Upgrade web-auth/webauthn-lib to version 4.7

[MauricioFauth]

No description provided.

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (0c1831c) 56.46% compared to head (5758865) 56.51%.
Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #18752      +/-   ##
============================================
+ Coverage     56.46%   56.51%   +0.05%     
- Complexity    16137    16143       +6     
============================================
  Files           673      673              
  Lines         64142    64175      +33     
============================================
+ Hits          36215    36267      +52     
+ Misses        27927    27908      -19     

Flag	Coverage Δ
dbase-extension	56.51% <ø> (+0.05%)	⬆️
unit-8.1-ubuntu-latest	56.47% <ø> (+0.05%)	⬆️
unit-8.2-ubuntu-latest	56.44% <ø> (+0.05%)	⬆️
unit-8.3-ubuntu-latest	56.44% <ø> (+0.05%)	⬆️
unit-8.4-ubuntu-latest	56.44% <ø> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
src/Plugins/TwoFactor/WebAuthn.php	100.00% <ø> (ø)
src/WebAuthn/WebauthnLibServer.php	68.60% <ø> (+21.12%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[MauricioFauth]

@williamdes, What do you think about requiring this lib for 6.0 and then dropping the custom server that I wrote? We already ship this lib for the website package. I can also work on using this lib to replace the code-lts/u2f-php-server for FIDO U2F.

[williamdes]

@williamdes, What do you think about requiring this lib for 6.0 and then dropping the custom server that I wrote? We already ship this lib for the website package. I can also work on using this lib to replace the code-lts/u2f-php-server for FIDO U2F.

I am not sure what you mean about website
But it looks like a good plan, let's make 6.0 clean we only have one shot

[MauricioFauth]

I am not sure what you mean about website

The release package distributed on the website

[williamdes]

We can change this like we want for 6.0 :)

[joostdebruijn]

Hi @MauricioFauth. I was thinking about proposing a change related to phpMyAdmin's WebAuthn-implementation. At this moment the rpId is 'hardcoded' the hostname of the current request. That is a sensible default in most situations, however in some situations it would be nice if you can define the rpId yourself via the config (e.g. when you want to share a WebAuthn-credential across multiple hosts on the same domain). I can propose a separate PR for this, but looking at the changes in this PR it's maybe better to incorporate it on this branch as well?

[MauricioFauth]

Hi @MauricioFauth. I was thinking about proposing a change related to phpMyAdmin's WebAuthn-implementation. At this moment the rpId is 'hardcoded' the hostname of the current request. That is a sensible default in most situations, however in some situations it would be nice if you can define the rpId yourself via the config (e.g. when you want to share a WebAuthn-credential across multiple hosts on the same domain). I can propose a separate PR for this, but looking at the changes in this PR it's maybe better to incorporate it on this branch as well?

Thank you for this suggestion. I'll add this.