Replaced public enums with string-based structs to be more resiliant against decoding unknown future values (#108)

Author: csalvador58

Sources/WebAuthn/Ceremonies/Authentication/PublicKeyCredentialRequestOptions.swift

@@ -70,20 +70,25 @@ public struct PublicKeyCredentialRequestOptions: Encodable, Sendable {
 public struct PublicKeyCredentialDescriptor: Equatable, Encodable, Sendable {
     /// Defines hints as to how clients might communicate with a particular authenticator in order to obtain an
     /// assertion for a specific credential
-    public enum AuthenticatorTransport: String, Equatable, Encodable, Sendable {
+    public struct AuthenticatorTransport: UnreferencedStringEnumeration, Sendable {
+        public var rawValue: String
+        public init(_ rawValue: String) {
+            self.rawValue = rawValue
+        }
+        
         /// Indicates the respective authenticator can be contacted over removable USB.
-        case usb
+        public static let usb: Self = "usb"
         /// Indicates the respective authenticator can be contacted over Near Field Communication (NFC).
-        case nfc
+        public static let nfc: Self = "nfc"
         /// Indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).
-        case ble
+        public static let ble: Self = "ble"
         /// Indicates the respective authenticator can be contacted using a combination of (often separate)
         /// data-transport and proximity mechanisms. This supports, for example, authentication on a desktop
         /// computer using a smartphone.
-        case hybrid
+        public static let hybrid: Self = "hybrid"
         /// Indicates the respective authenticator is contacted using a client device-specific transport, i.e., it is
         /// a platform authenticator. These authenticators are not removable from the client device.
-        case `internal`
+        public static let `internal`: Self = "internal"
     }
 
     /// Will always be ``CredentialType/publicKey``
@@ -124,13 +129,18 @@ public struct PublicKeyCredentialDescriptor: Equatable, Encodable, Sendable {
 
 /// The Relying Party may require user verification for some of its operations but not for others, and may use this
 /// type to express its needs.
-public enum UserVerificationRequirement: String, Encodable, Sendable {
+public struct UserVerificationRequirement: UnreferencedStringEnumeration, Sendable {
+    public var rawValue: String
+    public init(_ rawValue: String) {
+        self.rawValue = rawValue
+    }
+    
     /// The Relying Party requires user verification for the operation and will fail the overall ceremony if the
     /// user wasn't verified.
-    case required
+    public static let required: Self = "required"
     /// The Relying Party prefers user verification for the operation if possible, but will not fail the operation.
-    case preferred
+    public static let preferred: Self = "preferred"
     /// The Relying Party does not want user verification employed during the operation (e.g., in the interest of
     /// minimizing disruption to the user interaction flow).
-    case discouraged
+    public static let discouraged: Self = "discouraged"
 }

Sources/WebAuthn/Ceremonies/Authentication/VerifiedAuthentication.swift

@@ -15,9 +15,14 @@ import Foundation
 
 /// On successful authentication, this structure contains a summary of the authentication flow
 public struct VerifiedAuthentication: Sendable {
-    public enum CredentialDeviceType: String, Sendable {
-        case singleDevice = "single_device"
-        case multiDevice = "multi_device"
+    public struct CredentialDeviceType: UnreferencedStringEnumeration, Sendable {
+        public var rawValue: String
+        public init(_ rawValue: String) {
+            self.rawValue = rawValue
+        }
+        
+        public static let singleDevice: Self = "single_device"
+        public static let multiDevice: Self = "multi_device"
     }
 
     /// The credential id associated with the public key

Sources/WebAuthn/Ceremonies/Registration/AttestationConveyancePreference.swift

@@ -14,10 +14,15 @@
 /// Options to specify the Relying Party's preference regarding attestation conveyance during credential generation.
 ///
 /// Currently only supports `none`.
-public enum AttestationConveyancePreference: String, Encodable, Sendable {
+public struct AttestationConveyancePreference: UnreferencedStringEnumeration, Sendable {
+    public var rawValue: String
+    public init(_ rawValue: String) {
+        self.rawValue = rawValue
+    }
+    
     /// Indicates the Relying Party is not interested in authenticator attestation.
-    case none
-    // case indirect
-    // case direct
-    // case enterprise
+    public static let none: Self = "none"
+//    public static let indirect: Self = "indirect"
+//    public static let direct: Self = "direct"
+//    public static let enterprise: Self = "enterprise"
 }

Sources/WebAuthn/Ceremonies/Registration/AttestationFormat.swift

@@ -11,12 +11,17 @@
 //
 //===----------------------------------------------------------------------===//
 
-public enum AttestationFormat: String, RawRepresentable, Equatable, Sendable {
-    case packed
-    case tpm
-    case androidKey = "android-key"
-    case androidSafetynet = "android-safetynet"
-    case fidoU2F = "fido-u2f"
-    case apple
-    case none
+public struct AttestationFormat: UnreferencedStringEnumeration, Sendable {
+    public var rawValue: String
+    public init(_ rawValue: String) {
+        self.rawValue = rawValue
+    }
+    
+    public static let packed: Self = "packed"
+    public static let tpm: Self = "tpm"
+    public static let androidKey: Self = "android-key"
+    public static let androidSafetynet: Self = "android-safetynet"
+    public static let fidoU2F: Self = "fido-u2f"
+    public static let apple: Self = "apple"
+    public static let none: Self = "none"
 }

Sources/WebAuthn/Ceremonies/Registration/AuthenticatorAttestationResponse.swift

@@ -64,10 +64,10 @@ struct ParsedAuthenticatorAttestationResponse {
             throw WebAuthnError.invalidAuthData
         }
         guard let formatCBOR = decodedAttestationObject["fmt"],
-            case let .utf8String(format) = formatCBOR,
-            let attestationFormat = AttestationFormat(rawValue: format) else {
+            case let .utf8String(format) = formatCBOR else {
             throw WebAuthnError.invalidFmt
         }
+        let attestationFormat = AttestationFormat(format)
 
         guard let attestationStatement = decodedAttestationObject["attStmt"] else {
             throw WebAuthnError.missingAttStmt

Sources/WebAuthn/Ceremonies/Shared/CollectedClientData.swift

@@ -22,9 +22,14 @@ public struct CollectedClientData: Codable, Hashable, Sendable {
         case originDoesNotMatch
     }
 
-    public enum CeremonyType: String, Codable, Sendable {
-        case create = "webauthn.create"
-        case assert = "webauthn.get"
+    public struct CeremonyType: UnreferencedStringEnumeration, Sendable {
+        public var rawValue: String
+        public init(_ rawValue: String) {
+            self.rawValue = rawValue
+        }
+        
+        public static let create: Self = "webauthn.create"
+        public static let assert: Self = "webauthn.get"
     }
 
     /// Contains the string "webauthn.create" when creating new credentials,