laragear / webauthn Goto Github PK
View Code? Open in Web Editor NEWAuthenticate users with Passkeys: fingerprints, patterns and biometric data.
License: MIT License
Authenticate users with Passkeys: fingerprints, patterns and biometric data.
License: MIT License
8.3.3 - Linux aarch64
MariaDB 11.3.2
10.48.3
Migrate create_webauthn_credentials
Table index names have a maximum length of 64 characters. The relevant generated index name is 66 characters long:
webauthn_credentials_authenticatable_type_authenticatable_id_index
Maybe this is more of an issue for laragear/meta-model
A possible workaround is to shorten the table name in AppServiceProvider
before run the migration:
<?php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
public function register(): void
{
\Laragear\WebAuthn\Models\WebAuthnCredential::$useTable = 'webauthn';
}
}
However, this is not so elegant. The max length also applies to MySQL or PostgreSQL.
php artisan webauthn:install;
php artisan migrate;
2024_03_15_173020_create_webauthn_credentials 6ms FAIL
Illuminate\Database\QueryException
SQLSTATE[42000]: Syntax error or access violation: 1059 Identifier name 'webauthn_credentials_authenticatable_type_authenticatable_id_index' is too long (Connection: mariadb, SQL: alter table `webauthn_credentials` add index `webauthn_credentials_authenticatable_type_authenticatable_id_index`(`authenticatable_type`, `authenticatable_id`))
at vendor/laravel/framework/src/Illuminate/Database/Connection.php:829
825▕ $this->getName(), $query, $this->prepareBindings($bindings), $e
826▕ );
827▕ }
828▕
➜ 829▕ throw new QueryException(
830▕ $this->getName(), $query, $this->prepareBindings($bindings), $e
831▕ );
832▕ }
833▕ }
+45 vendor frames
46 artisan:35
Illuminate\Foundation\Console\Kernel::handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
No response
No response
All imports of php attributes should be provided in composer.
When using vscode attributes are not being recognised:
#[ArrayShape(['binaryData' => "string"])]
public function __serialize(): array
{
return ['binaryData' => static::encodeBase64Url($this->binaryData)];
}
Those require
use JetBrains\PhpStorm\ArrayShape;
Open ByteBuffer.php in vscode.
No response
No response
No, don't give priority to this
8.2.1 & MacOs
No response
10
PhpStorm doesn't throw a warning
When I add: // WebAuthn Routes WebAuthn::routes();
to my routes file, I get a warning: Class WebAuthn is marked as @internal
Import the routes in your routes files in Phpstorm
No response
Please i am trying to use webauthn in my app i had to upgrade to laravel 9 to user Laragear/WebAuthn because i was unable to set up Larapass and i can't create any issue there.
Wel Successfull Set WebAuthn but having Issue registering Device...
I get 422 Error Code
And when I tried publishing the config file.
php artisan vendor:publish --provider="Laragear\WebAuthn\WebAuthnServiceProvider" --tag="config"
It doesn't work.
Please I need guidelines on how to successfully set it up
public function register(AttestedRequest $request): Response
{
$request->save();
return response()->noContent();
}
8.1.6 - Windows 11
MySQL 8.0.27
9.33.0
On new install, have in my /routes/web
use Laragear\WebAuthn\WebAuthn;
WebAuthn::routes();
When I try to use the register/options route, I get a 500 error
In the log, I get this:
[2022-10-04 01:07:58] local.ERROR: Target class [App\Http\Controllers\App\Http\Controllers\WebAuthn\WebAuthnRegisterController] does not exist. {"exception":"[object] (Illuminate\\Contracts\\Container\\BindingResolutionException(code: 0): Target class [App\\Http\\Controllers\\App\\Http\\Controllers\\WebAuthn\\WebAuthnRegisterController] does not exist. at C:\\wamp\\www\\station\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\Container.php:877)
[stacktrace]
It appears that there is a namespacing issue because App\Http\Controllers
is repeated.
