Skip to content

Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 25, 2025
Merged

Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606

merged 4 commits into from
Mar 25, 2025

Conversation

Borghii
Copy link
Contributor

@Borghii Borghii commented Feb 17, 2025

Issue gh-16385

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 17, 2025
@ziqin
Copy link

ziqin commented Feb 18, 2025
edited
Loading

👍 I have tried this PR. It works with my own JDBC-based PublicKeyCredentialUserEntityRepository and UserCredentialRepository implementation. No anonymousUser entry is created.

@Kehrlann
Copy link
Contributor

Kehrlann commented Mar 24, 2025
edited
Loading

@Borghii Thanks for the pull request!

Please also consider adding a test for when authentication == null. This is the case is users explicitly disable anonymous auth, with http.anonymous(AnonymousConfigurer::disable).

Also consider using AuthenticationTrustResolverImpl#isAnonymous for checking anonymity.

ziqin
ziqin suggested changes Mar 24, 2025
View reviewed changes
Copy link

@ziqin ziqin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to create a trustResolver instance every time findCredentialRecords is called.

Borghii added 2 commits March 24, 2025 13:18
@Borghii
Fix issues identified in PR review
5571ad1 
Signed-off-by: Tomas Borghi <[email protected]>
@Borghii
Delete import unused
0a08413 
Signed-off-by: Tomas Borghi <[email protected]>
@rwinch rwinch self-assigned this Mar 25, 2025
@rwinch rwinch added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 25, 2025
@rwinch rwinch added this to the 6.4.5 milestone Mar 25, 2025
@rwinch rwinch added the type: bug A general bug label Mar 25, 2025
@rwinch rwinch changed the title Fix bug PublicKeyCredentialUserEntityRepository saves anonymousUser Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity Mar 25, 2025
@rwinch rwinch mentioned this pull request Mar 25, 2025
Closed
@rwinch rwinch merged commit 0a08413 into spring-projects:6.4.x Mar 25, 2025
3 checks passed
@rwinch rwinch mentioned this pull request Mar 25, 2025
Closed
@Borghii Borghii deleted the gh-16385 branch March 26, 2025 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ziqin ziqin ziqin requested changes

Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
Spring Security Team
Status: No status
Milestone
6.4.5
Development

Successfully merging this pull request may close these issues.
5 participants
@Borghii @ziqin @Kehrlann @rwinch @spring-projects-issues