zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-14 00:27:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed #27

Browse source
This commit is contained in:
Pinga 2024-02-03 20:18:29 +02:00
parent 480a3c3f2f
commit 94ac145474
2 changed files with 64 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

70
cp/app/Controllers/Auth/AuthController.php
View file

@ -116,11 +116,11 @@ class AuthController extends Controller
if ($userId) {
// User found, get the user ID
$registrations = $db->select('SELECT id,credential_id FROM users_webauthn WHERE user_id = ?', [$userId]);
$registrations = $db->select('SELECT id, credential_id FROM users_webauthn WHERE user_id = ?', [$userId]);
if ($registrations) {
foreach ($registrations as $reg) {
$ids[] = $reg['credential_id'];
$ids[] = base64_decode($reg['credential_id']);
}
}
@ -137,10 +137,10 @@ class AuthController extends Controller
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
$getArgs = $this->webAuthn->getGetArgs($ids, 60*4, true, true, true, true, true, 'required');
$getArgs = $this->webAuthn->getGetArgs($ids[0], 30);
$response->getBody()->write(json_encode($getArgs));
$_SESSION['challenge'] = $this->webAuthn->getChallenge();
$_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString();
return $response->withHeader('Content-Type', 'application/json');
}
@ -160,39 +160,71 @@ class AuthController extends Controller
$authenticatorData = base64_decode($data->authenticatorData);
$signature = base64_decode($data->signature);
$userHandle = base64_decode($data->userHandle);
$id = base64_decode($data->id);
$id = $data->id;
$db = $container->get('db');
$credential = $db->select('SELECT public_key FROM users_webauthn WHERE user_id = ?', [$id]);
$credentials = $db->select('SELECT * FROM users_webauthn WHERE credential_id = ?', [$id]);
if ($credential) {
foreach ($registrations as $reg) {
if ($credentials) {
foreach ($credentials as $reg) {
if ($reg['credential_id'] === $id) {
$credentialPublicKey = $reg['public_key'];
$user_id = $reg['user_id'];
break;
}
}
}
if ($credentialPublicKey === null) {
throw new Exception('Public Key for credential ID not found!');
}
// if we have resident key, we have to verify that the userHandle is the provided userId at registration
if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) {
throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')');
throw new \Exception('Public Key for credential ID not found!');
}
// process the get request. throws WebAuthnException if it fails
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, 'required');
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge);
$return = new \stdClass();
$return->success = true;
$return->msg = $msg;
$return = array();
$return['success'] = true;
$return['msg'] = $msg;
if($return['success']===true) {
// Send success response
$user = $db->selectRow('SELECT * FROM users WHERE id = ?', [$user_id]);
Session::regenerate(true);
$_SESSION['auth_logged_in'] = true;
$_SESSION['auth_user_id'] = $user['id'];
$_SESSION['auth_email'] = $user['email'];
$_SESSION['auth_username'] = $user['username'];
$_SESSION['auth_status'] = $user['status'];
$_SESSION['auth_roles'] = $user['roles_mask'];
$_SESSION['auth_force_logout'] = $user['force_logout'];
$_SESSION['auth_remembered'] = 0;
$_SESSION['auth_last_resync'] = \time();
$db = $container->get('db');
$currentDateTime = new \DateTime();
$currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp
$db->insert(
'users_audit',
[
'user_id' => $_SESSION['auth_user_id'],
'user_event' => 'user.login',
'user_resource' => 'control.panel',
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'user_ip' => get_client_ip(),
'user_location' => get_client_location(),
'event_time' => $currentDate,
'user_data' => null
]
);
$response->getBody()->write(json_encode($return));
return $response->withHeader('Content-Type', 'application/json');
} else {
$response->getBody()->write(json_encode($return));
return $response->withHeader('Content-Type', 'application/json');
}
} catch (\Exception $e) {
$response->getBody()->write(json_encode(['error' => $e->getMessage()]));
$response->getBody()->write(json_encode(['msg' => $e->getMessage()]));
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
}
}

8
cp/app/Controllers/ProfileController.php
View file

@ -145,10 +145,10 @@ class ProfileController extends Controller
if(strlen($hexUserId) % 2 != 0){
$hexUserId = '0' . $hexUserId;
}
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, null, 'required', null);
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 30, false, true);
$response->getBody()->write(json_encode($createArgs));
$_SESSION['challenge'] = $this->webAuthn->getChallenge();
$_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString();
return $response->withHeader('Content-Type', 'application/json');
}
@ -170,7 +170,7 @@ class ProfileController extends Controller
$challenge = $_SESSION['challenge'];
// Process the WebAuthn response
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'required', true, false);
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, true, true, false);
// add user infos
$credential->userId = $userId;
@ -183,7 +183,7 @@ class ProfileController extends Controller
$db->insert(
'users_webauthn',
[
'user_id' => $_SESSION['auth_user_id'],
'user_id' => $userId,
'credential_id' => base64_encode($credential->credentialId),
'public_key' => $credential->credentialPublicKey,
'attestation_object' => base64_encode($attestationObject),