For example, when I put the following in my web.php
file, it works:
Route::controller(WebAuthnRegisterController::class)->middleware('web')->prefix('webauthn')->group(function () {
Route::post('register/options', 'options')->name('webauthn.register.options');
Route::post('register', 'register')->name('webauthn.register');
});
Route::controller(WebAuthnLoginController::class)->middleware('web')->prefix('webauthn')->group(function () {
Route::post('login/options', 'options')->name('webauthn.login.options');
Route::post('login', 'login')->name('webauthn.login');
});
As above
as above
8.2.2
No response
10.13.5
When calling new WebAuthn().register()
the request to /webauthn/register/options
should succeed.
But is does not:
On a Fresh install,
update vite.config.js
-input: ['resources/css/app.css', 'resources/js/app.js'],
+input: ['resources/css/app.css', 'resources/js/app.js', 'resources/js/webauthn/webauthn.js'],
add WebAuthn::routes();
to routes/web.php
,
then create a page like:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title></title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="preconnect" href="https://fonts.bunny.net">
@vite('resources/js/app.js')
<script src="{{ Vite::asset('/resources/js/vendor/webauthn/webauthn.js') }}"></script>
</head>
<body>
<main>
<form id="register-form">
<button type="submit" value="Register authenticator">Register authenticator</button>
</form>
<script defer>
if (WebAuthn.doesntSupportWebAuthn()) {
alert('Your device is not secure enough to use this site!');
}
const register = event => {
event.preventDefault()
new WebAuthn().register()
.then(response => alert('Registration successful!'))
.catch(error => alert('Something went wrong, try again!'))
}
document.getElementById('register-form').addEventListener('submit', register)
</script>
</main>
</body>
</html>
load the page page and click the button. 💥
No response
8.1.23 - Ubuntu 22.04.3 LTS WSL
MySQL 8.0.33-0ubuntu0.22.04.4
10.10
Just installed this package did not change anything, following the documentation, attestation does not work and I need help . Thanks :)
[2023-09-24 08:12:33] local.ERROR: SQLSTATE[01000]: Warning: 1265 Data truncated for column 'authenticatable_id' at row 1 (Connection: mysql, SQL: insert into webauthn_credentials
(authenticatable_id
, authenticatable_type
, id
, user_id
, alias
, counter
, rp_id
, origin
, transports
, aaguid
, public_key
, attestation_format
, updated_at
, created_at
) value (detail in the stack logs).
I used ulid instead of id in the users table.
async function func_registerkey () { new WebAuthn().register().then(response => { alert('Registration successful!') }).catch(error => { console.log(error); alert('Something went wrong, try again!') }); }
shell [2023-09-24 08:12:33] local.ERROR: SQLSTATE[01000]: Warning: 1265 Data truncated for column 'authenticatable_id' at row 1 (Connection: mysql, SQL: insert into `webauthn_credentials` (`authenticatable_id`, `authenticatable_type`, `id`, `user_id`, `alias`, `counter`, `rp_id`, `origin`, `transports`, `aaguid`, `public_key`, `attestation_format`, `updated_at`, `created_at`) values (01hanwjtzrrn2mf7wfpa9ns6jb, App\Models\User, Ki0iUkN3NYMdIQnQxRgyGQ, c9b23794b1fa48cdb9f6b31440c28958, ?, 0, https://dev.test, https://dev.test, ?, 