Task/upgrade to simplewebauthn version 13.1 (#4407)

* Upgrade to simplewebauthn version 13.1

* Update changelog

CHANGELOG.md

@@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## 2.144.0 - 2025-03-06
 
+### Changed
+
+- Upgraded `@simplewebauthn/browser` and `@simplewebauthn/server` from version `9.0` to `13.1`
+
 ### Fixed
 
 - Fixed the missing import functionality on the non-empty activities page

apps/api/src/app/auth/web-auth.service.ts

@@ -24,6 +24,7 @@ import {
   verifyRegistrationResponse,
   VerifyRegistrationResponseOpts
 } from '@simplewebauthn/server';
+import { isoBase64URL, isoUint8Array } from '@simplewebauthn/server/helpers';
 
 import {
   AssertionCredentialJSON,
@@ -54,10 +55,9 @@ export class WebAuthService {
     const opts: GenerateRegistrationOptionsOpts = {
       rpName: 'Ghostfolio',
       rpID: this.rpID,
-      userID: user.id,
+      userID: isoUint8Array.fromUTF8String(user.id),
       userName: '',
       timeout: 60000,
-      attestationType: 'indirect',
       authenticatorSelection: {
         authenticatorAttachment: 'platform',
         requireResidentKey: false,
@@ -111,11 +111,17 @@ export class WebAuthService {
       where: { userId: user.id }
     });
     if (registrationInfo && verified) {
-      const { counter, credentialID, credentialPublicKey } = registrationInfo;
+      const {
+        credential: {
+          counter,
+          id: credentialId,
+          publicKey: credentialPublicKey
+        }
+      } = registrationInfo;
 
-      let existingDevice = devices.find(
-        (device) => device.credentialId === credentialID
-      );
+      let existingDevice = devices.find((device) => {
+        return isoBase64URL.fromBuffer(device.credentialId) === credentialId;
+      });
 
       if (!existingDevice) {
         /**
@@ -123,7 +129,7 @@ export class WebAuthService {
          */
         existingDevice = await this.deviceService.createAuthDevice({
           counter,
-          credentialId: Buffer.from(credentialID),
+          credentialId: Buffer.from(credentialId),
           credentialPublicKey: Buffer.from(credentialPublicKey),
           User: { connect: { id: user.id } }
         });
@@ -148,9 +154,8 @@ export class WebAuthService {
     const opts: GenerateAuthenticationOptionsOpts = {
       allowCredentials: [
         {
-          id: device.credentialId,
-          transports: ['internal'],
-          type: 'public-key'
+          id: isoBase64URL.fromBuffer(device.credentialId),
+          transports: ['internal']
         }
       ],
       rpID: this.rpID,
@@ -187,10 +192,10 @@ export class WebAuthService {
     let verification: VerifiedAuthenticationResponse;
     try {
       const opts: VerifyAuthenticationResponseOpts = {
-        authenticator: {
-          credentialID: device.credentialId,
-          credentialPublicKey: device.credentialPublicKey,
-          counter: device.counter
+        credential: {
+          counter: device.counter,
+          id: isoBase64URL.fromBuffer(device.credentialId),
+          publicKey: device.credentialPublicKey
         },
         expectedChallenge: `${user.authChallenge}`,
         expectedOrigin: this.expectedOrigin,

apps/client/src/app/services/web-authn.service.ts

@@ -45,7 +45,7 @@ export class WebAuthnService {
           return of(null);
         }),
         switchMap((attOps) => {
-          return startRegistration(attOps);
+          return startRegistration({ optionsJSON: attOps });
         }),
         switchMap((credential) => {
           return this.http.post<AuthDeviceDto>(
@@ -89,8 +89,8 @@ export class WebAuthnService {
         { deviceId }
       )
       .pipe(
-        switchMap((requestOptionsJSON) => {
-          return startAuthentication(requestOptionsJSON);
+        switchMap((optionsJSON) => {
+          return startAuthentication({ optionsJSON });
         }),
         switchMap((credential) => {
           return this.http.post<{ authToken: string }>(

