mirror of
https://github.com/getnamingo/registry.git
synced 2025-05-14 08:37:00 +02:00
Fixed #27
This commit is contained in:
Pinga
parent
480a3c3f2f
commit
94ac145474
2 changed files with 64 additions and 32 deletions
|
|
@ -120,7 +120,7 @@ class AuthController extends Controller
|
||||||
|
|
||||||
if ($registrations) {
|
if ($registrations) {
|
||||||
foreach ($registrations as $reg) {
|
foreach ($registrations as $reg) {
|
||||||
$ids[] = $reg['credential_id'];
|
$ids[] = base64_decode($reg['credential_id']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -137,10 +137,10 @@ class AuthController extends Controller
|
||||||
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
|
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
|
||||||
}
|
}
|
||||||
|
|
||||||
$getArgs = $this->webAuthn->getGetArgs($ids, 60*4, true, true, true, true, true, 'required');
|
$getArgs = $this->webAuthn->getGetArgs($ids[0], 30);
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($getArgs));
|
$response->getBody()->write(json_encode($getArgs));
|
||||||
$_SESSION['challenge'] = $this->webAuthn->getChallenge();
|
$_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString();
|
||||||
|
|
||||||
return $response->withHeader('Content-Type', 'application/json');
|
return $response->withHeader('Content-Type', 'application/json');
|
||||||
}
|
}
|
||||||
|
|
@ -160,39 +160,71 @@ class AuthController extends Controller
|
||||||
$authenticatorData = base64_decode($data->authenticatorData);
|
$authenticatorData = base64_decode($data->authenticatorData);
|
||||||
$signature = base64_decode($data->signature);
|
$signature = base64_decode($data->signature);
|
||||||
$userHandle = base64_decode($data->userHandle);
|
$userHandle = base64_decode($data->userHandle);
|
||||||
$id = base64_decode($data->id);
|
$id = $data->id;
|
||||||
|
|
||||||
$db = $container->get('db');
|
$db = $container->get('db');
|
||||||
$credential = $db->select('SELECT public_key FROM users_webauthn WHERE user_id = ?', [$id]);
|
$credentials = $db->select('SELECT * FROM users_webauthn WHERE credential_id = ?', [$id]);
|
||||||
|
|
||||||
if ($credential) {
|
if ($credentials) {
|
||||||
foreach ($registrations as $reg) {
|
foreach ($credentials as $reg) {
|
||||||
|
if ($reg['credential_id'] === $id) {
|
||||||
$credentialPublicKey = $reg['public_key'];
|
$credentialPublicKey = $reg['public_key'];
|
||||||
|
$user_id = $reg['user_id'];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($credentialPublicKey === null) {
|
if ($credentialPublicKey === null) {
|
||||||
throw new Exception('Public Key for credential ID not found!');
|
throw new \Exception('Public Key for credential ID not found!');
|
||||||
}
|
|
||||||
|
|
||||||
// if we have resident key, we have to verify that the userHandle is the provided userId at registration
|
|
||||||
if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) {
|
|
||||||
throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// process the get request. throws WebAuthnException if it fails
|
// process the get request. throws WebAuthnException if it fails
|
||||||
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, 'required');
|
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge);
|
||||||
|
|
||||||
$return = new \stdClass();
|
$return = array();
|
||||||
$return->success = true;
|
$return['success'] = true;
|
||||||
$return->msg = $msg;
|
$return['msg'] = $msg;
|
||||||
|
|
||||||
|
if($return['success']===true) {
|
||||||
// Send success response
|
// Send success response
|
||||||
|
$user = $db->selectRow('SELECT * FROM users WHERE id = ?', [$user_id]);
|
||||||
|
|
||||||
|
Session::regenerate(true);
|
||||||
|
$_SESSION['auth_logged_in'] = true;
|
||||||
|
$_SESSION['auth_user_id'] = $user['id'];
|
||||||
|