531126d6-e717-415c-9320-3d9aa6981239, eyJpdiI6InlaS2ZPdmxuL1cxajdPdWRYcHk2OVE9PSIsInZhbHVlIjoiU3owM3RuNy9nZCtHRi80dDlUMVFPZ0FCUFAvamZUYlJDL0ZXY0cyS0ZZS3dLdTdWTUVNUVU2dURTbXJrRlZ2Skw5RFQ5dUltanBoV1ZkWllMSUJIYXBmQTlHS2w0b3dLWCt3T1RsUXp0UXhrc0xXQkpqamZPZ3kvcFVVY0hWVVRwZTkrVU1VSjlnUzNXQ2dBR1lVT0F5ZHRLOUVMZWdoM0NJWGYwY1U5OEtWellLNkt1Yk5sRVV6WmdFM3RZVTg0MDhMVGNpR29kSUZmUk90dy94TkJNV3VNVUJWTDdPYjdTaTV5SG9mRzh2aFdXWW83S2Q5YVpDUlh3VlU2VWpyTiIsIm1hYyI6ImQ2NTcxZWY1YzQxYzA3NTIzNDY3ZWY1NmQ1ZWQ1MDUyZDQyYzZjYzg4ZDI5YjE1OWQyZTI5ODE3YjY4ZWRkM2YiLCJ0YWciOiIifQ==, none, 2023-09-24 08:12:33, 2023-09-24 08:12:33)) {"userId":"01hanwjtzrrn2mf7wfpa9ns6jb","exception":"[object] (Illuminate\\Database\\QueryException(code: 01000): SQLSTATE[01000]: Warning: 1265 Data truncated for column 'authenticatable_id' at row 1 (Connection: mysql, SQL: insert into `webauthn_credentials` (`authenticatable_id`, `authenticatable_type`, `id`, `user_id`, `alias`, `counter`, `rp_id`, `origin`, `transports`, `aaguid`, `public_key`, `attestation_format`, `updated_at`, `created_at`) values (01hanwjtzrrn2mf7wfpa9ns6jb, App\\Models\\User, Ki0iUkN3NYMdIQnQxRgyGQ, c9b23794b1fa48cdb9f6b31440c28958, ?, 0, https://dev.test, https://dev.test, ?, 531126d6-e717-415c-9320-3d9aa6981239, eyJpdiI6InlaS2ZPdmxuL1cxajdPdWRYcHk2OVE9PSIsInZhbHVlIjoiU3owM3RuNy9nZCtHRi80dDlUMVFPZ0FCUFAvamZUYlJDL0ZXY0cyS0ZZS3dLdTdWTUVNUVU2dURTbXJrRlZ2Skw5RFQ5dUltanBoV1ZkWllMSUJIYXBmQTlHS2w0b3dLWCt3T1RsUXp0UXhrc0xXQkpqamZPZ3kvcFVVY0hWVVRwZTkrVU1VSjlnUzNXQ2dBR1lVT0F5ZHRLOUVMZWdoM0NJWGYwY1U5OEtWellLNkt1Yk5sRVV6WmdFM3RZVTg0MDhMVGNpR29kSUZmUk90dy94TkJNV3VNVUJWTDdPYjdTaTV5SG9mRzh2aFdXWW83S2Q5YVpDUlh3VlU2VWpyTiIsIm1hYyI6ImQ2NTcxZWY1YzQxYzA3NTIzNDY3ZWY1NmQ1ZWQ1MDUyZDQyYzZjYzg4ZDI5YjE1OWQyZTI5ODE3YjY4ZWRkM2YiLCJ0YWciOiIifQ==, none, 2023-09-24 08:12:33, 2023-09-24 08:12:33)) at /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Connection.php:801) [stacktrace] #0 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Connection.php(755): Illuminate\\Database\\Connection->runQueryCallback() #1 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Connection.php(581): Illuminate\\Database\\Connection->run() #2 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Connection.php(533): Illuminate\\Database\\Connection->statement() #3 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3338): Illuminate\\Database\\Connection->insert() #4 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1968): Illuminate\\Database\\Query\\Builder->insert() #5 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(1309): Illuminate\\Database\\Eloquent\\Builder->__call() #6 /var/www/projects/evangeline/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(1137): Illuminate\\Database\\Eloquent\\Model->performInsert() #7 /var/www/projects/evangeline/vendor/laragear/webauthn/src/Http/Requests/AttestedRequest.php(83): Illuminate\\Database\\Eloquent\\Model->sav
8.2.1 & MacOs
No response
10
My understanding is that if there is no associated credential to the user, the challenge should be empty.
I created a new user and on the first login, I want the user to login via the password as no passkey as been saved to the device yet. But, when I hit the /login/options
route, I get a challenge instead of the null value.
1- Create a new user
2- Send the email as the credential to the `/login/options` route
No response
8.2.2
No response
10.13.5
On a login/register options request, if validation fails, errors should be availabe in the catch(resposne => {})
method.