package-lock.json

@@ -41,8 +41,8 @@
         "@nestjs/schedule": "4.1.2",
         "@nestjs/serve-static": "4.0.2",
         "@prisma/client": "6.4.1",
-        "@simplewebauthn/browser": "9.0.1",
-        "@simplewebauthn/server": "9.0.3",
+        "@simplewebauthn/browser": "13.1.0",
+        "@simplewebauthn/server": "13.1.1",
         "@stripe/stripe-js": "5.4.0",
         "alphavantage": "2.2.0",
         "big.js": "6.2.2",
@@ -120,7 +120,6 @@
         "@nx/web": "20.3.2",
         "@nx/workspace": "20.3.2",
         "@schematics/angular": "19.0.6",
-        "@simplewebauthn/types": "9.0.1",
         "@storybook/addon-essentials": "8.4.7",
         "@storybook/addon-interactions": "8.4.7",
         "@storybook/angular": "8.4.7",
@@ -9225,18 +9224,15 @@
       }
     },
     "node_modules/@simplewebauthn/browser": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-9.0.1.tgz",
-      "integrity": "sha512-wD2WpbkaEP4170s13/HUxPcAV5y4ZXaKo1TfNklS5zDefPinIgXOpgz1kpEvobAsaLPa2KeH7AKKX/od1mrBJw==",
-      "license": "MIT",
-      "dependencies": {
-        "@simplewebauthn/types": "^9.0.1"
-      }
+      "version": "13.1.0",
+      "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-13.1.0.tgz",
+      "integrity": "sha512-WuHZ/PYvyPJ9nxSzgHtOEjogBhwJfC8xzYkPC+rR/+8chl/ft4ngjiK8kSU5HtRJfczupyOh33b25TjYbvwAcg==",
+      "license": "MIT"
     },
     "node_modules/@simplewebauthn/server": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-9.0.3.tgz",
-      "integrity": "sha512-FMZieoBosrVLFxCnxPFD9Enhd1U7D8nidVDT4MsHc6l4fdVcjoeHjDueeXCloO1k5O/fZg1fsSXXPKbY2XTzDA==",
+      "version": "13.1.1",
+      "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-13.1.1.tgz",
+      "integrity": "sha512-1hsLpRHfSuMB9ee2aAdh0Htza/X3f4djhYISrggqGe3xopNjOcePiSDkDDoPzDYaaMCrbqGP1H2TYU7bgL9PmA==",
       "license": "MIT",
       "dependencies": {
         "@hexagon/base64": "^1.1.27",
@@ -9245,29 +9241,12 @@
         "@peculiar/asn1-ecc": "^2.3.8",
         "@peculiar/asn1-rsa": "^2.3.8",
         "@peculiar/asn1-schema": "^2.3.8",
-        "@peculiar/asn1-x509": "^2.3.8",
-        "@simplewebauthn/types": "^9.0.1",
-        "cross-fetch": "^4.0.0"
+        "@peculiar/asn1-x509": "^2.3.8"
       },
       "engines": {
-        "node": ">=16.0.0"
+        "node": ">=20.0.0"
       }
     },
-    "node_modules/@simplewebauthn/server/node_modules/cross-fetch": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.1.0.tgz",
-      "integrity": "sha512-uKm5PU+MHTootlWEY+mZ4vvXoCn4fLQxT9dSc1sXVMSFkINTJVN8cAQROpwcKm8bJ/c7rgZVIBWzH5T78sNZZw==",
-      "license": "MIT",
-      "dependencies": {
-        "node-fetch": "^2.7.0"
-      }
-    },
-    "node_modules/@simplewebauthn/types": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-9.0.1.tgz",
-      "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w==",
-      "license": "MIT"
-    },
     "node_modules/@sinclair/typebox": {
       "version": "0.27.8",
       "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz",

package.json

@@ -87,8 +87,8 @@
     "@nestjs/schedule": "4.1.2",
     "@nestjs/serve-static": "4.0.2",
     "@prisma/client": "6.4.1",
-    "@simplewebauthn/browser": "9.0.1",
-    "@simplewebauthn/server": "9.0.3",
+    "@simplewebauthn/browser": "13.1.0",
+    "@simplewebauthn/server": "13.1.1",
     "@stripe/stripe-js": "5.4.0",
     "alphavantage": "2.2.0",
     "big.js": "6.2.2",
@@ -166,7 +166,6 @@
     "@nx/web": "20.3.2",
     "@nx/workspace": "20.3.2",
     "@schematics/angular": "19.0.6",
-    "@simplewebauthn/types": "9.0.1",
     "@storybook/addon-essentials": "8.4.7",
     "@storybook/addon-interactions": "8.4.7",
     "@storybook/angular": "8.4.7",