$_SESSION['auth_email'] = $user['email'];
|
||||||
|
$_SESSION['auth_username'] = $user['username'];
|
||||||
|
$_SESSION['auth_status'] = $user['status'];
|
||||||
|
$_SESSION['auth_roles'] = $user['roles_mask'];
|
||||||
|
$_SESSION['auth_force_logout'] = $user['force_logout'];
|
||||||
|
$_SESSION['auth_remembered'] = 0;
|
||||||
|
$_SESSION['auth_last_resync'] = \time();
|
||||||
|
|
||||||
|
$db = $container->get('db');
|
||||||
|
$currentDateTime = new \DateTime();
|
||||||
|
$currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp
|
||||||
|
$db->insert(
|
||||||
|
'users_audit',
|
||||||
|
[
|
||||||
|
'user_id' => $_SESSION['auth_user_id'],
|
||||||
|
'user_event' => 'user.login',
|
||||||
|
'user_resource' => 'control.panel',
|
||||||
|
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
|
||||||
|
'user_ip' => get_client_ip(),
|
||||||
|
'user_location' => get_client_location(),
|
||||||
|
'event_time' => $currentDate,
|
||||||
|
'user_data' => null
|
||||||
|
]
|
||||||
|
);
|
||||||
$response->getBody()->write(json_encode($return));
|
$response->getBody()->write(json_encode($return));
|
||||||
return $response->withHeader('Content-Type', 'application/json');
|
return $response->withHeader('Content-Type', 'application/json');
|
||||||
|
} else {
|
||||||
|
$response->getBody()->write(json_encode($return));
|
||||||
|
return $response->withHeader('Content-Type', 'application/json');
|
||||||
|
}
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$response->getBody()->write(json_encode(['error' => $e->getMessage()]));
|
$response->getBody()->write(json_encode(['msg' => $e->getMessage()]));
|
||||||
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
|
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -145,10 +145,10 @@ class ProfileController extends Controller
|
||||||
if(strlen($hexUserId) % 2 != 0){
|
if(strlen($hexUserId) % 2 != 0){
|
||||||
$hexUserId = '0' . $hexUserId;
|
$hexUserId = '0' . $hexUserId;
|
||||||
}
|
}
|
||||||
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, null, 'required', null);
|
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 30, false, true);
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($createArgs));
|
$response->getBody()->write(json_encode($createArgs));
|
||||||
$_SESSION['challenge'] = $this->webAuthn->getChallenge();
|
$_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString();
|
||||||
|
|
||||||
return $response->withHeader('Content-Type', 'application/json');
|
return $response->withHeader('Content-Type', 'application/json');
|
||||||
}
|
}
|
||||||
|
|
@ -170,7 +170,7 @@ class ProfileController extends Controller
|
||||||
$challenge = $_SESSION['challenge'];
|
$challenge = $_SESSION['challenge'];
|
||||||
|
|
||||||
// Process the WebAuthn response
|
// Process the WebAuthn response
|
||||||
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'required', true, false);
|
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, true, true, false);
|
||||||
|
|
||||||
// add user infos
|
// add user infos
|
||||||
$credential->userId = $userId;
|
$credential->userId = $userId;
|
||||||
|
|
@ -183,7 +183,7 @@ class ProfileController extends Controller
|
||||||
$db->insert(
|
$db->insert(
|
||||||
'users_webauthn',
|
'users_webauthn',
|
||||||
[
|
[
|
||||||
'user_id' => $_SESSION['auth_user_id'],
|
'user_id' => $userId,
|
||||||
'credential_id' => base64_encode($credential->credentialId),
|
'credential_id' => base64_encode($credential->credentialId),
|
||||||
'public_key' => $credential->credentialPublicKey,
|
'public_key' => $credential->credentialPublicKey,
|
||||||
'attestation_object' => base64_encode($attestationObject),
|
'attestation_object' => base64_encode($attestationObject),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue