Required changes after updating Composer dependencies#39134
Required changes after updating Composer dependencies#39134HLeithner merged 9 commits intojoomla:5.0-devfrom nikosdion:feature/update-composer-deps
Conversation
Update DelegatingPsrLogger.php after psr/log update in gh-39123.
Introduce common WebAuthn server helper
Replace WebAuthn Server with our own. The original Server class from the WebAuthn library was removed in version 4 of the library.
Mark our custom server as internal
|
Thanks @nikosdion we need a documentation update for the deprecation/update/bc on manual.joomla.org and a deprecation warning for Joomla 4.3... as discussed please change the DelegatingPsrLogger to final, no reason to extend this logger Can you create the PR for 4.3 (add the deprecation and mark it internal) and I would add the deprecation / bc entry at https://manual.joomla.org/migrations/42-43/new-deprecations and https://manual.joomla.org/migrations/44-50/removed-backward-incompatibility |
Per discussion #39134 (comment)
Per discussion #39134 (comment)
|
Done. Relevant PRs:
|
|
@nikosdion Could you fix the code style errors reported by drone? Currently they fail, and so other CI tests are not run. The errors are all about tabs being used in the Server.php file, but spaces should be used. |
|
@richard67 Tabs came from a previous PR. No worries, I pushed a commit with spaces used for indentation. |
|
Hmm I got this error message with vivaldi and windows hello? (pin) |
|
I get the same error message with yubikey |
|
Same error with windows hello, yubi key on chrome beta and firefox and edge on windows 10 |
|
Pull the changes I just made; it should work correctly now. The new version of the WebAuthn library expects the authenticator attestation response data to be Base64-encoded without padding (no equals signs at the end), however JavaScript always adds padding. I had to add some server-side code to rectify this issue. |
|
Thank I'm merging this for now since we need a working 5.0-dev branch. Hopefully we get some feedback about the direct usage of 3rd party libraries requiring PSR 3 v1 and v3 logger... |
…remove 4.x update SQL scripts (#40083) * Init deleted files and folders for 5.0 * Add deleted files and folders from #38406 * Add deleted file from #38405 * Add deleted files and folders from #39134 * Init renamed files for 5.0 * Add deleted and renamed files and folders from dependency updates * Fix alpha odering of deleted files * Remove j4 update SQL scripts and add initial one for j5 * Use real DDL in update SQL script
Pull Request in continuation of gh-39123
Summary of Changes
\Joomla\CMS\Log\DelegatingPsrLogger::logto matchpsr/logversion 3\Joomla\CMS\WebAuthn\Serverto abstract the common WebAuthn code and update implementation (system and multifactorauthentication plugins) with it.\Joomla\CMS\Log\DelegatingPsrLoggerclass final and internal.Testing Instructions
5.0-devbranchnpm cicomposer installActual result BEFORE applying this Pull Request
\Joomla\CMS\Log\DelegatingPsrLogger::logExpected result AFTER applying this Pull Request
Link to documentations
Please select:
No documentation changes for docs.joomla.org needed
Pull Request link for manual.joomla.org: PR 62
Technical details
BACKWARDS INCOMPATIBLE CHANGE (PRE-EXISTING TO THIS PR).
psr/logversion 3 has changed some signatures, most importantly that of thelogmethod. Any third party extension implementing a PSR logger will break following the update of PSR-3 in Joomla. I can tell you upfront that this already affects my own software and I have to forkpsr/logv1 for use in my extensions. Noted in manual PR 62.Fixing that would require forking the WebAuthn library, as I had said in #38209 (comment). This is the exact problem described in https://medium.com/@davert/why-i-dont-enjoy-writing-php-anymore-aee8a85ca8aa So, no matter what we do we will have a major problem: either we break b/c in software which is (correctly) using PSR-3 for logging, or we have to maintain a fork of a third party library. This is a fundamental problem of PHP which I had foreseen circa 2015, when PHP 7 introduced major b/c breaks.
Another workaround is to change the namespace of specific dependencies and their dependencies as I have described in https://www.dionysopoulos.me/book/advice-composer.html under “Dealing with namespace clashes and older dependency versions included with Joomla”. However, this is essentially the same as maintaining a fork with the asterisk that the fork is an automated process. The big caveat is we'd be relying on Yet Another Third Party Software (PHP-Scoper) and introduce one more convoluted step in the build process with everything that entails. The phrase "damned if you, damned if you don't" comes to mind.
Why did we introduce a WebAuthn Server class? The WebAuthn library decided to remove the Server class for reasons unknown. This would have led us to duplication of very convoluted code with a very high chance of introducing bugs now and in the future. Instead, I chose to reimplement the Server class (most of its code was already overridden in Joomla 4.2 with our custom code anyway) as a CMS library class and mark it BOTH
finalAND@internalto indicate that it is not part of the public Joomla API which is bound by the Joomla b/c promise. The only thing we can promise about this class is that it will change when we upgrade the WebAuthn library to version 5.