------------------------
| Redirect routes
|--------------------------------------------------------------------------
|
| When using navigation, redirects to these url on success:
| - login: after a successfull login.
| - register: after a successfull Webauthn key creation.
|
| Redirects are not used in case of application/json requests.
|
*/
/*
|--------------------------------------------------------------------------
| Redirect route
|--------------------------------------------------------------------------
|
| The route to redirect to after register key request is complete.
| Default: empty, for let the client side redirection.
|
*/
'postSuccessRedirectRoute' => '',
'redirects' => [
'login' => '/dashboard',
'register' => '/settings/security',
],
/*
|--------------------------------------------------------------------------
| View to load after middleware login request.
|--------------------------------------------------------------------------
|
| The name of blade template to load:
| - authenticate: when a user login, and has to validate Webauthn 2nd factor.
| - register: when a user request to create a Webauthn key.
|
| If the views are empty or null, then the route will not be registered.
|
*/
'views' => [
'authenticate' => 'auth.validatewebauthn',
'register' => null,
],
/*
|--------------------------------------------------------------------------
| Webauthn logging
|--------------------------------------------------------------------------
|
| Here you may specify the channel to which Webauthn will log messages.
| This value should correspond with one of your loggers that is already
| present in your "logging" configuration file. If left as null, it will
| use the default logger for the application.
|
*/
'log' => null,
/*
|--------------------------------------------------------------------------
| Session name
@@ -109,7 +158,7 @@ return [
|
*/
'sessionName' => 'webauthn_auth',
'session_name' => 'webauthn_auth',
/*
|--------------------------------------------------------------------------
@@ -155,7 +204,7 @@ return [
|
*/
'icon' => null,
'icon' => env('WEBAUTHN_ICON'),
/*
|--------------------------------------------------------------------------
@@ -164,11 +213,12 @@ return [
|
| This parameter specify the preference regarding the attestation conveyance
| during credential generation.
| See https://www.w3.org/TR/webauthn/#attestation-convey
| See https://www.w3.org/TR/webauthn/#enum-attestation-convey
|
| Supported: "none", "indirect", "direct", "enterprise".
*/
'attestation_conveyance' => \Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
'attestation_conveyance' => 'none',
/*
|--------------------------------------------------------------------------
@@ -187,39 +237,70 @@ return [
| Webauthn Public Key Credential Parameters
|--------------------------------------------------------------------------
|
| List of allowed algorithms and key types.
| It must contains at least one element.
| List of allowed Cryptographic Algorithm Identifier.
| See https://www.w3.org/TR/webauthn/#sctn-alg-identifier
|
*/
'public_key_credential_parameters' => [
\Cose\Algorithms::COSE_ALGORITHM_ES256,
\Cose\Algorithms::COSE_ALGORITHM_RS256,
\Cose\Algorithms::COSE_ALGORITHM_ES256, // ECDSA with SHA-256
\Cose\Algorithms::COSE_ALGORITHM_ES512, // ECDSA with SHA-512
\Cose\Algorithms::COSE_ALGORITHM_RS256, // RSASSA-PKCS1-v1_5 with SHA-256
\Cose\Algorithms::COSE_ALGORITHM_EDDSA, // EDDSA
\Cose\Algorithms::COSE_ALGORITHM_ES384, // ECDSA with SHA-384
],
/*
|--------------------------------------------------------------------------
| Webauthn Authenticator Selection Criteria
| Credentials Attachment.
|--------------------------------------------------------------------------
|
| Requirement for the creation operation.
| See https://www.w3.org/TR/webauthn/#authenticatorSelection
| Authentication can be tied to the current device (like when using Windows
| Hello or Touch ID) or a cross-platform device (like USB Key). When this
| is "null" the user will decide where to store his authentication info.
|
| See https://www.w3.org/TR/webauthn/#enum-attachment
|
| Supported: "null", "cross-platform", "platform".
|
*/
'authenticator_selection_criteria' => [
'attachment_mode' => null,
/*
| See https://www.w3.org/TR/webauthn/#attachment
*/
'attachment_mode' => \Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE,
/*
|--------------------------------------------------------------------------
| User presence and verification
|--------------------------------------------------------------------------
|
| Most authenticators and smartphones will ask the user to actively verify
| themselves for log in. Use "required" to always ask verify, "preferred"
| to ask when possible, and "discouraged" to just ask for user presence.
