supertokens · tamassoltesz · Feb 28, 2025 · Dec 5, 2024 · Dec 5, 2024 · Dec 5, 2024
diff --git a/.github/helpers/Dockerfile b/.github/helpers/Dockerfile
@@ -34,7 +34,7 @@ RUN mkdir -p supertokens-core
 COPY ./ supertokens-core
 RUN echo "org.gradle.vfs.watch=false" >> ./gradle.properties
 RUN ./loadModules
-RUN ./utils/setupTestEnv --cicd
+RUN ./utils/setupTestEnv --local
 
 
 FROM debian:bookworm-slim
@@ -70,5 +70,5 @@ RUN echo "$(md5sum /usr/lib/supertokens/config.yaml | awk '{ print $1 }')" >> /C
 RUN ln -s /usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
 EXPOSE 3567
 USER "supertokens"
-CMD ["/usr/lib/supertokens/jre/bin/java", "-classpath", "/usr/lib/supertokens/core/*:/usr/lib/supertokens/plugin-interface/*:/usr/lib/supertokens/ee/*", "io.supertokens.Main", "/usr/lib/supertokens", "DEV", "host=0.0.0.0", "test_mode"]
+CMD ["/usr/lib/supertokens/jre/bin/java", "-classpath", "/usr/lib/supertokens/core/*:/usr/lib/supertokens/plugin-interface/*:/usr/lib/supertokens/ee/*", "io.supertokens.Main", "/usr/lib/supertokens", "DEV", "host=0.0.0.0", "test_mode", "tempDirLocation=/usr/lib/supertokens/temp", "configFile=/usr/lib/supertokens/temp/config.yaml"]
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
diff --git a/.github/workflows/publish-dev-docker.yml b/.github/workflows/publish-dev-docker.yml
@@ -5,7 +5,7 @@ on:
       - "**"
 jobs:
   docker:
-    runs-on: ubuntu-24.04-arm
+    runs-on: ubuntu-latest
     steps:
       - name: set tag
         id: set_tag
@@ -38,6 +38,5 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ vars.DOCKERHUB_USERNAME }}/supertokens-core:dev-branch-${{ steps.set_tag.outputs.TAG }}
+          tags: supertokens/supertokens-core:dev-branch-${{ steps.set_tag.outputs.TAG }}
           file: .github/helpers/Dockerfile
diff --git a/.gitignore b/.gitignore
@@ -47,4 +47,7 @@ local.properties
 *.iml
 ee/bin
 addDevTag
-addReleaseTag
+addReleaseTag
+
+install-linux.sh
+install-windows.bat
diff --git a/build.gradle b/build.gradle
@@ -73,6 +73,12 @@ dependencies {
     // https://mvnrepository.com/artifact/com.googlecode.libphonenumber/libphonenumber/
     implementation group: 'com.googlecode.libphonenumber', name: 'libphonenumber', version: '8.13.25'
 
+    // https://mvnrepository.com/artifact/com.webauthn4j/webauthn4j-core
+    implementation group: 'com.webauthn4j', name: 'webauthn4j-core', version: '0.28.5.RELEASE'
+
+    // https://mvnrepository.com/artifact/com.webauthn4j/webauthn4j-test
+    implementation group: 'com.webauthn4j', name: 'webauthn4j-test', version: '0.28.5.RELEASE'
+
     compileOnly project(":supertokens-plugin-interface")
     testImplementation project(":supertokens-plugin-interface")
 
@@ -86,7 +92,6 @@ dependencies {
     testImplementation group: 'org.reflections', name: 'reflections', version: '0.9.10'
 
     testImplementation 'com.tngtech.archunit:archunit-junit4:0.22.0'
-
 }
 
 application {

diff --git a/config.yaml b/config.yaml
@@ -174,3 +174,7 @@ core_config_version: 0
 # (DIFFERENT_ACROSS_APPS | OPTIONAL | Default: number of available processor cores) int value. If specified,
 # the supertokens core will use the specified number of threads to complete the migration of users.
 # bulk_migration_parallelism:
+
+# (DIFFERENT_ACROSS_APPS | OPTIONAL | Default: 300000) long value. Time in milliseconds for how long a webauthn
+# account recovery token is valid for.
+# webauthn_recover_account_token_lifetime:
diff --git a/coreDriverInterfaceSupported.json b/coreDriverInterfaceSupported.json
@@ -21,6 +21,7 @@
     "4.0",
     "5.0",
     "5.1",
-    "5.2"
+    "5.2",
+    "5.3"
   ]
 }
diff --git a/devConfig.yaml b/devConfig.yaml
@@ -175,3 +175,6 @@ disable_telemetry: true
 # the supertokens core will use the specified number of threads to complete the migration of users.
 # bulk_migration_parallelism:
 
