Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

JsonException: Malformed UTF-8 characters #465

Closed
asbiin opened this issue Sep 3, 2023 · 4 comments · Fixed by #470
Closed

JsonException: Malformed UTF-8 characters #465

asbiin opened this issue Sep 3, 2023 · 4 comments · Fixed by #470
Assignees
@Spomky
Labels
bug Something isn't working
Milestone
5.0.0

Comments

@asbiin
Copy link
Contributor

asbiin commented Sep 3, 2023

Version(s) affected

4.7.0

Description

Since #458 this error occurs when registering or validating a key

JsonException(code: 5): Malformed UTF-8 characters, possibly incorrectly encoded at vendor/web-auth/webauthn-lib/src/PublicKeyCredential.php:26

It's triggered from PublicKeyCredentialLoader::loadArray

...
$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => $publicKeyCredential,
]);

this line renders the publicKeyCredential as string, and hits [PublicKeyCredential::__toString](https://github.com/web-auth/webauthn-framework/blob/87895ca9a1b6064b7e67c320878c09bfe230534d/src/webauthn/src/PublicKeyCredential.php#L26]

return json_encode($this, JSON_THROW_ON_ERROR);

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

How to reproduce

Register or authenticate a key.
This happen to me in https://github.com/asbiin/laravel-webauthn-example/ but I guess it can happen in any application.

Possible Solution

Change the __toString method to not render the AuthenticatorResponse?

Additional Context

No response
@Spomky
Copy link
Contributor

Spomky commented Sep 3, 2023

Before #458, the PublicKeyCredential::__toString method just returned '{}', but now it tries to render the whole AuthenticatorResponse which contains raw binary data, not compatible with json_encode

Hi @asbiin,

Thank you for this report.
I do not remember why, but I do not see any reason for this class to implement Stringable.
Moreover, before 4.7, the class always returns {} (which has no sense) because it does not implement \JsonSerializable.

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

I note for 5.0 that the class should not implement Stringable and the method __toString should be removed.

@Spomky Spomky self-assigned this Sep 3, 2023
@Spomky Spomky added the bug Something isn't working label Sep 3, 2023
@Spomky Spomky added this to the 5.0.0 milestone Sep 3, 2023
@asbiin
Copy link
Contributor Author

asbiin commented Sep 3, 2023

What I suggest for now is to log the descriptor instead:

$this->logger->debug('Public Key Credential', [
   'publicKeyCredential' => json_encode($publicKeyCredential->getPublicKeyCredentialDescriptor(), JSON_THROW_ON_ERROR),
]);

This sounds good 👍🏼
Thank you.

@gawsoftpl
Copy link

I have same error too. I downgrade to version 4.6.4 and works

@Spomky Spomky linked a pull request Sep 7, 2023 that will close this issue
Safe calls and deprecation fixed #470
Merged
4 tasks
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2023
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@Spomky Spomky

Labels
bug Something isn't working
Projects
None yet
Milestone
5.0.0
Development

Successfully merging a pull request may close this issue.

Safe calls and deprecation fixed web-auth/webauthn-framework
3 participants
@Spomky @asbiin @gawsoftpl