Some more fine-tuning of the WebAuthn code

2025-07-22 02:25:59 +02:00 · 2024-02-27 08:06:44 +02:00 · 2024-02-27 08:06:44 +02:00 · f3b798db38
commit f3b798db38
parent e032e7575b
3 changed files with 27 additions and 10 deletions
--- a/cp/app/Controllers/Auth/AuthController.php
+++ b/cp/app/Controllers/Auth/AuthController.php
@ -21,7 +21,7 @@ class AuthController extends Controller
    public function __construct() {
        $rpName = 'Namingo';
        $rpId = envi('APP_DOMAIN');
-        $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']);
+        $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['android-key', 'android-safetynet', 'apple', 'fido-u2f', 'packed', 'tpm']);
    }

    /**
@ -173,7 +173,7 @@ class AuthController extends Controller
            return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
        }

-        $getArgs = $this->webAuthn->getGetArgs($ids[0], 30);
+        $getArgs = $this->webAuthn->getGetArgs($ids[0], 60*4, true, true, true, true, true, 'discouraged');

        $response->getBody()->write(json_encode($getArgs));
        $_SESSION['challenge'] = ($this->webAuthn->getChallenge())->getBinaryString();
@ -216,11 +216,11 @@ class AuthController extends Controller
            }

            // process the get request. throws WebAuthnException if it fails
-            $this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge);       
+            $this->webAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, 'discouraged');       

            $return = array();
            $return['success'] = true;
-            $return['msg'] = $msg;
+            $return['msg'] = "Authentication successful.";

            if($return['success']===true) {
                // Send success response
@ -262,6 +262,11 @@ class AuthController extends Controller
        } catch (\Exception $e) {
            $response->getBody()->write(json_encode(['msg' => $e->getMessage()]));
            return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
+        } catch (WebAuthnException $e) {
+            $return = array();
+            $return['success'] = false;
+            $response->getBody()->write(json_encode(['msg' => "Authentication failed: " . $e->getMessage()]));
+            return $response->withHeader('Content-Type', 'application/json')->withStatus(400);
        }
    }
 }
--- a/cp/app/Controllers/ProfileController.php
+++ b/cp/app/Controllers/ProfileController.php
@ -15,7 +15,7 @@ class ProfileController extends Controller
    public function __construct() {
        $rpName = 'Namingo';
        $rpId = envi('APP_DOMAIN');
-        $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['none']);
+        $this->webAuthn = new \lbuchs\WebAuthn\WebAuthn($rpName, $rpId, ['android-key', 'android-safetynet', 'apple', 'fido-u2f', 'packed', 'tpm']);
    }

    public function profile(Request $request, Response $response)
@ -153,7 +153,7 @@ class ProfileController extends Controller
        if(strlen($hexUserId) % 2 != 0){
            $hexUserId = '0' . $hexUserId;
        }
-        $createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 30, false, true);
+        $createArgs = $this->webAuthn->getCreateArgs(\hex2bin($hexUserId), $userEmail, $userName, 60*4, false, 'discouraged', null);

        $response->getBody()->write(json_encode($createArgs));
        $_SESSION["challenge"] = ($this->webAuthn->getChallenge())->getBinaryString();
@ -178,7 +178,7 @@ class ProfileController extends Controller
            $challenge = $_SESSION['challenge'];

            // Process the WebAuthn response
-            $credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, true, true, false);
+            $credential = $this->webAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, 'discouraged', true, false);

            // add user infos
            $credential->userId = $userId;
--- a/cp/resources/views/partials/js-profile.twig
+++ b/cp/resources/views/partials/js-profile.twig
@ -53,6 +53,12 @@
                    title: 'WebAuthn Passkey',
                    text: authenticatorAttestationServerResponse.msg || 'Created successfully',
                    icon: "success"
+                }).then((result) => {
+                    // Checks if the result is successful (user clicked "OK")
+                    if (result.value) {
+                        // Reload the page
+                        location.reload();
+                    }
                });
            } else {
                throw new Error(authenticatorAttestationServerResponse.msg);
@ -63,6 +69,12 @@
              title: 'WebAuthn Passkey',
              text: err.message || 'Unknown error occured',
              icon: "error"
+            }).then((result) => {
+                // Checks if the result is successful (user clicked "OK")
+                if (result.value) {
+                    // Reload the page
+                    location.reload();
+                }
            });
        }