We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
2FAuth
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 243a44d516
Branches Tags
2FAuth
/
app
/
Http
/
Controllers
/
Auth
/
WebAuthnManageController.php

WebAuthnManageController.php 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers\Auth;
    4. 

  4. 

  5. use App\Http\Controllers\Controller;
    6. 

  6. use App\Http\Requests\WebauthnRenameRequest;
    7. 

  7. use Illuminate\Http\Request;
    8. 

  8. use Illuminate\Support\Facades\Gate;
    9. 

  9. use Illuminate\Support\Facades\Log;
    10. 

  10. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
    11. 

  11. 

  12. class WebAuthnManageController extends Controller
    13. 

  13. {
    14. 

  14.     /**
    15. 

  15.      * List all WebAuthn registered credentials
    16. 

  16.      *
    17. 

  17.      * @return \Illuminate\Http\JsonResponse
    18. 

  18.      */
    19. 

  19.     public function index(Request $request)
    20. 

  20.     {
    21. 

  21.         if (Gate::denies('manage-webauthn-credentials')) {
    22. 

  22.             throw new AccessDeniedHttpException(__('errors.unsupported_with_sso_only'));
    23. 

  23.         }
    24. 

  24. 

  25.         $allUserCredentials = $request->user()->webAuthnCredentials()->WhereEnabled()->get();
    26. 

  26. 

  27.         return response()->json($allUserCredentials, 200);
    28. 

  28.     }
    29. 

  29. 

  30.     /**
    31. 

  31.      * Rename a WebAuthn credential
    32. 

  32.      *
    33. 

  33.      * @return \Illuminate\Http\JsonResponse
    34. 

  34.      */
    35. 

  35.     public function rename(WebauthnRenameRequest $request, string $credential)
    36. 

  36.     {
    37. 

  37.         $validated = $request->validated();
    38. 

  38. 

  39.         abort_if(! $request->user()->renameCredential($credential, $validated['name']), 404);
    40. 

  40. 

  41.         return response()->json([
    42. 

  42.             'name' => $validated['name'],
    43. 

  43.         ], 200);
    44. 

  44.     }
    45. 

  45. 

  46.     /**
    47. 

  47.      * Remove the specified credential from storage.
    48. 

  48.      *
    49. 

  49.      * @param  string|array  $credential
    50. 

  50.      * @return \Illuminate\Http\JsonResponse
    51. 

  51.      */
    52. 

  52.     public function delete(Request $request, $credential)
    53. 

  53.     {
    54. 

  54.         Log::info('Deletion of security device requested');
    55. 

  55. 

  56.         if (Gate::denies('manage-webauthn-credentials')) {
    57. 

  57.             throw new AccessDeniedHttpException(__('errors.unsupported_with_sso_only'));
    58. 

  58.         }
    59. 

  59. 

  60.         $user = $request->user();
    61. 

  61.         $user->flushCredential($credential);
    62. 

  62. 

  63.         // Webauthn user options need to be reset to prevent impossible login when
    64. 

  64.         // no more registered device exists.
    65. 

  65.         // See #110
    66. 

  66.         if (blank($user->webAuthnCredentials()->WhereEnabled()->get())) {
    67. 

  67.             $request->user()->preferences['useWebauthnOnly'] = false;
    68. 

  68.             $request->user()->save();
    69. 

  69.             Log::notice(sprintf('No more Webauthn credential for user ID #%s, useWebauthnOnly user preference reset to false', $user->id));
    70. 

  70.         }
    71. 

  71. 

  72.         Log::info(sprintf('User ID #%s revoked a security device', $user->id));
    73. 

  73. 

  74.         return response()->json(null, 204);
    75. 

  75.     }
    76. 

  76. }
    77.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5