Skip to content

fix: complete transport pool and deterministic generation in SimpleFakeCredentialGenerator#823

Merged
Spomky merged 4 commits into5.3.xfrom
fix/fake-credential-transport-enumeration
Mar 29, 2026
Merged

fix: complete transport pool and deterministic generation in SimpleFakeCredentialGenerator#823
Spomky merged 4 commits into5.3.xfrom
fix/fake-credential-transport-enumeration

Conversation

@Spomky
Copy link
Copy Markdown
Contributor

@Spomky Spomky commented Mar 29, 2026

Summary

  • Add hybrid, internal and smart-card transports to the fake credential pool so generated credentials cover the same transport types as real ones
  • Replace non-deterministic (random_int / random_bytes) generation with a deterministic seed derived from the username and a server secret, ensuring stable responses across requests even without cache
  • Inject kernel.secret into the Symfony service registration as seed

Test plan

  • Verify fake credentials now include all transport types (usb, nfc, ble, hybrid, internal, smart-card)
  • Verify repeated calls with the same username produce identical credentials
  • Verify different usernames produce different credentials
  • Verify existing CacheItemPoolInterface injection still works (BC)

Spomky added 4 commits March 29, 2026 09:13
@Spomky
fix: use all transport types and deterministic generation in SimpleFa…
ed95356 
…keCredentialGenerator

Include hybrid, internal and smart-card transports in the fake
credential pool so generated credentials are indistinguishable from
real ones. Replace random generation with a deterministic HMAC-based
seed derived from the username and a server secret, ensuring stable
responses across requests without relying on cache.
@Spomky
fix: inject cache service into SimpleFakeCredentialGenerator
a48e1b9 
Use CacheItemPoolInterface with nullOnInvalid() instead of hardcoded
null so the cache is actually used when available in the container.
@Spomky
fix: inject cache service into SimpleFakeCredentialGenerator and fix …
c3c693f 
…coding standards

Use CacheItemPoolInterface with nullOnInvalid() instead of hardcoded
null so the cache is actually used when available in the container.
Apply coding standards fixes across the codebase.
@Spomky
Refactor: Clean up imports and remove duplicates across denormalizer …
1641dd3 
…and service classes

- Removed duplicate function imports and organized them in multiple denormalizer classes including CredentialRecordDenormalizer, ExtensionDescriptorDenormalizer, and others.
- Ensured consistent use of function imports such as `array_key_exists`, `assert`, `count`, and `in_array`.
- Updated import statements in various service classes like DistantResourceMetadataService, FidoAllianceCompliantMetadataService, and others for better clarity and maintainability.
- Cleaned up unused imports in test files and ensured proper organization of function imports.
@Spomky Spomky merged commit ea3c06d into 5.3.x Mar 29, 2026
11 checks passed
@Spomky Spomky deleted the fix/fake-credential-transport-enumeration branch March 29, 2026 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Spomky