On a login/register options request, if validation fails, there is no way to display the specific errors to the user.
new WebAuthn().login({
email: 'not a valid email',
}, {
remember: 'on',
}).then(response => {
//
})
.catch(response => {
if (reponse.status === 422) {
// response.errors should be an array of errors, and response.message should be the main validation message
let errors = response.errors;
for (let key in errors) {
document.getElementById(key).setCustomValidity(errors[key][0]);
document.getElementById(key).reportValidity();
}
return;
}
})
No response
8.1.2 & Ubuntu
No response
9
Hey Guys,
The README file talks about an AttestationController file. This is not created during installation.
-
No response
8.3.7 MacOS
MariaDB 11.3.2
11.7.0
I've gone through the README steps in a brand new Laravel install.
I've configured the user provider to eloquent-webauthn
as described in the readme:
'providers' => [
'users' => [
'driver' => 'eloquent-webauthn',
'model' => App\Models\User::class,
'password_fallback' => false,
],
],
I ran the install and migrate scripts
php artisan webauthn:install
php artisan migrate
When attempting to log in, I get a database error:
Column not found: 1054 Unknown column 'rawId' in 'where clause'
Looking at my database, I don't see that column on the users table either.
await Webpass.assert("/webauthn/login/options", "/webauthn/login")
### Stack trace & logs
```shell
[2024-05-18 17:50:12] local.ERROR: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'rawId' in 'where clause' (Connection: mysql, SQL: select * from `users` where `id` = QnWxGTtsch2q8KZef5SOl7Z2yYHSVdvhQ_JP7vLH9tk and `rawId` = QnWxGTtsch2q8KZef5SOl7Z2yYHSVdvhQ_JP7vLH9tk and `response` in (SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAAA, eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoib3JMd21VTVA1VjFQdWo4cXBsVjVDQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0, MEUCIQDjh1bTeARNmaNiWSmv4jp7EtRsPVfCHala0-PXkYEJNgIgIXsv10E1GwTp410zovTsXxOMVgu9rZXrOQwhu7Co0i4, ��]�G����=�\�Oz{��ۭu) and `type` = public-key limit 1) {"exception":"[object] (Illuminate\\Database\\QueryException(code: 42S22): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'rawId' in 'where clause' (Connection: mysql, SQL: select * from `users` where `id` = QnWxGTtsch2q8KZef5SOl7Z2yYHSVdvhQ_JP7vLH9tk and `rawId` = QnWxGTtsch2q8KZef5SOl7Z2yYHSVdvhQ_JP7vLH9tk and `response` in (SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAAA, eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoib3JMd21VTVA1VjFQdWo4cXBsVjVDQSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMCIsImNyb3NzT3JpZ2luIjpmYWxzZX0, MEUCIQDjh1bTeARNmaNiWSmv4jp7EtRsPVfCHala0-PXkYEJNgIgIXsv10E1GwTp410zovTsXxOMVgu9rZXrOQwhu7Co0i4, ��]�G\u001b���=�\\�Oz{��ۭu) and `type` = public-key limit 1) at /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Connection.php:813)
[stacktrace]
#0 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Connection.php(767): Illuminate\\Database\\Connection->runQueryCallback('select * from `...', Array, Object(Closure))
#1 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Connection.php(398): Illuminate\\Database\\Connection->run('select * from `...', Array, Object(Closure))
#2 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2993): Illuminate\\Database\\Connection->select('select * from `...', Array, true)
#3 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2978): Illuminate\\Database\\Query\\Builder->runSelect()
#4 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(3566): Illuminate\\Database\\Query\\Builder->Illuminate\\Database\\Query\\{closure}()
#5 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2977): Illuminate\\Database\\Query\\Builder->onceWithColumns(Array, Object(Closure))
#6 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(749): Illuminate\\Database\\Query\\Builder->get(Array)
#7 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(731): Illuminate\\Database\\Eloquent\\Builder->getModels(Array)
#8 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Database/Concerns/BuildsQueries.php(335): Illuminate\\Database\\Eloquent\\Builder->get(Array)
#9 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php(139): Illuminate\\Database\\Eloquent\\Builder->first()
#10 /Users/aaronpk/Code/Laravel/vendor/laragear/webauthn/src/Auth/WebAuthnUserProvider.php(59): Illuminate\\Auth\\EloquentUserProvider->retrieveByCredentials(Array)
#11 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php(393): Laragear\\WebAuthn\\Auth\\WebAuthnUserProvider->retrieveByCredentials(Array)
#12 /Users/aaronpk/Code/Laravel/vendor/laragear/webauthn/src/Http/Requests/AssertedRequest.php(57): Illuminate\\Auth\\SessionGuard->attempt(Array, false)
#13 /Users/aaronpk/Code/Laravel/app/Http/Controllers/WebAuthn/WebAuthnLoginController.php(33): Laragear\\WebAuthn\\Http\\Requests\\AssertedRequest->login()
#14 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(46): App\\Http\\Controllers\\WebAuthn\\WebAuthnLoginController->login(Object(Laragear\\WebAuthn\\Http\\Requests\\AssertedRequest))
