webauthn-framework icon indicating copy to clipboard operation
webauthn-framework copied to clipboard

Published 20 hours ago verified publisher icon web-auth

WebauthnSerializerFactory cannot serialize PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions

Open mrpachara opened this issue 1 year ago • 1 comments

Version(s) affected

4.8.5

Description

I try to serialize PublicKeyCredentialCreationOptions by using WebauthnSerializerFactory then get error:

Symfony\Component\Serializer\Exception\NotEncodableValueException with message Malformed UTF-8 characters, possibly incorrectly encoded in sonEncode.php:52

But this doesn't happen when I use json_encode(). I think it comes from some of normalizers in serializer.

How to reproduce

Example code:

$serializer = (new WebauthnSerializerFactory($attestationStatementSupportManager))->create();

$publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
    $rpEntity,
    $userEntity,
    \random_bytes(16),
    authenticatorSelection: $authenticatorSelectionCriteria,
    attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
);

// Error
$json = $serializer->serialize(
    $publicKeyCredentialCreationOptions,
    'json',
    [
        JsonEncode::OPTIONS => \JSON_THROW_ON_ERROR,
    ],
);

// No error and can be deserialized
$json = \json_encode(
    $publicKeyCredentialCreationOptions,
    \JSON_THROW_ON_ERROR,
);
$result = $serializer->deserialize(
    $json,
    PublicKeyCredentialCreationOptions::class,
    'json',
);

But when I change \random_bytes(16) to '123456789012345', it works.

$publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
    $rpEntity,
    $userEntity,
    '123456789012345',
    authenticatorSelection: $authenticatorSelectionCriteria,
    attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
);

// No error
$json = $serializer->serialize(
    $publicKeyCredentialCreationOptions,
    'json',
    [
        JsonEncode::OPTIONS => \JSON_THROW_ON_ERROR,
    ],
);

I think the error comes from some of normalizers in serialize() process that change the value of challenge.

Possible Solution

No response

Additional Context

No response

mrpachara avatar Apr 10 '24 20:04 mrpachara

Hi,

Indeed, the serializer generated from the WebauthnSerializerFactory is only suitable for reading a JSON object, but not for generating it. It would be a nice addition though.

Spomky avatar Apr 19 '24 17:04 Spomky

Will be tagged 4.9.0

Spomky avatar Jun 30 '24 06:06 Spomky

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

github-actions[bot] avatar Aug 01 '24 06:08 github-actions[bot]