From bdde9dd314c96c6460030aaba43a3452aa3b616d Mon Sep 17 00:00:00 2001 From: Ken Tandrian <60643640+KenTandrian@users.noreply.github.com> Date: Sun, 9 Mar 2025 03:33:47 +0700 Subject: [PATCH] Task/upgrade to simplewebauthn version 13.1 (#4407) * Upgrade to simplewebauthn version 13.1 * Update changelog --- CHANGELOG.md | 4 ++ apps/api/src/app/auth/web-auth.service.ts | 33 ++++++++------ .../src/app/services/web-authn.service.ts | 6 +-- package-lock.json | 43 +++++-------------- package.json | 5 +-- 5 files changed, 39 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c9bda697..c7006932f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## 2.144.0 - 2025-03-06 +### Changed + +- Upgraded `@simplewebauthn/browser` and `@simplewebauthn/server` from version `9.0` to `13.1` + ### Fixed - Fixed the missing import functionality on the non-empty activities page diff --git a/apps/api/src/app/auth/web-auth.service.ts b/apps/api/src/app/auth/web-auth.service.ts index 2f8dd1018..5678ef7fe 100644 --- a/apps/api/src/app/auth/web-auth.service.ts +++ b/apps/api/src/app/auth/web-auth.service.ts @@ -24,6 +24,7 @@ import { verifyRegistrationResponse, VerifyRegistrationResponseOpts } from '@simplewebauthn/server'; +import { isoBase64URL, isoUint8Array } from '@simplewebauthn/server/helpers'; import { AssertionCredentialJSON, @@ -54,10 +55,9 @@ export class WebAuthService { const opts: GenerateRegistrationOptionsOpts = { rpName: 'Ghostfolio', rpID: this.rpID, - userID: user.id, + userID: isoUint8Array.fromUTF8String(user.id), userName: '', timeout: 60000, - attestationType: 'indirect', authenticatorSelection: { authenticatorAttachment: 'platform', requireResidentKey: false, @@ -111,11 +111,17 @@ export class WebAuthService { where: { userId: user.id } }); if (registrationInfo && verified) { - const { counter, credentialID, credentialPublicKey } = registrationInfo; + const { + credential: { + counter, + id: credentialId, + publicKey: credentialPublicKey + } + } = registrationInfo; - let existingDevice = devices.find( - (device) => device.credentialId === credentialID - ); + let existingDevice = devices.find((device) => { + return isoBase64URL.fromBuffer(device.credentialId) === credentialId; + }); if (!existingDevice) { /** @@ -123,7 +129,7 @@ export class WebAuthService { */ existingDevice = await this.deviceService.createAuthDevice({ counter, - credentialId: Buffer.from(credentialID), + credentialId: Buffer.from(credentialId), credentialPublicKey: Buffer.from(credentialPublicKey), User: { connect: { id: user.id } } }); @@ -148,9 +154,8 @@ export class WebAuthService { const opts: GenerateAuthenticationOptionsOpts = { allowCredentials: [ { - id: device.credentialId, - transports: ['internal'], - type: 'public-key' + id: isoBase64URL.fromBuffer(device.credentialId), + transports: ['internal'] } ], rpID: this.rpID, @@ -187,10 +192,10 @@ export class WebAuthService { let verification: VerifiedAuthenticationResponse; try { const opts: VerifyAuthenticationResponseOpts = { - authenticator: { - credentialID: device.credentialId, - credentialPublicKey: device.credentialPublicKey, - counter: device.counter + credential: { + counter: device.counter, + id: isoBase64URL.fromBuffer(device.credentialId), + publicKey: device.credentialPublicKey }, expectedChallenge: `${user.authChallenge}`, expectedOrigin: this.expectedOrigin, diff --git a/apps/client/src/app/services/web-authn.service.ts b/apps/client/src/app/services/web-authn.service.ts index c5e186362..76352cb7b 100644 --- a/apps/client/src/app/services/web-authn.service.ts +++ b/apps/client/src/app/services/web-authn.service.ts @@ -45,7 +45,7 @@ export class WebAuthnService { return of(null); }), switchMap((attOps) => { - return startRegistration(attOps); + return