Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3.0.0.alpha2 #368

Merged
merged 3 commits into from
Sep 12, 2022
Merged

3.0.0.alpha2 #368

merged 3 commits into from
Sep 12, 2022

Conversation

bdewater
Copy link
Collaborator

@bdewater bdewater commented Sep 8, 2022

This is a rebase of #296 on top of the current master branch, addressing the concerns from #367 that one would have to pick between either the OpenSSL 3.0 compatibility or support for multiple relying parties.

While I was here I bumped the minimum Ruby to 2.5 for a green build.

padulafacundo and others added 2 commits September 8, 2022 18:36
@brauliomartinezlm @bdewater
Support multiple relying parties (#296)
23f3be4 
* WIP: Relying Party model

* fixup! WIP: Relying Party model

* refactor: make `WebAuthn.configuration` a wrapper for a `RelyingParty`
instance

* fixup! refactor: make `WebAuthn.configuration` a wrapper for a `RelyingParty` instance

* refactor: delegate Configuration methods

* refactor: always pass a RelyingParty

* use relying party on when creating options

* refactor: remove unnecessary aliases

* fix: make reader private

* refactor: make parent class AuthenticatorResponse responsible for relying party

* fix: post rebase fixes

* test: get rid of all keyword 2.7 warnings

* fix: rebase trailing diff

* fix: make rubocop happy

* fix: make AttestationObject#deserialize accept relying_party param

* refactor: algorithm validation uses relying party configuration

* fix: make RP initializer use finders setter to process params correctly

* fix: cache store should recieve origin from server

* refactor: CR comments on API flexibility

* refactor: CR comments

* test: add functional comprehensive test for multiple RPs and a default configuration

* refactor: Allow #verify_authentication to be used with or without a block

* style: fix rubocop

Co-authored-by: Braulio Martinez <[email protected]>
@bdewater
Bump minimum version of Ruby to 2.5
365ae4b 
Not sure how 2f54c92 passed CI for Ruby 2.4, since lib/webauthn/relying_party.rb uses Hash#slice which was introduced in 2.5. By now 2.4 has been end-of-life for two years and I don't think it's worth any further investigation.
@bdewater bdewater mentioned this pull request Sep 8, 2022
Closed
@bdewater
Copy link
Collaborator Author

bdewater commented Sep 8, 2022

@brauliomartinezlm @grzuy 👋 long time no speak. Any concerns with the master branch targeting a 3.0 alpha, now that there's a 2-stable branch?

@Brantron
Copy link

Brantron commented Sep 9, 2022

What's not clear to me is why was this reverted in the last attempt? Can we ensure we have specs that account for whatever the issue was previously? I'm happy to help test if we can understand that.

@brauliomartinezlm
Copy link
Member

brauliomartinezlm commented Sep 10, 2022
edited

Hey @bdewater I'm definitely onboard on doing this. I'll take a look at the PR during the weekend and we can merge it. Thank you for opening this PR! Long time indeed :).

What's not clear to me is why was this reverted in the last attempt? Can we ensure we have specs that account for whatever the issue was previously? I'm happy to help test if we can understand that.

@Brantron there's actually no issue with version 3. We were waiting for a long time for signals that the new API was a good move from the gem users (regardless of being backwards compatible). That never came in the form we expected and it was more of a long process where I think now we have enough proof of adoption of v3.

That being said, all testing and being extra careful is highly appreciated given the sensitivity of our beloved gem 🙏

@brauliomartinezlm
Copy link
Member

@bdewater did you have any issues between v3 and all the things that made it to 2-stable for the openssl3 upgrade?

@bdewater
Copy link
Collaborator Author

@brauliomartinezlm none 😄 after fixing the merge conflicts, the only test suite failures that I remember needing a closer look were the encoder.encode method calls, that now use [1] instead of last to access the result of create_credential due to the changes in f787a2f

@brauliomartinezlm brauliomartinezlm mentioned this pull request Sep 10, 2022
Closed
brauliomartinezlm
brauliomartinezlm reviewed Sep 10, 2022
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
brauliomartinezlm
brauliomartinezlm approved these changes Sep 10, 2022
View reviewed changes
Copy link
Member

@brauliomartinezlm brauliomartinezlm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm all in with merging this. Left you a minor comment. I'll cut the release for alpha 2 once you merge it. I'll leave you the honors @bdewater

Thank you sooooo much 🙌

@bdewater bdewater merged commit d7022a9 into master Sep 12, 2022
@bdewater bdewater deleted the relying_party-3.0 branch September 12, 2022 17:51
@Brantron
Copy link

Thanks for getting this merged in folks. I'm super pumped to start using the new release 🥳

@brauliomartinezlm
Copy link
Member

brauliomartinezlm commented Sep 15, 2022
edited

Just released 3.0.0.alpha2 🎉 . Sorry for the delay 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brauliomartinezlm brauliomartinezlm brauliomartinezlm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bdewater @Brantron @brauliomartinezlm