This repository has been archived by the owner on Sep 12, 2022. It is now read-only.
forked from DarkGhostHunter/Larapass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
AuthenticatesWebAuthn.php
136 lines (120 loc) · 3.57 KB
/
AuthenticatesWebAuthn.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
namespace DarkGhostHunter\Larapass\Http;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use DarkGhostHunter\Larapass\Facades\WebAuthn;
trait AuthenticatesWebAuthn
{
use WebAuthnRules;
/**
* Returns an WebAuthn Assertion challenge for the user (or userless).
*
* @param \Illuminate\Http\Request $request
* @return \Webauthn\PublicKeyCredentialRequestOptions
*/
public function options(Request $request)
{
$credentials = $request->validate($this->optionRules());
return WebAuthn::generateAssertion(
$this->getUserFromCredentials($credentials)
);
}
/**
* Return the rules for validate the Request.
*
* @return array
*/
protected function optionRules()
{
return [
$this->username() => 'sometimes|email',
];
}
/**
* Get the login user name to retrieve credentials ID.
*
* @return string
*/
protected function username()
{
return 'email';
}
/**
* Return the user that should authenticate via WebAuthn.
*
* @param array $credentials
* @return \Illuminate\Contracts\Auth\Authenticatable|\DarkGhostHunter\Larapass\Contracts\WebAuthnAuthenticatable|null
*/
protected function getUserFromCredentials(array $credentials)
{
// We will try to ask the User Provider for any user for the given credentials.
// If there is one, we will then return an array of credentials ID that the
// authenticator may use to sign the subsequent challenge by the server.
return $this->userProvider()->retrieveByCredentials($credentials);
}
/**
* Get the User Provider for WebAuthn Authenticatable users.
*
* @return \Illuminate\Contracts\Auth\UserProvider
*/
protected function userProvider()
{
return Auth::createUserProvider('users');
}
/**
* Log the user in.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function login(Request $request)
{
$credential = $request->validate($this->assertionRules());
if ($authenticated = $this->attemptLogin($credential, $this->hasRemember($request))) {
return $this->authenticated($request, $this->guard()->user()) ?? response()->noContent();
}
return response()->noContent(422);
}
/**
* Check if the Request has a "Remember" value present.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function hasRemember(Request $request)
{
return filter_var($request->header('WebAuthn-Remember'), FILTER_VALIDATE_BOOLEAN)
?: $request->filled('remember');
}
/**
* Attempt to log the user into the application.
*
* @param array $challenge
* @param bool $remember
* @return bool
*/
protected function attemptLogin(array $challenge, bool $remember = false)
{
return $this->guard()->attempt($challenge, $remember);
}
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return void|\Illuminate\Http\JsonResponse
*/
protected function authenticated(Request $request, $user)
{
//
}
/**
* Get the guard to be used during authentication.
*
* @return \Illuminate\Contracts\Auth\StatefulGuard
*/
protected function guard()
{
return Auth::guard();
}
}