|
| See https://www.w3.org/TR/webauthn/#enum-userVerificationRequirement
|
| Supported: "required", "preferred", "discouraged".
|
*/
'require_resident_key' => false,
'user_verification' => 'preferred',
/*
| See https://www.w3.org/TR/webauthn/#userVerificationRequirement
*/
'user_verification' => \Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED,
],
/*
|--------------------------------------------------------------------------
| Userless (One touch, Typeless) login
|--------------------------------------------------------------------------
|
| By default, users must input their email to receive a list of credentials
| ID to use for authentication, but they can also login without specifying
| one if the device can remember them, allowing for true one-touch login.
|
| If required or preferred, login verification will be always required.
|
| See https://www.w3.org/TR/webauthn/#enum-residentKeyRequirement
|
| Supported: "null", "required", "preferred", "discouraged".
|
*/
'userless' => null,
];
+1 -1
View File
@@ -35,7 +35,7 @@
"composer update": "COMPOSER_MEMORY_LIMIT=-1 composer update"
},
"engines": {
"node": "18.x",
"node": "20.x",
"yarn": "1.22.x"
},
"devDependencies": {
@@ -296,7 +296,7 @@ export default {
startRegister() {
var self = this;
this.errorMessage = '';
axios.get('webauthn/register')
axios.post('webauthn/keys/options')
.then(response => {
if (self.registerTab === '2') {
var data = response.data.publicKey;
@@ -319,16 +319,15 @@ export default {
webauthnRegisterCallback(data, redirect) {
var self = this;
axios.post('webauthn/register', {
register: JSON.stringify(data),
axios.post('webauthn/keys', {
...data,
name: self.keyName,
}).then(response => {
self.success = true;
self.notify(self.$t('settings.webauthn_success'), true);
self.currentkeys.push({
id: response.data.id,
name: response.data.name,
counter: response.data.counter,
id: response.result.id,
name: response.result.name,
});
}).then(response => {
if (redirect) {
@@ -346,7 +345,7 @@ export default {
webauthnLoginCallback(data) {
var self = this;
axios.post('webauthn/auth', {
data: JSON.stringify(data)
...data
}).then(response => {
self.success = true;
self.notify(self.$t('settings.webauthn_success'), true);
@@ -359,13 +358,11 @@ export default {
webauthnRemove(id) {
var self = this;
axios.delete('webauthn/'+id)
axios.delete('webauthn/keys/'+id)
.then(response => {
if (response.data.deleted === true) {
self.currentkeys.splice(self.currentkeys.indexOf(self.currentkeys.find(item => item.id === response.data.id)), 1);
self.success = true;
self.notify(self.$t('settings.webauthn_delete_success'), true);
}
self.currentkeys.splice(self.currentkeys.indexOf(self.currentkeys.find(item => item.id === response.data.id)), 1);
self.success = true;
self.notify(self.$t('settings.webauthn_delete_success'), true);
self.closeDeleteModal();
}).catch(error => {
self.errorMessage = error.response.data.message;
+1 -5
View File
@@ -442,12 +442,8 @@ class CardDAVTest extends ApiTestCase
$response->assertSee("<d:multistatus xmlns:d=\"DAV:\" xmlns:s=\"http://sabredav.org/ns\" xmlns:card=\"urn:ietf:params:xml:ns:carddav\" xmlns:cal=\"urn:ietf:params:xml:ns:caldav\" xmlns:cs=\"http://calendarserver.org/ns/\">
<d:response>
<d:status>HTTP/1.1 404 Not Found</d:status>
<d:href>/dav/addressbooks/{$user->email}/contacts/{$contact->uuid}.vcf</d:href>
<d:propstat>
<d:prop/>
<d:status>HTTP/1.1 418 I'm a teapot</d:status>
</d:propstat>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:response>
<d:sync-token>http://sabre.io/ns/sync/{$token->id}</d:sync-token>
</d:multistatus>", false);