mirror of
https://github.com/getnamingo/registry.git
synced 2025-07-24 19:38:26 +02:00
Updates for WebAuthn
This commit is contained in:
Pinga
parent
3bf29a8ca1
commit
5b18318ab6
2 changed files with 9 additions and 45 deletions
|
|
@ -20,25 +20,7 @@ class AuthController extends Controller
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$rpName = 'Namingo';
|
$rpName = 'Namingo';
|
||||||
$rpId = envi('APP_DOMAIN');
|
$rpId = envi('APP_DOMAIN');
|
||||||
$formats = [
|
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']);
|
||||||
'android-key',
|
|
||||||
'android-safetynet',
|
|
||||||
'apple',
|
|
||||||
'fido-u2f',
|
|
||||||
'none',
|
|
||||||
'packed',
|
|
||||||
'tpm'
|
|
||||||
];
|
|
||||||
|
|
||||||
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, $formats);
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/solo.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/apple.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/yubico.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/hypersecu.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/globalSign.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/googleHardware.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/microsoftTpmCollection.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/mds');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -135,11 +117,11 @@ class AuthController extends Controller
|
||||||
if ($user) {
|
if ($user) {
|
||||||
// User found, get the user ID
|
// User found, get the user ID
|
||||||
$userId = $user;
|
$userId = $user;
|
||||||
$registrations = $db->select('SELECT id FROM users_webauthn WHERE user_id = ?', [$user]);
|
$registrations = $db->select('SELECT id,credential_id FROM users_webauthn WHERE user_id = ?', [$user]);
|
||||||
|
|
||||||
if ($registrations) {
|
if ($registrations) {
|
||||||
foreach ($registrations as $reg) {
|
foreach ($registrations as $reg) {
|
||||||
$ids[] = $reg['credentialId'];
|
$ids[] = $reg['credential_id'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -203,7 +185,7 @@ class AuthController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
// process the get request. throws WebAuthnException if it fails
|
// process the get request. throws WebAuthnException if it fails
|
||||||
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
|
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challengeData, null, 'required');
|
||||||
|
|
||||||
$return = new \stdClass();
|
$return = new \stdClass();
|
||||||
$return->success = true;
|
$return->success = true;
|
||||||
|
|
|
||||||
|
|
@ -13,25 +13,7 @@ class ProfileController extends Controller
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$rpName = 'Namingo';
|
$rpName = 'Namingo';
|
||||||
$rpId = envi('APP_DOMAIN');
|
$rpId = envi('APP_DOMAIN');
|
||||||
$formats = [
|
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']);
|
||||||
'android-key',
|
|
||||||
'android-safetynet',
|
|
||||||
'apple',
|
|
||||||
'fido-u2f',
|
|
||||||
'none',
|
|
||||||
'packed',
|
|
||||||
'tpm'
|
|
||||||
];
|
|
||||||
|
|
||||||
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, $formats);
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/solo.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/apple.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/yubico.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/hypersecu.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/globalSign.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/googleHardware.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/microsoftTpmCollection.pem');
|
|
||||||
$this->webAuthn->addRootCertificates(envi('APP_ROOT').'/vendor/lbuchs/webauthn/_test/rootCertificates/mds');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function profile(Request $request, Response $response)
|
public function profile(Request $request, Response $response)
|
||||||
|
|
@ -163,7 +145,7 @@ class ProfileController extends Controller
|
||||||
if(strlen($hexUserId) % 2 != 0){
|
if(strlen($hexUserId) % 2 != 0){
|
||||||
$hexUserId = '0' . $hexUserId;
|
$hexUserId = '0' . $hexUserId;
|
||||||
}
|
}
|
||||||
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userName, $userName, 60*4, true, 'required', null);
|
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, null, 'required', null);
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($createArgs));
|
$response->getBody()->write(json_encode($createArgs));
|
||||||
$challenge = $this->webAuthn->getChallenge();
|
$challenge = $this->webAuthn->getChallenge();
|
||||||
|
|
@ -175,7 +157,7 @@ class ProfileController extends Controller
|
||||||
public function verifyRegistration(Request $request, Response $response)
|
public function verifyRegistration(Request $request, Response $response)
|
||||||
{
|
{
|
||||||
$challengeData = $_SESSION['challenge_data'];
|
$challengeData = $_SESSION['challenge_data'];
|
||||||
$challenge = new \lbuchs\WebAuthn\Binary\ByteBuffer($challengeData);
|
//$challenge = new \lbuchs\WebAuthn\Binary\ByteBuffer($challengeData);
|
||||||
|
|
||||||
global $container;
|
global $container;
|
||||||
$data = json_decode($request->getBody()->getContents(), null, 512, JSON_THROW_ON_ERROR);
|
$data = json_decode($request->getBody()->getContents(), null, 512, JSON_THROW_ON_ERROR);
|
||||||
|
|
@ -192,11 +174,11 @@ class ProfileController extends Controller
|
||||||
//$challenge = $_SESSION['challenge'];
|
//$challenge = $_SESSION['challenge'];
|
||||||
|
|
||||||
// Process the WebAuthn response
|
// Process the WebAuthn response
|
||||||
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'required', true, false);
|
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challengeData, 'required', true, false);
|
||||||
|
|
||||||
// add user infos
|
// add user infos
|
||||||
$credential->userId = $userId;
|
$credential->userId = $userId;
|
||||||
$credential->userName = $userName;
|
$credential->userName = $userEmail;
|
||||||
$credential->userDisplayName = $userName;
|
$credential->userDisplayName = $userName;
|
||||||
|
|
||||||
// Store the credential data in the database
|
// Store the credential data in the database
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue