Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JsonException: Malformed UTF-8 characters #465

Closed
asbiin opened this issue Sep 3, 2023 · 4 comments · Fixed by #470
Closed

JsonException: Malformed UTF-8 characters #465

asbiin opened this issue Sep 3, 2023 · 4 comments · Fixed by #470
Assignees
@Spomky
Labels
bug Something isn't working
Milestone
5.0.0

Comments

@asbiin
Copy link
Contributor

asbiin commented Sep 3, 2023

Version(s) affected

4.7.0

Description

Since #458 this error occurs when registering or validating a key

JsonException(code: 5): Malformed UTF-8 characters, possibly incorrectly encoded at vendor/web-auth/webauthn-lib/src/PublicKeyCredential.php:26

It's triggered from PublicKeyCredentialLoader::loadArray

...
$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => $publicKeyCredential,
]);

this line renders the publicKeyCredential as string, and hits [PublicKeyCredential::__toString](https://github.com/web-auth/webauthn-framework/blob/87895ca9a1b6064b7e67c320878c09bfe230534d/src/webauthn/src/PublicKeyCredential.php#L26]

return json_encode($this, JSON_THROW_ON_ERROR);

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

How to reproduce

Register or authenticate a key.
This happen to me in https://github.com/asbiin/laravel-webauthn-example/ but I guess it can happen in any application.

Possible Solution

Change the __toString method to not render the AuthenticatorResponse?

Additional Context

No response
@Spomky
Copy link
Contributor

Spomky commented Sep 3, 2023

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

Hi @asbiin,

Thank you for this report.
I do not remember why, but I do not see any reason for this class to implement Stringable.
Moreover, before 4.7, the class always returns {} (which has no sense) because it does not implement \JsonSerializable.

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

I note for 5.0 that the class should not implement Stringable and the method __toString should be removed.

@Spomky Spomky self-assigned this Sep 3, 2023
@Spomky Spomky added the bug Something isn't working label Sep 3, 2023
@Spomky Spomky added this to the 5.0.0 milestone Sep 3, 2023
@asbiin
Copy link
Contributor Author

asbiin commented Sep 3, 2023

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

This sounds good 👍🏼
Thank you.

@gawsoftpl
Copy link

I have same error too. I downgrade to version 4.6.4 and works

@Spomky Spomky linked a pull request Sep 7, 2023 that will close this issue
Safe calls and deprecation fixed #470
Merged
4 tasks
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Spomky Spomky

Labels
bug Something isn't working
Projects
None yet
Milestone
5.0.0
Development

Successfully merging a pull request may close this issue.

Safe calls and deprecation fixed web-auth/webauthn-framework
3 participants
@Spomky @asbiin @gawsoftpl