+# (DIFFERENT_ACROSS_APPS | OPTIONAL | Default: 300000) long value. Time in milliseconds for how long a webauthn
+# account recovery token is valid for.
+# webauthn_recover_account_token_lifetime:
diff --git a/implementationDependencies.json b/implementationDependencies.json
@@ -115,6 +115,16 @@
       "jar": "https://repo1.maven.org/maven2/com/googlecode/libphonenumber/libphonenumber/8.13.25/libphonenumber-8.13.25.jar",
       "name": "Libphonenumber 8.13.25",
       "src": "https://repo1.maven.org/maven2/com/googlecode/libphonenumber/libphonenumber/8.13.25/libphonenumber-8.13.25-sources.jar"
+    },
+    {
+      "jar": "https://repo1.maven.org/maven2/com/webauthn4j/webauthn4j-core/0.28.3.RELEASE/webauthn4j-core-0.28.5.RELEASE.jar",
+      "name": "webauthn4j-core 0.28.3.RELEASE",
+      "src": "https://repo1.maven.org/maven2/com/webauthn4j/webauthn4j-core/0.28.3.RELEASE/webauthn4j-core-0.28.5.RELEASE-sources.jar"
+    },
+    {
+      "jar": "https://repo1.maven.org/maven2/com/webauthn4j/webauthn4j-test/0.28.5.RELEASE/webauthn4j-test-0.28.5.RELEASE.jar",
+      "name": "webauthn4j-test 0.28.5.RELEASE",
+      "src": "https://repo1.maven.org/maven2/com/webauthn4j/webauthn4j-test/0.28.5.RELEASE/webauthn4j-test-0.28.5.RELEASE-sources.jar"
     }
   ]
 }
diff --git a/pluginInterfaceSupported.json b/pluginInterfaceSupported.json
@@ -1,6 +1,6 @@
 {
   "_comment": "contains a list of plugin interfaces branch names that this core supports",
   "versions": [
-    "7.0"
+    "feat/webauthn-1"
   ]
 }
diff --git a/src/main/java/io/supertokens/Main.java b/src/main/java/io/supertokens/Main.java
@@ -22,6 +22,7 @@
 import io.supertokens.cronjobs.Cronjobs;
 import io.supertokens.cronjobs.bulkimport.ProcessBulkImportUsers;
 import io.supertokens.cronjobs.cleanupOAuthSessionsAndChallenges.CleanupOAuthSessionsAndChallenges;
+import io.supertokens.cronjobs.cleanupWebauthnExpiredData.CleanUpWebauthnExpiredDataCron;
 import io.supertokens.cronjobs.deleteExpiredAccessTokenSigningKeys.DeleteExpiredAccessTokenSigningKeys;
 import io.supertokens.cronjobs.deleteExpiredDashboardSessions.DeleteExpiredDashboardSessions;
 import io.supertokens.cronjobs.deleteExpiredEmailVerificationTokens.DeleteExpiredEmailVerificationTokens;
@@ -265,6 +266,8 @@ private void init() throws IOException, StorageQueryException {
 
         Cronjobs.addCronjob(this, CleanupOAuthSessionsAndChallenges.init(this, uniqueUserPoolIdsTenants));
 
+        Cronjobs.addCronjob(this, CleanUpWebauthnExpiredDataCron.init(this, uniqueUserPoolIdsTenants));
+
         // this is to ensure tenantInfos are in sync for the new cron job as well
         MultitenancyHelper.getInstance(this).refreshCronjobs();
 

diff --git a/src/main/java/io/supertokens/authRecipe/AuthRecipe.java b/src/main/java/io/supertokens/authRecipe/AuthRecipe.java
@@ -1037,12 +1037,27 @@ public static List<CreatePrimaryUserBulkResult> createPrimaryUsers(Main main,
         }
     }
 
+    @TestOnly
+    public static AuthRecipeUserInfo[] getUsersByAccountInfo(TenantIdentifier tenantIdentifier,
+                                                             Storage storage,
+                                                             boolean doUnionOfAccountInfo, String email,
+                                                             String phoneNumber, String thirdPartyId,
+                                                             String thirdPartyUserId) throws StorageQueryException {
+        return getUsersByAccountInfo(tenantIdentifier,
+                storage,
+                doUnionOfAccountInfo, email,
+                phoneNumber, thirdPartyId,
+                thirdPartyUserId,
+                null);
+    }
+
 
     public static AuthRecipeUserInfo[] getUsersByAccountInfo(TenantIdentifier tenantIdentifier,
                                                              Storage storage,
                                                              boolean doUnionOfAccountInfo, String email,
                                                              String phoneNumber, String thirdPartyId,
-                                                             String thirdPartyUserId)
+                                                             String thirdPartyUserId,
+                                                             String webauthnCredentialId)
             throws StorageQueryException {
         Set<AuthRecipeUserInfo> result = new HashSet<>();
 
@@ -1064,6 +1079,14 @@ public static AuthRecipeUserInfo[] getUsersByAccountInfo(TenantIdentifier tenant
             }
         }
 
