typo, composer requires, git ignores, empty check on test

Author: lbuchs

.gitignore

@@ -1,7 +1,13 @@
-# Netbeans project
-nbproject/
-/index.php
+# ide folders
+nbproject
+.idea
 
+# redirect page
+index.php
+
+# composer things
+composer.lock
+vendor
 
 # .pem files from FIDO Alliance Metadata Service (MDS)
 _test/rootCertificates/mds/*.pem

_test/server.php

@@ -200,14 +200,14 @@
     // ------------------------------------
 
     } else if ($fn === 'processCreate') {
-        $clientDataJSON = base64_decode($post->clientDataJSON);
-        $attestationObject = base64_decode($post->attestationObject);
-        $challenge = $_SESSION['challenge'];
+        $clientDataJSON = !empty($post->clientDataJSON) ? base64_decode($post->clientDataJSON) : null;
+        $attestationObject = !empty($post->attestationObject) ? base64_decode($post->attestationObject) : null;
+        $challenge = $_SESSION['challenge'] ?? null;
 
         // processCreate returns data to be stored for future logins.
         // in this example we store it in the php session.
-        // Normaly you have to store the data in a database connected
-        // with the user name.
+        // Normally you have to store the data in a database connected
+        // with the username.
         $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, $userVerification === 'required', true, false);
 
         // add user infos
@@ -239,11 +239,11 @@
     // ------------------------------------
 
     } else if ($fn === 'processGet') {
-        $clientDataJSON = base64_decode($post->clientDataJSON);
-        $authenticatorData = base64_decode($post->authenticatorData);
-        $signature = base64_decode($post->signature);
-        $userHandle = base64_decode($post->userHandle);
-        $id = base64_decode($post->id);
+        $clientDataJSON = !empty($post->clientDataJSON) ? base64_decode($post->clientDataJSON) : null;
+        $authenticatorData = !empty($post->authenticatorData) ? base64_decode($post->authenticatorData) : null;
+        $signature = !empty($post->signature) ? base64_decode($post->signature) : null;
+        $userHandle = !empty($post->userHandle) ? base64_decode($post->userHandle) : null;
+        $id = !empty($post->id) ? base64_decode($post->id) : null;
         $challenge = $_SESSION['challenge'] ?? '';
         $credentialPublicKey = null;
 

composer.json

@@ -2,7 +2,7 @@
     "name": "lbuchs/webauthn",
     "description": "A simple PHP WebAuthn (FIDO2) server library",
     "keywords": [
-        "webauthn", "authentication"
+        "webauthn", "authentication", "passkey"
     ],
     "homepage": "https://github.com/lbuchs/webauthn",
     "license": "MIT",
@@ -13,7 +13,9 @@
         }
     ],
     "require": {
-        "php" : ">=8.0.0"
+        "php" : ">=8.0.0",
+        "ext-openssl": "*",
+        "ext-mbstring": "*"
     },
     "autoload": {
         "psr-4": {

src/WebAuthn.php

@@ -172,7 +172,7 @@ public function getCreateArgs($userId, $userName, $userDisplayName, $timeout=20,
             $args->publicKey->authenticatorSelection->requireResidentKey = $requireResidentKey === 'required';
         }
 
-        // filte authenticators attached with the specified authenticator attachment modality
+        // filter authenticators attached with the specified authenticator attachment modality
         if (\is_bool($crossPlatformAttachment)) {
             $args->publicKey->authenticatorSelection->authenticatorAttachment = $crossPlatformAttachment ? 'cross-platform' : 'platform';
         }