zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-22 02:25:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Some more fine-tuning of the WebAuthn code

Browse source
This commit is contained in:
Pinga 2024-02-27 08:06:44 +02:00
parent e032e7575b
commit f3b798db38
3 changed files with 27 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

13
cp/app/Controllers/Auth/AuthController.php
View file

@ -21,7 +21,7 @@ class AuthController extends Controller
public function __construct() { public function __construct() {
$rpName = 'Namingo'; $rpName = 'Namingo';
$rpId = envi('APP_DOMAIN'); $rpId = envi('APP_DOMAIN');
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']); $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['android-key', 'android-safetynet', 'apple', 'fido-u2f', 'packed', 'tpm']);
} }
/** /**
@ -173,7 +173,7 @@ class AuthController extends Controller
return $response->withHeader('Content-Type', 'application/json')->withStatus(400); return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
} }
$getArgs = $this->webAuthn->getGetArgs($ids[0], 30); $getArgs = $this->webAuthn->getGetArgs($ids[0], 60*4, true, true, true, true, true, 'discouraged');
$response->getBody()->write(json_encode($getArgs)); $response->getBody()->write(json_encode($getArgs));
$_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString(); $_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString();
@ -216,11 +216,11 @@ class AuthController extends Controller
} }
// process the get request. throws WebAuthnException if it fails // process the get request. throws WebAuthnException if it fails
$this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge); $this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, 'discouraged');
$return = array(); $return = array();
$return['success'] = true; $return['success'] = true;
$return['msg'] = $msg; $return['msg'] = "Authentication successful.";
if($return['success']===true) { if($return['success']===true) {
// Send success response // Send success response
@ -262,6 +262,11 @@ class AuthController extends Controller
} catch (\Exception $e) { } catch (\Exception $e) {
$response->getBody()->write(json_encode(['msg' => $e->getMessage()])); $response->getBody()->write(json_encode(['msg' => $e->getMessage()]));
return $response->withHeader('Content-Type', 'application/json')->withStatus(400); return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
} catch (WebAuthnException $e) {
$return = array();
$return['success'] = false;
$response->getBody()->write(json_encode(['msg' => "Authentication failed: " . $e->getMessage()]));
return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
} }
} }
} }

6
cp/app/Controllers/ProfileController.php
View file

@ -15,7 +15,7 @@ class ProfileController extends Controller
public function __construct() { public function __construct() {
$rpName = 'Namingo'; $rpName = 'Namingo';
$rpId = envi('APP_DOMAIN'); $rpId = envi('APP_DOMAIN');
$this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']); $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['android-key', 'android-safetynet', 'apple', 'fido-u2f', 'packed', 'tpm']);
} }
public function profile(Request $request, Response $response) public function profile(Request $request, Response $response)
@ -153,7 +153,7 @@ class ProfileController extends Controller
if(strlen($hexUserId) % 2 != 0){ if(strlen($hexUserId) % 2 != 0){
$hexUserId = '0' . $hexUserId; $hexUserId = '0' . $hexUserId;
} }
$createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 30, false, true); $createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, false, 'discouraged', null);
$response->getBody()->write(json_encode($createArgs)); $response->getBody()->write(json_encode($createArgs));
$_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString(); $_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString();
@ -178,7 +178,7 @@ class ProfileController extends Controller
$challenge = $_SESSION['challenge']; $challenge = $_SESSION['challenge'];
// Process the WebAuthn response // Process the WebAuthn response
$credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, true, true, false); $credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'discouraged', true, false);
// add user infos // add user infos
$credential->userId = $userId; $credential->userId = $userId;

12
cp/resources/views/partials/js-profile.twig
View file

@ -53,6 +53,12 @@
title: 'WebAuthn Passkey', title: 'WebAuthn Passkey',
text: authenticatorAttestationServerResponse.msg || 'Created successfully', text: authenticatorAttestationServerResponse.msg || 'Created successfully',
icon: "success" icon: "success"
}).then((result) => {
// Checks if the result is successful (user clicked "OK")
if (result.value) {
// Reload the page
location.reload();
}
}); });
} else { } else {
throw new Error(authenticatorAttestationServerResponse.msg); throw new Error(authenticatorAttestationServerResponse.msg);
@ -63,6 +69,12 @@
title: 'WebAuthn Passkey', title: 'WebAuthn Passkey',
text: err.message || 'Unknown error occured', text: err.message || 'Unknown error occured',
icon: "error" icon: "error"
}).then((result) => {
// Checks if the result is successful (user clicked "OK")
if (result.value) {
// Reload the page
location.reload();
}
}); });
} }