Don't fail on authenticatorAttachment in PublicKeyCredential JSON

emlun · emlun · commit 800d0c553c36 · 2022-03-25T16:45:46.000+01:00
diff --git a/NEWS b/NEWS
@@ -1,3 +1,11 @@
+== Version 1.12.3 (unreleased) ==
+
+Fixes:
+
+* Fixed `PublicKeyCredential` failing to parse from JSON if an
+  `"authenticatorAttachment"` attribute was present.
+
+
 == Version 1.12.2 ==
 
 Fixes:
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java
@@ -25,6 +25,7 @@
 package com.yubico.webauthn.data;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.yubico.internal.util.JacksonCodecs;
@@ -45,6 +46,7 @@
  */
 @Value
 @Builder(toBuilder = true)
+@JsonIgnoreProperties({"authenticatorAttachment"})
 public class PublicKeyCredential<
     A extends AuthenticatorResponse, B extends ClientExtensionOutputs> {
 
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala
@@ -47,6 +47,8 @@ import com.yubico.webauthn.extension.appid.AppId
 import com.yubico.webauthn.extension.appid.Generators._
 import org.junit.runner.RunWith
 import org.scalacheck.Arbitrary
+import org.scalacheck.Arbitrary.arbitrary
+import org.scalacheck.Gen
 import org.scalatest.FunSpec
 import org.scalatest.Matchers
 import org.scalatestplus.junit.JUnitRunner
@@ -362,6 +364,44 @@ class JsonIoSpec
         ]]() {}
       )
     }
+
+    it("allows and ignores an authenticatorAttachment attribute.") {
+      def test[P <: PublicKeyCredential[_, _]](tpe: TypeReference[P])(implicit
+          a: Arbitrary[P]
+      ): Unit = {
+        forAll(
+          a.arbitrary,
+          Gen.oneOf(
+            arbitrary[AuthenticatorAttachment].map(_.toJsonString),
+            arbitrary[String],
+          ),
+        ) { (value: P, authenticatorAttachment: String) =>
+          val tree: ObjectNode = json.valueToTree(value)
+          tree.set(
+            "authenticatorAttachment",
+            new TextNode(authenticatorAttachment),
+          )
+          val encoded = json.writeValueAsString(tree)
+          println(authenticatorAttachment)
+          val decoded = json.readValue(encoded, tpe)
+
+          decoded should equal(value)
+        }
+      }
+
+      test(
+        new TypeReference[PublicKeyCredential[
+          AuthenticatorAssertionResponse,
+          ClientAssertionExtensionOutputs,
+        ]]() {}
+      )
+      test(
+        new TypeReference[PublicKeyCredential[
+          AuthenticatorAttestationResponse,
+          ClientRegistrationExtensionOutputs,
+        ]]() {}
+      )
+    }
   }
 
   describe("The class PublicKeyCredentialCreationOptions") {
