From 035470e08123220dbf62246020fe78008c85a121 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 17 Aug 2022 23:06:48 +0200 Subject: [PATCH] Fix backend compatibility with OpenSSL 3.0 (#18449) * Update webpush to fork with OpenSSL 3 compatibility * Fix tests with OpenSSL 3.0 * Update webauthn gem to latest release and update dependencies --- Gemfile | 4 +- Gemfile.lock | 46 +++++++++++-------- .../webauthn_credential_fabricator.rb | 2 +- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index 2e77fb42a..deafa6699 100644 --- a/Gemfile +++ b/Gemfile @@ -91,8 +91,8 @@ gem 'tty-prompt', '~> 0.23', require: false gem 'twitter-text', '~> 3.1.0' gem 'tzinfo-data', '~> 1.2022' gem 'webpacker', '~> 5.4' -gem 'webpush', '~> 0.3' -gem 'webauthn', '~> 3.0.0.alpha1' +gem 'webpush', git: 'https://github.com/ClearlyClaire/webpush.git', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9' +gem 'webauthn', '~> 2.5' gem 'json-ld' gem 'json-ld-preloaded', '~> 3.2' diff --git a/Gemfile.lock b/Gemfile.lock index e12fdc237..7991bf574 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/ClearlyClaire/webpush.git + revision: f14a4d52e201128b1b00245d11b6de80d6cfdcd9 + ref: f14a4d52e201128b1b00245d11b6de80d6cfdcd9 + specs: + webpush (0.3.8) + hkdf (~> 0.2) + jwt (~> 2.0) + GEM remote: https://rubygems.org/ specs: @@ -79,7 +88,7 @@ GEM attr_encrypted (3.1.0) encryptor (~> 3.0.0) attr_required (1.0.1) - awrence (1.1.1) + awrence (1.2.1) aws-eventstream (1.2.0) aws-partitions (1.587.0) aws-sdk-core (3.130.2) @@ -167,9 +176,9 @@ GEM color_diff (0.1) concurrent-ruby (1.1.10) connection_pool (2.2.5) - cose (1.0.0) + cose (1.2.1) cbor (~> 0.5.9) - openssl-signature_algorithm (~> 0.4.0) + openssl-signature_algorithm (~> 1.0) crack (0.4.5) rexml crass (1.0.6) @@ -337,7 +346,7 @@ GEM json-ld (~> 3.2) rdf (~> 3.2) jsonapi-renderer (0.2.2) - jwt (2.2.2) + jwt (2.4.1) kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) @@ -436,8 +445,9 @@ GEM validate_email validate_url webfinger (>= 1.0.1) - openssl (2.2.0) - openssl-signature_algorithm (0.4.0) + openssl (3.0.0) + openssl-signature_algorithm (1.2.1) + openssl (> 2.0, < 3.1) orm_adapter (0.5.0) ox (2.14.11) parallel (1.22.1) @@ -598,7 +608,6 @@ GEM scenic (1.6.0) activerecord (>= 4.0.0) railties (>= 4.0.0) - securecompare (1.0.0) semantic_range (3.0.0) sidekiq (6.4.2) connection_pool (>= 2.2.2) @@ -654,9 +663,10 @@ GEM climate_control (>= 0.0.3, < 1.0) thor (1.2.1) tilt (2.0.10) - tpm-key_attestation (0.9.0) + tpm-key_attestation (0.11.0) bindata (~> 2.4) - openssl-signature_algorithm (~> 0.4.0) + openssl (> 2.0, < 3.1) + openssl-signature_algorithm (~> 1.0) tty-color (0.6.0) tty-cursor (0.7.1) tty-prompt (0.23.1) @@ -687,16 +697,15 @@ GEM public_suffix warden (1.2.9) rack (>= 2.0.9) - webauthn (3.0.0.alpha1) + webauthn (2.5.2) android_key_attestation (~> 0.3.0) awrence (~> 1.1) bindata (~> 2.4) cbor (~> 0.5.9) - cose (~> 1.0) - openssl (~> 2.0) + cose (~> 1.1) + openssl (>= 2.2, < 3.1) safety_net_attestation (~> 0.4.0) - securecompare (~> 1.0) - tpm-key_attestation (~> 0.9.0) + tpm-key_attestation (~> 0.11.0) webfinger (1.2.0) activesupport httpclient (>= 2.4) @@ -709,9 +718,6 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - webpush (0.3.8) - hkdf (~> 0.2) - jwt (~> 2.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -841,8 +847,8 @@ DEPENDENCIES tty-prompt (~> 0.23) twitter-text (~> 3.1.0) tzinfo-data (~> 1.2022) - webauthn (~> 3.0.0.alpha1) - webmock (~> 3.14) + webauthn (~> 2.5) + webmock (~> 3.17) webpacker (~> 5.4) - webpush (~> 0.3) + webpush! xorcist (~> 1.1) diff --git a/spec/fabricators/webauthn_credential_fabricator.rb b/spec/fabricators/webauthn_credential_fabricator.rb index 496a7a735..ba59ce967 100644 --- a/spec/fabricators/webauthn_credential_fabricator.rb +++ b/spec/fabricators/webauthn_credential_fabricator.rb @@ -1,7 +1,7 @@ Fabricator(:webauthn_credential) do user_id { Fabricate(:user).id } external_id { Base64.urlsafe_encode64(SecureRandom.random_bytes(16)) } - public_key { OpenSSL::PKey::EC.new("prime256v1").generate_key.public_key } + public_key { OpenSSL::PKey::EC.generate('prime256v1').public_key } nickname 'USB key' sign_count 0 end