#15 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Route.php(260): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(App\\Http\\Controllers\\WebAuthn\\WebAuthnLoginController), 'login')
#16 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Route.php(206): Illuminate\\Routing\\Route->runController()
#17 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Router.php(806): Illuminate\\Routing\\Route->run()
#18 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#19 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#21 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(88): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#23 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#24 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest(Object(Illuminate\\Http\\Request), Object(Illuminate\\Session\\Store), Object(Closure))
#27 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#28 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#29 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#30 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(75): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#31 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#32 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#33 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#34 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#35 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#36 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#37 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#38 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#39 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#40 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#41 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#42 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#43 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#44 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#45 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#46 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#47 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#48 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#49 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#50 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\HandleCors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#51 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#52 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#53 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#54 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#55 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#56 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1172): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#57 /Users/aaronpk/Code/Laravel/public/index.php(17): Illuminate\\Foundation\\Application->handleRequest(Object(Illuminate\\Http\\Request))
#58 /Users/aaronpk/Code/Laravel/vendor/laravel/framework/src/Illuminate/Foundation/resources/server.php(16): require_once('/Users/aaronpk/...')
#59 {main}```
8.2.2
No response
10.13.5
When I click the "register" or "login" buttons the WebAuthn
class is initialised and run.
The ReferenceError: WebAuthn is not defined
error is thrown.
I suspect this is due to Vite loading the script as type="module"
and so the WebAuthn
class is in a different scope.
after adding the code from the documentation:
<html>
<head>
@vite(['resources/js/app.js', 'resources/js/vendor/webauthn/webauthn.js'])
</head>
<body>
<form id="register-form">
<button type="submit">Register authenticator</button>
</form>
<!-- Registering credentials -->
<script>
const register = event => {
event.preventDefault()
new WebAuthn().register()
.then(response => alert('Registration successful!'))
.catch(error => alert('Something went wrong, try again!'))
}
document.getElementById('register-form').addEventListener('submit', register)
</script>
</body>
</html>
click the `Register authenticator` button.
No response
8.2.8 - MacOS
MySQL 8.0.27
10
when i try to login. but it prompt the error below.
Prompt my user table missing column. i just migrate the default db souce from package
i was used the default function from package
public function login(AssertedRequest $request): Response
{
return response()->noContent($request->login('admin') ? 204 : 422);
}
Column not found: 1054 Unknown column 'rawId' in 'where clause' (Connection: mysql, SQL: select * from table
where id
= IUFjLK-rfAh7U3oV_zP_uJ6YW3umWXo3fipCY3HE6Ho and rawId
= IUFjLK+rfAh7U3oV/zP/uJ6YW3umWXo3fipCY3HE6Ho= and response
in (u2ghoRLl52c6KTnfJU/7W3nVPzrVuUA/98mAWWV0hw8FAAAAAA==, eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiX2QtNC1tVjJfUEVueUFTZkJHNnBRdyIsIm9yaWdpbiI6Imh0dHBzOi8vYmFzZS10ZW1wbGF0ZS50ZXN0IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ==, MEYCIQDhaC21Gjmin6oB9tyvrQJSsrukRNcscvd8s36HRxrT+AIhAL3RS6G4idm6mgfoWeak8SIgtJla++A4saiAznGWV6ih, a07bc26051d04b909c9dfce9f9068255) and type
= public-key limit 1)
8.1.3 & MacOs
MYSQL 5
Laravel 9
When you login with credentials, it should log the user in
I get a 422 error on login
Setup back and frontend and try to login.
