Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade webauthn libs without breaking existing login #1338

Open
mathieuancelin opened this issue Dec 9, 2022 · 0 comments
Open

upgrade webauthn libs without breaking existing login #1338

mathieuancelin opened this issue Dec 9, 2022 · 0 comments
Labels
authentication priority/P1 soon roadmap-2024 size/M

Comments

@mathieuancelin
Copy link
Member

mathieuancelin commented Dec 9, 2022
edited

using

  "com.yubico"                       % "webauthn-server-core"                      % "2.1.0" excludeAll (excludesJackson: _*),
  "com.yubico"                       % "webauthn-server-attestation"               % "2.1.0" excludeAll (excludesJackson: _*),
  "com.yubico"                       % "yubico-util"                               % "2.1.0" excludeAll (excludesJackson: _*),
otoroshi-error-handler - Server Error Cannot construct instance of `com.yubico.webauthn.RegistrationResult`, problem: warnings is marked non-null but is null
root  at [Source: (String)"{"keyId":{"type":"public-key","id":"xxx","transports":[]},"aaguid":"AAAAAAAAAAAAAAAAAAAAAA","attestationTrusted":false,"attestationType":"NONE","publicKeyCose":"xxx","signatureCount":2,"clientExtensionOutputs":{"credProps":{}}}"; line: 1, column: 410] from 127.0.0.1 on POST https://otoroshi.oto.tools:9998/bo/webauthn/login/start
root com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of `com.yubico.webauthn.RegistrationResult`, problem: warnings is marked non-null but is null
root  at [Source: (String)"{"keyId":{"type":"public-key","id":"xxx","transports":[]},"aaguid":"AAAAAAAAAAAAAAAAAAAAAA","attestationTrusted":false,"attestationType":"NONE","publicKeyCose":"xxx","signatureCount":2,"clientExtensionOutputs":{"credProps":{}}}"; line: 1, column: 410]
root 	at com.fasterxml.jackson.databind.exc.ValueInstantiationException.from(ValueInstantiationException.java:47)
root 	at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:2047)
root 	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.wrapAsJsonMappingException(StdValueInstantiator.java:587)
root 	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.rewrapCtorProblem(StdValueInstantiator.java:610)
root 	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromObjectWith(StdValueInstantiator.java:293)
root 	at com.fasterxml.jackson.databind.deser.ValueInstantiator.createFromObjectWith(ValueInstantiator.java:288)
root 	at com.fasterxml.jackson.databind.deser.impl.PropertyBasedCreator.build(PropertyBasedCreator.java:202)
root 	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:519)
root 	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1405)
root 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:352)
root Caused by: java.lang.NullPointerException: warnings is marked non-null but is null
root 	at com.yubico.webauthn.RegistrationResult.<init>(RegistrationResult.java:124)
root 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
root 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
root 	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
root 	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
root 	at com.fasterxml.jackson.databind.introspect.AnnotatedConstructor.call(AnnotatedConstructor.java:128)
root 	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromObjectWith(StdValueInstantiator.java:291)
root 	at com.fasterxml.jackson.databind.deser.ValueInstantiator.createFromObjectWith(ValueInstantiator.java:288)
root 	at com.fasterxml.jackson.databind.deser.impl.PropertyBasedCreator.build(PropertyBasedCreator.java:202)
root 	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:519)

we need to upgrade to 2.2.0 which completely break the RegistrationResult model. We need to reimplement this properly like with https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java, https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/java/demo/webauthn/data/CredentialRegistration.java, https://github.com/Yubico/java-webauthn-server
@mathieuancelin mathieuancelin self-assigned this Dec 9, 2022
@mathieuancelin mathieuancelin changed the title Upgrade webauthn libs without breaking existing login upgrade webauthn libs without breaking existing login Dec 9, 2022
@mathieuancelin mathieuancelin removed their assignment Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
authentication priority/P1 soon roadmap-2024 size/M
Projects
Otoroshi - Roadmap 2024
Status: tasks
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mathieuancelin @ptitFicus