+        if(webauthnCredentialId != null){
+            AuthRecipeUserInfo user = StorageUtils.getAuthRecipeStorage(storage)
+                    .getPrimaryUserByWebauthNCredentialId(tenantIdentifier, webauthnCredentialId);
+            if (user != null) {
+                result.add(user);
+            }
+        }
+
         if (doUnionOfAccountInfo) {
             AuthRecipeUserInfo[] finalResult = result.toArray(new AuthRecipeUserInfo[0]);
             return Arrays.stream(finalResult).sorted((o1, o2) -> {

diff --git a/src/main/java/io/supertokens/config/CoreConfig.java b/src/main/java/io/supertokens/config/CoreConfig.java
@@ -350,6 +350,11 @@ public class CoreConfig {
             "migration of users. (Default: number of available processor cores).")
     private int bulk_migration_parallelism =  Runtime.getRuntime().availableProcessors();
 
+    @NotConflictingInApp
+    @JsonProperty
+    @ConfigDescription("Time in milliseconds for how long a webauthn account recovery token is valid for. [Default: 300000 (5 mins)]")
+    private long webauthn_recover_account_token_lifetime = 300000;
+
     @IgnoreForAnnotationCheck
     private static boolean disableOAuthValidationForTest = false;
 
@@ -589,6 +594,10 @@ public int getBulkMigrationParallelism() {
         return bulk_migration_parallelism;
     }
 
+    public long getWebauthnRecoverAccountTokenLifetime() {
+        return webauthn_recover_account_token_lifetime;
+    }
+
     private String getConfigFileLocation(Main main) {
         return new File(CLIOptions.get(main).getConfigFilePath() == null
                 ? CLIOptions.get(main).getInstallationPath() + "config.yaml"
@@ -786,6 +795,10 @@ void normalizeAndValidate(Main main, boolean includeConfigFilePath) throws Inval
             throw new InvalidConfigException("Provided bulk_migration_parallelism must be >= 1");
         }
 
+        if (webauthn_recover_account_token_lifetime <= 0) {
+            throw new InvalidConfigException("Provided webauthn_recover_account_token_lifetime must be > 0");
+        }
+
         for (String fieldId : CoreConfig.getValidFields()) {
             try {
                 Field field = CoreConfig.class.getDeclaredField(fieldId);

diff --git a/...va/io/supertokens/cronjobs/cleanupWebauthnExpiredData/CleanUpWebauthnExpiredDataCron.java b/...va/io/supertokens/cronjobs/cleanupWebauthnExpiredData/CleanUpWebauthnExpiredDataCron.java
@@ -0,0 +1,76 @@
+/*
+ *    Copyright (c) 2025, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ *    This software is licensed under the Apache License, Version 2.0 (the
+ *    "License") as published by the Apache Software Foundation.
+ *
+ *    You may not use this file except in compliance with the License. You may
+ *    obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *    License for the specific language governing permissions and limitations
+ *    under the License.
+ */
+
+package io.supertokens.cronjobs.cleanupWebauthnExpiredData;
+
+import io.supertokens.Main;
+import io.supertokens.cronjobs.CronTask;
+import io.supertokens.cronjobs.CronTaskTest;
+import io.supertokens.pluginInterface.STORAGE_TYPE;
+import io.supertokens.pluginInterface.Storage;
+import io.supertokens.pluginInterface.StorageUtils;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
+import io.supertokens.pluginInterface.webauthn.WebAuthNStorage;
+
+import java.util.List;
+
+public class CleanUpWebauthnExpiredDataCron extends CronTask {
+
+    public static final String RESOURCE_KEY = "io.supertokens.cronjobs.cleanupWebauthnExpiredData" +
+            ".CleanUpWebauthnExpiredDataCron";
+
+    private CleanUpWebauthnExpiredDataCron(Main main, List<List<TenantIdentifier>> tenantsInfo) {
+        super("CleanUpWebauthnExpiredDataCron", main, tenantsInfo, true);
+    }
+
+    public static CleanUpWebauthnExpiredDataCron init(Main main, List<List<TenantIdentifier>> tenantsInfo) {
+        return (CleanUpWebauthnExpiredDataCron) main.getResourceDistributor()
+                .setResource(new TenantIdentifier(null, null, null), RESOURCE_KEY,
+                        new CleanUpWebauthnExpiredDataCron(main, tenantsInfo));
+    }
+
+    @Override
+    protected void doTaskPerStorage(Storage storage) throws Exception {
+        if (storage.getType() != STORAGE_TYPE.SQL) {
+            return;
+        }
+
+        WebAuthNStorage webAuthNStorage = StorageUtils.getWebAuthNStorage(storage);
+        webAuthNStorage.deleteExpiredAccountRecoveryTokens();
+        webAuthNStorage.deleteExpiredGeneratedOptions();
+    }
+
+    @Override
+    public int getIntervalTimeSeconds() {
+        if (Main.isTesting) {
+            Integer interval = CronTaskTest.getInstance(main).getIntervalInSeconds(RESOURCE_KEY);
+            if (interval != null) {
+                return interval;
+            }
+        }
+        // Every 24 hours.
+        return 24 * 3600;
+    }
+
+    @Override
+    public int getInitialWaitTimeSeconds() {
+        if (!Main.isTesting) {
+            return getIntervalTimeSeconds();
+        } else {
+            return 0;
+        }
+    }
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,6 +21,7 @@ @@
         "4.0",
         "5.0",
         "5.1",
-        "5.2"
+        "5.2",
+        "5.3"
       ]
     }