Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 13:53:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix issues identified in PR review

Browse Source 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
This commit is contained in:
Borghi 2025-03-24 12:58:08 -03:00
parent 0bc9313fdd
commit e3a715b8f5
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -346,7 +346,8 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
} }
private List<CredentialRecord> findCredentialRecords(Authentication authentication) { private List<CredentialRecord> findCredentialRecords(Authentication authentication) {
if (authentication instanceof AnonymousAuthenticationToken) { AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
if (authentication == null || trustResolver.isAnonymous(authentication)) {
return Collections.emptyList(); return Collections.emptyList();
} }
PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName()); PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName());

11
web/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -548,6 +548,15 @@ class Webauthn4jRelyingPartyOperationsTests {
assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty(); assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
} }
@Test
void shouldReturnEmptyCredentialsWhenAnonymousUserIsDisabled() {
PublicKeyCredentialRequestOptionsRequest createRequest = new ImmutablePublicKeyCredentialRequestOptionsRequest(null);
PublicKeyCredentialRequestOptions credentialRequestOptions = this.rpOperations
.createCredentialRequestOptions(createRequest);
assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
}
private static AuthenticatorAttestationResponse setFlag(byte... flags) throws Exception { private static AuthenticatorAttestationResponse setFlag(byte... flags) throws Exception {
AuthenticatorAttestationResponseBuilder authAttResponseBldr = TestAuthenticatorAttestationResponse AuthenticatorAttestationResponseBuilder authAttResponseBldr = TestAuthenticatorAttestationResponse
.createAuthenticatorAttestationResponse(); .createAuthenticatorAttestationResponse();