We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
2FAuth
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 05a39b6501
Ramas Etiquetas
2FAuth
/
app
/
Http
/
Controllers
/
Auth
/
WebAuthnLoginController.php

WebAuthnLoginController.php 3.4 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers\Auth;
    4. 

  4. 

  5. use App\Http\Controllers\Controller;
    6. 

  6. use App\Models\User;
    7. 

  7. use Carbon\Carbon;
    8. 

  8. use Illuminate\Contracts\Support\Responsable;
    9. 

  9. use Illuminate\Http\JsonResponse;
    10. 

  10. use Illuminate\Support\Facades\Log;
    11. 

  11. use Laragear\WebAuthn\Http\Requests\AssertedRequest;
    12. 

  12. use Laragear\WebAuthn\Http\Requests\AssertionRequest;
    13. 

  13. use Laragear\WebAuthn\WebAuthn;
    14. 

  14. use Illuminate\Support\Arr;
    15. 

  15. 

  16. class WebAuthnLoginController extends Controller
    17. 

  17. {
    18. 

  18.     /*
    19. 

  19.     |--------------------------------------------------------------------------
    20. 

  20.     | WebAuthn Login Controller
    21. 

  21.     |--------------------------------------------------------------------------
    22. 

  22.     |
    23. 

  23.     | This controller allows the WebAuthn user device to request a login and
    24. 

  24.     | return the correctly signed challenge. Most of the hard work is done
    25. 

  25.     | by your Authentication Guard once the user is attempting to login.
    26. 

  26.     |
    27. 

  27.     */
    28. 

  28. 

  29.     /**
    30. 

  30.      * Returns the challenge to assertion.
    31. 

  31.      *
    32. 

  32.      * @param  \Laragear\WebAuthn\Http\Requests\AssertionRequest  $request
    33. 

  33.      * @return \Illuminate\Contracts\Support\Responsable|\Illuminate\Http\JsonResponse
    34. 

  34.      */
    35. 

  35.     public function options(AssertionRequest $request) : Responsable|JsonResponse
    36. 

  36.     {
    37. 

  37.         switch (config('webauthn.user_verification')) {
    38. 

  38.             case WebAuthn::USER_VERIFICATION_DISCOURAGED:
    39. 

  39.                 $request = $request->fastLogin();    // Makes the authenticator to only check for user presence on registration
    40. 

  40.                 break;
    41. 

  41.             case WebAuthn::USER_VERIFICATION_REQUIRED:
    42. 

  42.                 $request = $request->secureLogin();  // Makes the authenticator to always verify the user thoroughly on registration
    43. 

  43.                 break;
    44. 

  44.         }
    45. 

  45. 

  46.         // Since 2FAuth is single user designed we fetch the user instance.
    47. 

  47.         // This lets Larapass validate the request without the need to ask
    48. 

  48.         // the visitor for an email address.
    49. 

  49.         $user = User::first();
    50. 

  50. 

  51.         return $user
    52. 

  52.             ? $request->toVerify($user)
    53. 

  53.             : response()->json([
    54. 

  54.                 'message' => 'no registered user',
    55. 

  55.             ], 400);
    56. 

  56.     }
    57. 

  57. 

  58.     /**
    59. 

  59.      * Log the user in.
    60. 

  60.      *
    61. 

  61.      * @param  \Laragear\WebAuthn\Http\Requests\AssertedRequest  $request
    62. 

  62.      * @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
    63. 

  63.      */
    64. 

  64.     public function login(AssertedRequest $request)
    65. 

  65.     {
    66. 

  66.         Log::info('User login via webauthn requested');
    67. 

  67. 

  68.         if ($request->has('response')) {
    69. 

  69.             $response = $request->response;
    70. 

  70. 

  71.             // Some authenticators do not send a userHandle so we hack the response to be compliant
    72. 

  72.             // with Larapass/webauthn-lib implementation that waits for a userHandle
    73. 

  73.             if (!Arr::exists($response, 'userHandle') || blank($response['userHandle'])) {
    74. 

  74.                 $response['userHandle'] = User::getFromCredentialId($request->id)?->userHandle();
    75. 

  75.                 $request->merge(['response' => $response]);
    76. 

  76.             }
    77. 

  77.         }
    78. 

  78. 

  79.         $user = $request->login();
    80. 

  80. 

  81.         if ($user) {
    82. 

  82.             $this->authenticated($user);
    83. 

  83. 

  84.             return response()->noContent();
    85. 

  85.         }
    86. 

  86. 

  87.         return response()->noContent(422);
    88. 

  88.     }
    89. 

  89. 

  90.     /**
    91. 

  91.      * The user has been authenticated.
    92. 

  92.      *
    93. 

  93.      * @param  mixed  $user
    94. 

  94.      * @return void|\Illuminate\Http\JsonResponse
    95. 

  95.      */
    96. 

  96.     protected function authenticated($user)
    97. 

  97.     {
    98. 

  98.         $user->last_seen_at = Carbon::now()->format('Y-m-d H:i:s');
    99. 

  99.         $user->save();
    100. 

  100. 

  101.         Log::info('User authenticated via webauthn');
    102. 

  102.     }
    103. 

  103. }
    104.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5