Skip to content

Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session #17223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session #17223

wants to merge 5 commits into from
+136 −15

Conversation

ltanguy
Copy link

@ltanguy ltanguy commented Jun 10, 2025

Replace comparison based on the != operator by an .equals() comparison based on the text value. The 2 objects have the same value in most setups, but not when used in conjunction with Spring Session for example, as the object in session is built for each request.

Fixes gh-17164

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 10, 2025
rwinch
rwinch requested changes Jun 17, 2025
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request! Can you please:

  • add a unit test for this change?
  • rebase this off the oldest version of the code that contains this bug so that it is fixed for older versions? We will merge the bug forward

@rwinch rwinch self-assigned this Jun 17, 2025
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: bug A general bug status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 17, 2025
@rwinch rwinch changed the title WebAuthn: Fix credential parameters conversion to WebAuthn4j object model when used with Spring Session Fix PublicKeyCredentialType.PUBLIC_KEY comparison with Spring Session Jun 17, 2025
@ltanguy
Copy link
Author

ltanguy commented Jul 21, 2025

Thanks for the feedback.
I rebased the branch on the oldest commit and added a unit test.
I also added a commit that makes all classes that are used by PublicKeyCredentialCreationOptions serializable, in order to be fully compatible with Spring Session that uses the Java object serializer by default.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jul 21, 2025
@ltanguy ltanguy force-pushed the patch-1 branch 2 times, most recently from 0e8afc9 to de31b62 Compare July 21, 2025 13:57
ltanguy added 4 commits July 21, 2025 16:02
@ltanguy
Fix credential parameters conversion to WebAuthn4j
c983df7 
Replace comparison with != operator by an .equals() comparison based on text value.
The 2 objects have the same value in most setups, but not when used in conjunction with Spring Session for example, as the object in session is built for each request

Signed-off-by: ltanguy <[email protected]>
Signed-off-by: Loeiz TANGUY <[email protected]>
@ltanguy
Makes all classes referenced in PublicKeyCredentialCreationOptions se…
55ec42e 
…rializable

Signed-off-by: Loeiz TANGUY <[email protected]>
@ltanguy
Add test
2a63705 
Signed-off-by: Loeiz TANGUY <[email protected]>
@ltanguy
Align serial version UID with main
Loading
Loading status checks…
32a3f41 
Signed-off-by: Loeiz TANGUY <[email protected]>
@ltanguy
Test clean up
Loading
Loading status checks…
030ccbc 
Signed-off-by: Loeiz TANGUY <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch

Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) status: feedback-provided Feedback has been provided type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

WebAuthn: credential registration fails with an unknown credential type error
3 participants
@ltanguy @rwinch @spring-projects-issues