[4.0] Webauthn gmp warning

[PhilETaylor]

Pull Request for Issue #29696 .

Summary of Changes

A very light touch change to reuse existing code to display a warning and remove the ability to add authenticators if the PHP extension GMP is not loaded.

Testing Instructions

Install Joomla 4 on a server (or docker container in my case) without GMP PHP Extension enabled (On a cPanel server you can toggle this, and its off by default in Easy Apache 4)

Ensure you access Joomla over a secure & valid SSL connection (learn ngrok if you need this, quick and easy)

Before PR

When adding an authenticator you get an internal server error

After PR

You get a error and no button allowing you to add a new authenticator (but you can still see the list of existing authenticators - if any - rename them, and delete them.)

Who else to ping for visibility ;-)

// @nikosdion

[richard67]

@PhilETaylor Maybe some general explanation about or PR descriptions: "Expected result" always shall describe what one expects, i.e. how it is with the PR applied, "Actual result" shall describe what one currently observes, i.e. how it is without the PR applied. Your description above currently mixes that up.

[richard67]

ah well... "Expected" and "Actual" are very unhelpful terms anyway. "Before" and "After" are more suited to PRs IMHO.

Agree .. it's often subject of confusion.

[nikosdion]

I'd actually change the detection code to use function_exists() with some GMP function names for two reasons.

First, I've seen many hosts where get_loaded_extensions itself is disabled, making that kind of code fail immediately with a fatal error. I know, these hosts are crap but they are used by people using Joomla...

Second, it's possible that the extension is enabled but the host disabled the functions. I have not seen that with GMP but I can't rule out outright stupidity when it comes to cheap hosting.

[richard67]

@PhilETaylor Normally we do it the other way round, i.e. if (function_exists('gmp_intval') === false) and not if (false === function_exists('gmp_intval')). But I'm ok with it if that passes PHPCS.

[richard67]

@PhilETaylor PHPCS is ok with it, so I am, too. Unfortunately I can't help with testing, because my local testing environment uses a self signed SSL certificate, and I haven't set up any webauthentication for me anywhere. And testing space on my domain which has a valid SSL cert is protected with password, so I am not sure if it would work there.

[richard67]

@PhilETaylor You can't teach an old dog new tricks ;-)

(have to go back to my vi editor)

[richard67]

All checks have passed 🎉🎉

There must be something wrong ... ;-)

[Quy]

I have tested this item ✅ successfully on dba7e75

Thank you for the ngrok info. So simple!!!

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29731.}

[nikosdion]

Self hosted alternative to Ngrok written in PHP: https://pociot.dev/28-introducing-expose-an-easy-to-use-tunneling-service-implemented-in-pure-php#introducing-expose-an-easy-to-use-tunneling-service-implemented-in-pure-php

Apparently it took the PHP world by storm over the last couple of weeks.

[bonzani]

I have tested this item ✅ successfully on dba7e75

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29731.}

[richard67]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29731.}

[richard67]

Thanks!