commit b0e379d3648ac7b6d49f0b70da361620bbe442a6
parent b0158fd3be5217e52ba3221d7f9771e779b481f3
Author: Zack Newman <zack@philomathiclife.com>
Date: Tue, 11 Mar 2025 13:14:47 -0600
fix bug that allows any array to be converted to a UserHandle
Diffstat:
3 files changed, 35 insertions(+), 7 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,7 +10,7 @@ name = "webauthn_rp"
readme = "README.md"
repository = "https://git.philomathiclife.com/repos/webauthn_rp/"
rust-version = "1.85.0"
-version = "0.2.5"
+version = "0.2.6"
[package.metadata.docs.rs]
all-features = true
@@ -24,7 +24,7 @@ p384 = { version = "0.13.1", default-features = false, features = ["ecdsa"] }
precis-profiles = { version = "0.1.11", default-features = false }
rand = { version = "0.9.0", default-features = false, features = ["thread_rng"] }
rsa = { version = "0.9.7", default-features = false, features = ["sha2"] }
-serde = { version = "1.0.218", default-features = false, features = ["alloc"], optional = true }
+serde = { version = "1.0.219", default-features = false, features = ["alloc"], optional = true }
serde_json = { version = "1.0.140", default-features = false, features = ["alloc"], optional = true }
url = { version = "2.5.4", default-features = false }
diff --git a/src/request/register/bin.rs b/src/request/register/bin.rs
@@ -10,7 +10,10 @@ use core::{
fmt::{self, Display, Formatter},
};
impl<T: AsRef<[u8]>> Encode for UserHandle<T> {
- type Output<'a> = &'a [u8] where Self: 'a;
+ type Output<'a>
+ = &'a [u8]
+ where
+ Self: 'a;
type Err = Infallible;
#[inline]
fn encode(&self) -> Result<Self::Output<'_>, Self::Err> {
@@ -28,8 +31,22 @@ impl Decode for UserHandle<Vec<u8>> {
}
}
}
+impl<const LEN: usize> Decode for UserHandle<[u8; LEN]>
+where
+ Self: Default,
+{
+ type Input<'a> = [u8; LEN];
+ type Err = Infallible;
+ #[inline]
+ fn decode(input: Self::Input<'_>) -> Result<Self, Self::Err> {
+ Ok(Self(input))
+ }
+}
impl Encode for Nickname<'_> {
- type Output<'a> = &'a str where Self: 'a;
+ type Output<'a>
+ = &'a str
+ where
+ Self: 'a;
type Err = Infallible;
#[inline]
fn encode(&self) -> Result<Self::Output<'_>, Self::Err> {
@@ -77,7 +94,10 @@ impl Decode for Nickname<'_> {
}
}
impl Encode for Username<'_> {
- type Output<'a> = &'a str where Self: 'a;
+ type Output<'a>
+ = &'a str
+ where
+ Self: 'a;
type Err = Infallible;
#[inline]
fn encode(&self) -> Result<Self::Output<'_>, Self::Err> {
diff --git a/src/request/register/custom.rs b/src/request/register/custom.rs
@@ -1,8 +1,16 @@
-use super::{UserHandle, UserHandleErr};
+use super::{USER_HANDLE_MAX_LEN, USER_HANDLE_MIN_LEN, UserHandle, UserHandleErr};
+#[expect(clippy::fallible_impl_from, reason = "backward compatible fix")]
impl<const LEN: usize> From<[u8; LEN]> for UserHandle<[u8; LEN]> {
+ #[expect(clippy::panic, reason = "backward compatible fix")]
#[inline]
fn from(value: [u8; LEN]) -> Self {
- Self(value)
+ if (USER_HANDLE_MIN_LEN..=USER_HANDLE_MAX_LEN).contains(&value.len()) {
+ Self(value)
+ } else {
+ panic!(
+ "UserHandle::from must only be passed an array of length 1 to 64 inclusively. Update webauthn_rp to 0.3.0 or greater to avoid this `panic` possibility"
+ );
+ }
}
}
impl<'a: 'b, 'b> TryFrom<&'a [u8]> for UserHandle<&'b [u8]> {