I was able to pinpoint the issue. In the webauthn file, in the login method:
async login(request = {}, response = {}) {
const optionsResponse = await this.#fetch(
request,
this.routes.loginOptions
);
const json = await optionsResponse.json();
const publicKey = this.#parseIncomingServerOptions(json);
const credentials = await navigator.credentials.get({ publicKey });
console.log(credentials);
const publicKeyCredential = this.#parseOutgoingCredentials(credentials);
Object.assign(publicKeyCredential, response);
return await this.#fetch(
publicKeyCredential,
this.routes.login,
response
).then(WebAuthn.#handleResponse);
}
THe credentials has a userHandle
of null, so it fails the check in the backend eventually.
Edit:
I checked that during creation, the userHandle is not even set by the navigator.
In the documentation, it does say it maybe be null:
For [navigator.credentials.create()](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create) calls made with a non-empty allowCredentials properties, the returned userHandle may be null.
https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse/userHandle
8.1.2 - Ubuntu 22.04 WSL
MySQL 8.0.28
10.10
How to change the webauthn_credentials.authenticatable_id
data type?
I can change it manually after the migration is done but how can I change it in the migration file instead? Is it possible?
$table->morphs('authenticatable', 'webauthn_user_index');
Thanks.
I use ULID as ID (primary key) in the users table and everytime I tried to attest it is failed because the authenticatable_id
column in the webauthn_credentials
table does not match with the data type of my users
table's ID column, how can I change the authenticatable_id
to match the users.id
data type which is CHAR(26)
?
Thanks.
.
No response
8.2.7 Ubuntu 22.04.2
MariaDB 10.10.5
10.14.1
Google Chrome 114.0.5735.198
Not sure
When logging in the response from the browser publicKeyCredential.response
contains userHandle: ''
not sure why its empty but it ise (I checked on a few other site using webauthn, and it's empty there also).
However in the database the user_id
field is populated,
In Laragear\WebAuthn\Assertion\Validator\Pipes\CheckCredentialIsForUser::validateId
there is a check againest user_id on the credentials model, this throws an exception when handle is empty.
public function registerOpts(AttestationRequest $request): Responsable
{
return $request
->secureRegistration()
//->fastRegistration()
//->userless()
//->allowDuplicates()
->toCreate();
}
public function register(AttestedRequest $request): Response
{
$request->save($request->only(['alias']));
return response()->noContent();
}
public function loginOpts(AssertionRequest $request): Responsable
{
/** @var User $user */
$user = Auth::guard('web')->user();
return $request
->secureLogin()
->toVerify($user->only(['email']));
}
public function login(Request $request, AssertionValidator $assertion): Response
{
$credential = $assertion
->send(new AssertionValidation($request))
->thenReturn()
->credential;
if (!$credential) return \response()->noContent(422);
session(['webauthn' => true]);
return response()->noContent();
}
not applicable
8.1.5
9.16.0
No response
No response
For my main site, I have a default database connection that goes to "DifferentSchema".
For my auth, I have another database connection that goes to "AuthSchema"
I can't seem to figure out how to make webauthn use my "AuthSchema" connection. I added the "AuthSchema" database connection in App\User::class, and that fixed one of the errors, but there's more further down the "webauthn process" that I'm not sure how to fix.
Is there a way to specify what connection WebAuthn uses?
Thanks
https://pastebin.com/raw/yrbc05V3 - Shows the default database connection being used and not the "AuthSchema" database connection I set in App\User::class
N/A
https://pastebin.com/raw/yrbc05V3
No response
No, don't give priority to this
8.1 (Debian - Bookworm)
PostgreSQL 15
10.40.0
When I am trying to register a yubikey, I expect it to be registered with my account.
Impossible to register my yubikey (or any platform authenticator, in my case Touch ID).
I guess that the javascript used in @simplewebauthn/browser is a bit different which causes this issue.
I've used the following example https://github.com/MasterKale/SimpleWebAuthn/blob/master/example/public/index.html
Adjusted the urls and tried to register a yubikey and tried to register Touch ID.
When trying to register I get the following validation error:
ByteBuffer: Invalid offset or length.