startRegistration({ optionsJSON: attOps }); }), switchMap((credential) => { return this.http.post( @@ -89,8 +89,8 @@ export class WebAuthnService { { deviceId } ) .pipe( - switchMap((requestOptionsJSON) => { - return startAuthentication(requestOptionsJSON); + switchMap((optionsJSON) => { + return startAuthentication({ optionsJSON }); }), switchMap((credential) => { return this.http.post<{ authToken: string }>( diff --git a/package-lock.json b/package-lock.json index cfda8ce42..b03084f50 100644 --- a/package-lock.json +++ b/package-lock.json @@ -41,8 +41,8 @@ "@nestjs/schedule": "4.1.2", "@nestjs/serve-static": "4.0.2", "@prisma/client": "6.4.1", - "@simplewebauthn/browser": "9.0.1", - "@simplewebauthn/server": "9.0.3", + "@simplewebauthn/browser": "13.1.0", + "@simplewebauthn/server": "13.1.1", "@stripe/stripe-js": "5.4.0", "alphavantage": "2.2.0", "big.js": "6.2.2", @@ -120,7 +120,6 @@ "@nx/web": "20.3.2", "@nx/workspace": "20.3.2", "@schematics/angular": "19.0.6", - "@simplewebauthn/types": "9.0.1", "@storybook/addon-essentials": "8.4.7", "@storybook/addon-interactions": "8.4.7", "@storybook/angular": "8.4.7", @@ -9225,18 +9224,15 @@ } }, "node_modules/@simplewebauthn/browser": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-9.0.1.tgz", - "integrity": "sha512-wD2WpbkaEP4170s13/HUxPcAV5y4ZXaKo1TfNklS5zDefPinIgXOpgz1kpEvobAsaLPa2KeH7AKKX/od1mrBJw==", - "license": "MIT", - "dependencies": { - "@simplewebauthn/types": "^9.0.1" - } + "version": "13.1.0", + "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-13.1.0.tgz", + "integrity": "sha512-WuHZ/PYvyPJ9nxSzgHtOEjogBhwJfC8xzYkPC+rR/+8chl/ft4ngjiK8kSU5HtRJfczupyOh33b25TjYbvwAcg==", + "license": "MIT" }, "node_modules/@simplewebauthn/server": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-9.0.3.tgz", - "integrity": "sha512-FMZieoBosrVLFxCnxPFD9Enhd1U7D8nidVDT4MsHc6l4fdVcjoeHjDueeXCloO1k5O/fZg1fsSXXPKbY2XTzDA==", + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-13.1.1.tgz", + "integrity": "sha512-1hsLpRHfSuMB9ee2aAdh0Htza/X3f4djhYISrggqGe3xopNjOcePiSDkDDoPzDYaaMCrbqGP1H2TYU7bgL9PmA==", "license": "MIT", "dependencies": { "@hexagon/base64": "^1.1.27", @@ -9245,29 +9241,12 @@ "@peculiar/asn1-ecc": "^2.3.8", "@peculiar/asn1-rsa": "^2.3.8", "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "@simplewebauthn/types": "^9.0.1", - "cross-fetch": "^4.0.0" + "@peculiar/asn1-x509": "^2.3.8" }, "engines": { - "node": ">=16.0.0" - } - }, - "node_modules/@simplewebauthn/server/node_modules/cross-fetch": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.1.0.tgz", - "integrity": "sha512-uKm5PU+MHTootlWEY+mZ4vvXoCn4fLQxT9dSc1sXVMSFkINTJVN8cAQROpwcKm8bJ/c7rgZVIBWzH5T78sNZZw==", - "license": "MIT", - "dependencies": { - "node-fetch": "^2.7.0" + "node": ">=20.0.0" } }, - "node_modules/@simplewebauthn/types": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-9.0.1.tgz", - "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w==", - "license": "MIT" - }, "node_modules/@sinclair/typebox": { "version": "0.27.8", "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", diff --git a/package.json b/package.json index 4ca628470..ce4ce4f2a 100644 --- a/package.json +++ b/package.json @@ -87,8 +87,8 @@ "@nestjs/schedule": "4.1.2", "@nestjs/serve-static": "4.0.2", "@prisma/client": "6.4.1", - "@simplewebauthn/browser": "9.0.1", - "@simplewebauthn/server": "9.0.3", + "@simplewebauthn/browser": "13.1.0", + "@simplewebauthn/server": "13.1.1", "@stripe/stripe-js": "5.4.0", "alphavantage": "2.2.0", "big.js": "6.2.2", @@ -166,7 +166,6 @@ "@nx/web": "20.3.2", "@nx/workspace": "20.3.2", "@schematics/angular": "19.0.6", - "@simplewebauthn/types": "9.0.1", "@storybook/addon-essentials": "8.4.7", "@storybook/addon-interactions": "8.4.7", "@storybook/angular": "8.4.7",