q792602257/lubo_comment_query
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

webauthn登录逻辑调整

Browse Source
This commit is contained in:
Jerry Yan
2022-08-11 10:43:33 +08:00
parent cc57e4bb18
commit 6632d8cea1
6 changed files with 64 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
app/Http/Controllers/UserWebAuthnController.php
View File

@ -2,6 +2,7 @@
namespace App\Http\Controllers;
use App\Models\User;
use App\WebAuthn\Repository\PublicKeyCredentialSourceRepositoryImpl;
use App\WebAuthn\WebAuthnService;
use Cose\Algorithm\Manager;
@ -32,11 +33,6 @@ use Webauthn\TokenBinding\IgnoreTokenBindingHandler;
class UserWebAuthnController extends BaseController
{
public function webauthn_login(Request $request)
{
return view("user.webauthn.login");
}
public function register_options(Request $request): PublicKeyCredentialCreationOptions
{
$userEntity = new PublicKeyCredentialUserEntity(
@ -49,17 +45,44 @@ class UserWebAuthnController extends BaseController
return WebAuthnService::createRequestOptions($userEntity, $challenge);
}
public function login_options(Request $request): PublicKeyCredentialRequestOptions
public function login_options(Request $request)
{
$challenge = random_bytes(32);
$request->session()->put("webauthn_login_challenge", $challenge);
$username = $request->post("username", "");
if ($username) {
$query = User::query();
if (str_contains($username, "@")) {
$query->where("email", "=", $username);
} else {
$query->where("name", "=", $username);
}
$user = $query->first();
if ($user) {
$userHandle = (string) $user->id;
} else {
return new Response([
"success" => false,
"code" => 401,
"message" => "无此用户"
], 401);
}
} else {
$userHandle = "0";
}
$request->session()->put("webauthn_login_user", $userHandle);
$publicKeyCredentialRequestOptions = new PublicKeyCredentialRequestOptions(
$challenge
);
$publicKeyCredentialRequestOptions->setUserVerification(
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_REQUIRED
);
$publicKeyCredentialRequestOptions->allowCredentials([]);
$publicKeyCredentialSources = WebAuthnService::getPublicKeyCredentialSourceRepository()->findAllForUserEntity(
new PublicKeyCredentialUserEntity("", $userHandle, "")
);
array_map(function ($source) use ($publicKeyCredentialRequestOptions) {
$publicKeyCredentialRequestOptions->allowCredential($source->getPublicKeyCredentialDescriptor());
} ,$publicKeyCredentialSources);
return $publicKeyCredentialRequestOptions;
}
@ -120,7 +143,24 @@ class UserWebAuthnController extends BaseController
$publicKeyCredentialRequestOptions = new PublicKeyCredentialRequestOptions(
$request->session()->remove("webauthn_login_challenge")
);
$publicKeyCredentialSources = WebAuthnService::getPublicKeyCredentialSourceRepository()->findAllForUserEntity(
new PublicKeyCredentialUserEntity("", "0", "")
);
$publicKeyCredential = WebAuthnService::getPublicKeyCredentialLoader()->loadArray($request->json()->all());
$userHandle = null;
foreach ($publicKeyCredentialSources as $source) {
if ($source->getPublicKeyCredentialId() === $publicKeyCredential->getRawId()) {
$userHandle = $source->getUserHandle();
break;
}
}
if ($userHandle === null) {
return new Response([
"success" => false,
"code" => 401,
"message" => "无此密钥"
], 401);
}
$authenticatorAssertionResponse = $publicKeyCredential->getResponse();
if (!$authenticatorAssertionResponse instanceof AuthenticatorAssertionResponse) {
//e.g. process here with a redirection to the public key login/MFA page.
@ -136,7 +176,7 @@ class UserWebAuthnController extends BaseController
$authenticatorAssertionResponse,
$publicKeyCredentialRequestOptions,
ServerRequest::fromGlobals(),
$authenticatorAssertionResponse->getUserHandle(),
$userHandle,
["localhost"]
);
} catch (\Throwable $e) {