zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-14 08:37:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed #27

Browse source
This commit is contained in:
Pinga 2024-02-03 20:18:29 +02:00
parent 480a3c3f2f
commit 94ac145474
2 changed files with 64 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

70
cp/app/Controllers/Auth/AuthController.php
View file

@ -116,11 +116,11 @@ class AuthController extends Controller
if ($userId) { if ($userId) {
// User found, get the user ID // User found, get the user ID
$registrations = $db->select('SELECT id,credential_id FROM users_webauthn WHERE user_id = ?', [$userId]); $registrations = $db->select('SELECT id, credential_id FROM users_webauthn WHERE user_id = ?', [$userId]);
if ($registrations) { if ($registrations) {
foreach ($registrations as $reg) { foreach ($registrations as $reg) {
$ids[] = $reg['credential_id']; $ids[] = base64_decode($reg['credential_id']);
} }
} }
@ -137,10 +137,10 @@ class AuthController extends Controller
return $response->withHeader('Content-Type', 'application/json')->withStatus(400); return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
} }
$getArgs = $this->webAuthn->getGetArgs($ids, 60*4, true, true, true, true, true, 'required'); $getArgs = $this->webAuthn->getGetArgs($ids[0], 30);
$response->getBody()->write(json_encode($getArgs)); $response->getBody()->write(json_encode($getArgs));
$_SESSION['challenge'] = $this->webAuthn->getChallenge(); $_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString();
return $response->withHeader('Content-Type', 'application/json'); return $response->withHeader('Content-Type', 'application/json');
} }
@ -160,39 +160,71 @@ class AuthController extends Controller
$authenticatorData = base64_decode($data->authenticatorData); $authenticatorData = base64_decode($data->authenticatorData);
$signature = base64_decode($data->signature); $signature = base64_decode($data->signature);
$userHandle = base64_decode($data->userHandle); $userHandle = base64_decode($data->userHandle);
$id = base64_decode($data->id); $id = $data->id;
$db = $container->get('db'); $db = $container->get('db');
$credential = $db->select('SELECT public_key FROM users_webauthn WHERE user_id = ?', [$id]); $credentials = $db->select('SELECT * FROM users_webauthn WHERE credential_id = ?', [$id]);
if ($credential) { if ($credentials) {
foreach ($registrations as $reg) { foreach ($credentials as $reg) {
if ($reg['credential_id'] === $id) {
$credentialPublicKey = $reg['public_key']; $credentialPublicKey = $reg['public_key'];
$user_id = $reg['user_id'];
break; break;
} }
} }
}
if ($credentialPublicKey === null) { if ($credentialPublicKey === null) {
throw new Exception('Public Key for credential ID not found!'); throw new \Exception('Public Key for credential ID not found!');
}
// if we have resident key, we have to verify that the userHandle is the provided userId at registration
if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) {
throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')');
} }
// process the get request. throws WebAuthnException if it fails // process the get request. throws WebAuthnException if it fails
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, 'required'); $this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge);
$return = new \stdClass(); $return = array();
$return->success = true; $return['success'] = true;
$return->msg = $msg; $return['msg'] = $msg;
if($return['success']===true) {
// Send success response // Send success response
$user = $db->selectRow('SELECT * FROM users WHERE id = ?', [$user_id]);
Session::regenerate(true);
$_SESSION['auth_logged_in'] = true;
$_SESSION['auth_user_id'] = $user['id'];
$_SESSION['auth_email'] = $user['email'];
$_SESSION['auth_username'] = $user['username'];
$_SESSION['auth_status'] = $user['status'];
$_SESSION['auth_roles'] = $user['roles_mask'];
$_SESSION['auth_force_logout'] = $user['force_logout'];
$_SESSION['auth_remembered'] = 0;
$_SESSION['auth_last_resync'] = \time();
$db = $container->get('db');
$currentDateTime = new \DateTime();
$currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp
$db->insert(
'users_audit',
[
'user_id' => $_SESSION['auth_user_id'],
'user_event' => 'user.login',
'user_resource' => 'control.panel',
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'user_ip' => get_client_ip(),
'user_location' => get_client_location(),
'event_time' => $currentDate,
'user_data' => null
]
);
$response->getBody()->write(json_encode($return)); $response->getBody()->write(json_encode($return));
return $response->withHeader('Content-Type', 'application/json'); return $response->withHeader('Content-Type', 'application/json');
} else {
$response->getBody()->write(json_encode($return));
return $response->withHeader('Content-Type', 'application/json');
}
} catch (\Exception $e) { } catch (\Exception $e) {
$response->getBody()->write(json_encode(['error' => $e->getMessage()])); $response->getBody()->write(json_encode(['msg' => $e->getMessage()]));
return $response->withHeader('Content-Type', 'application/json')->withStatus(400); return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
} }
} }

8
cp/app/Controllers/ProfileController.php
View file

@ -145,10 +145,10 @@ class ProfileController extends Controller
if(strlen($hexUserId) % 2 != 0){ if(strlen($hexUserId) % 2 != 0){
$hexUserId = '0' . $hexUserId; $hexUserId = '0' . $hexUserId;
} }
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, null, 'required', null); $createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 30, false, true);
$response->getBody()->write(json_encode($createArgs)); $response->getBody()->write(json_encode($createArgs));
$_SESSION['challenge'] = $this->webAuthn->getChallenge(); $_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString();
return $response->withHeader('Content-Type', 'application/json'); return $response->withHeader('Content-Type', 'application/json');
} }
@ -170,7 +170,7 @@ class ProfileController extends Controller
$challenge = $_SESSION['challenge']; $challenge = $_SESSION['challenge'];
// Process the WebAuthn response // Process the WebAuthn response
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'required', true, false); $credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, true, true, false);
// add user infos // add user infos
$credential->userId = $userId; $credential->userId = $userId;
@ -183,7 +183,7 @@ class ProfileController extends Controller
$db->insert( $db->insert(
'users_webauthn', 'users_webauthn',
[ [
'user_id' => $_SESSION['auth_user_id'], 'user_id' => $userId,
'credential_id' => base64_encode($credential->credentialId), 'credential_id' => base64_encode($credential->credentialId),
'public_key' => $credential->credentialPublicKey, 'public_key' => $credential->credentialPublicKey,
'attestation_object' => base64_encode($attestationObject), 'attestation_object' => base64_encode($attestationObject),