Joomla! Issue Tracker | Joomla! CMS #46735 - [6.1] fix webauth phpstan issues

PBF bug PR-6.1-dev

Pending
Medium
Build: 6.1-dev
# 46735
Diff
heelc29:6.1/webauth-phpstan

Pending

User tests: Successful: Unsuccessful:

heelc29
21 Jan 2026

Summary of Changes

This PR is needed to be prepared for updating https://github.com/web-auth/webauthn-lib in future versions of Joomla.
These are adjustments that were missing or overlooked during the last upgrade from v2.1.7 to v4.3.0 (#39123 and #39134).

AuthenticatorSelectionCriteria does not have a constructor 33fca93:

Deprecation:

Remove:

web-auth/webauthn-lib@27c957b#diff-174de8e689e66abff1a5a4abf1bc53e5624c16d43bbbf7399327b7c45a7086fc

WebAuthn\Server constructor invoked with 2 parameters e83cac3:

Make third parameter of Server class optional, so no hack with ReflectionClass is necessary.

Deprecated class Webauthn\TokenBinding\IgnoreTokenBindingHandler f998cd5:

Deprecation:

Deprecated method forUnsecuredSigner() of class Lcobucci\JWT\Configuration b529689:

As we only use the parser function, we can use it directly:
https://github.com/lcobucci/jwt/blob/4d7de2fe0d51a96418c0d04004986e410e87f6b4/src/Configuration.php#L44

Testing Instructions

use passkey as login and multifactor authentication
do a code review based on comments above (and phpstan)

~~Note: To test the changes of plugins/system/webauthn/src/MetadataRepository.php another pull request #45708 is necessary~~ > merged; you have to enable the system webauth plugin option attestation support

Actual result BEFORE applying this Pull Request

passkey working

Expected result AFTER applying this Pull Request

passkey working

Link to documentations

Please select:

No documentation changes for docs.joomla.org needed
No documentation changes for manual.joomla.org needed

33fca93 13 Jan 2026

AuthenticatorSelectionCriteria does not have a constructor

e83cac3 13 Jan 2026

WebAuthn\Server constructor invoked with 2 parameters

f998cd5 13 Jan 2026

Deprecated class Webauthn\TokenBinding\IgnoreTokenBindingHandler

b529689 13 Jan 2026

Deprecated method forUnsecuredSigner() of class Lcobucci\JWT\Configuration

25fce14 21 Jan 2026

Merge branch '6.1-dev' into 6.1/webauth-phpstan

heelc29 - open - 21 Jan 2026

heelc29 - change - 21 Jan 2026

Status

New

⇒

Pending

joomla-cms-bot - change - 21 Jan 2026

Category

⇒

Libraries Front End Plugins

19bd589 21 Jan 2026

heelc29 - change - 21 Jan 2026

Labels

Added: PR-6.1-dev

fe8369a 26 Jan 2026

Merge branch '6.1-dev' into 6.1/webauth-phpstan

heelc29 - change - 26 Jan 2026

Labels

Added: PBF bug

heelc29 - change - 26 Jan 2026

The description was changed

heelc29 - edited - 26 Jan 2026

heelc29 - change - 26 Jan 2026

The description was changed

heelc29 - edited - 26 Jan 2026

Rajat-1804 - test_item - 31 Jan 2026 - Tested successfully

Rajat-1804 - comment - 31 Jan 2026

I have tested this item ✅ successfully on fe8369a

I have tested this item ✅ successfully

Environment: Windows/XAMPP, Joomla 6.1-dev

Code Review:
✅ Verified Server constructor third parameter is now optional
✅ Removed deprecated TokenBindingHandler usage
✅ AuthenticatorSelectionCriteria uses default constructor (parameters removed)
✅ Replaced deprecated Configuration::forUnsecuredSigner() with Parser
✅ All PHP syntax checks passed

Functional Test:
✅ WebAuthn passkey login works correctly
✅ New authenticator registration works
✅ No PHP errors or deprecation warnings

Result: Code quality improvements successfully applied. Ready for future WebAuthn library upgrades.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/46735.}

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#46735] - [6.1] fix webauth phpstan issues

Summary of Changes

Testing Instructions

Actual result BEFORE applying this Pull Request

Expected result AFTER applying this Pull Request

Link to documentations

Add a Comment