8.3.6 - macOS 14.4.1 aarch64
PostgreSQL 14.11
11.5.0
When I use 1Password / my macbook's TouchId, as long as I have registered it in the system, I should be able to login.
When using 1Password as a Passkey, 1Password seems to be sending the userHandle
in the format that this package expects, which is without dash, e.g.:
6943324022c046d395de29ceda194b63
Which will be validated in \Laragear\WebAuthn\Assertion\Validator\Pipes\CheckCredentialIsForUser@validateId
like so:
hash_equals(Uuid::fromString($validation->credential->user_id)->getHex()->toString(), $handle);
// using the userHandle 1Password provided, the line above becomes:
'6943324022c046d395de29ceda194b63' === '6943324022c046d395de29ceda194b63';
But my MBP's TouchID seems to sent userHandle
with dash, i.e.: 69433240-22c0-46d3-95de-29ceda194b63
the hash_equals
above effectively becomes:
'6943324022c046d395de29ceda194b63' === '69433240-22c0-46d3-95de-29ceda194b63';
This makes logging-in using my TouchID to be impossible, I reckon other people also can not login.
Right now this issue is not a problem in my projects, as I am using this workaround in my WebAuthnLoginController.php
:
public function login(AssertedRequest $request)
: \Symfony\Component\HttpFoundation\Response
{
// hacky workaround =>
$userHandle = $request->json()->get('response.userHandle');
$request->json()->set('response',
[
'userHandle' => Str::replace(
'-', '', $userHandle ?? ''
)
]
+ $request->json('response')
);
$user = $request->login();
// ...
}
But someone might want to address this issue
// sorry, don't have the time to make a repro, feel free to just close this issue :)
// the issue itself is easily fixable on userland, with a little hack.
// This is the TouchID
[2024-05-03 09:50:12] local.DEBUG: array (
'request' =>
array (
'remember' => NULL,
'id' => 'ZDariNmfR72XYzZEG-QMubXC9Mc',
'rawId' => 'ZDariNmfR72XYzZEG-QMubXC9Mc',
'response' =>
array (
'authenticatorData' => 'REDACTED',
'clientDataJSON' => 'REDACTED',
'signature' => 'REDACTED',
'userHandle' => '69433240-22c0-46d3-95de-29ceda194b63',
),
'type' => 'public-key',
'clientExtensionResults' =>
array (
),
'authenticatorAttachment' => 'platform',
),
'handle' => '69433240-22c0-46d3-95de-29ceda194b63',
'Uuid::fromString()->getHex()->toString()' => '6943324022c046d395de29ceda194b63',
)
[2024-05-03 09:50:12] local.DEBUG: Assertion Error: User ID is not owner of the stored credential.
// This is 1Password
[2024-05-03 09:50:35] local.DEBUG: array (
'request' =>
array (
'remember' => NULL,
'id' => 'auDdo3Qn2MZ47Fp0bg0hIg',
'rawId' => 'auDdo3Qn2MZ47Fp0bg0hIg',
'response' =>
array (
'authenticatorData' => 'REDACTED',
'clientDataJSON' => 'REDACTED',
'signature' => 'REDACTED',
'userHandle' => '6943324022c046d395de29ceda194b63',
),
'type' => 'public-key',
'clientExtensionResults' =>
array (
),
'authenticatorAttachment' => 'platform',
),
'handle' => '6943324022c046d395de29ceda194b63',
'Uuid::fromString()->getHex()->toString()' => '6943324022c046d395de29ceda194b63',
)
PHP 8.3 - Ubuntu 22.04
Mysql 8
11
Attestation Error: Challenge does not exist.
I did everything exactly as you described in the installation steps. In Laravel 10 I installed version 1.x of this package without any problems, but in Laravel 11 and Webauthn 2.x I get the following error.
Attestation Error: Challenge does not exist.
//
No response
8.1.22
No response
10.16.1
Setting a custom Relying Party Id in the .env
file should allow to register new webauthn devices.
Following the Laragear/webauthn documentation:
Lines 605 to 609 in 7e62ec9
If I set WEBAUTHN_ID=https://my.domain.com
the registration ceremony fails because the RP-ID is not valid. Indeed, regarding the Webauthn W3C recommandation, the RP ID should be a domain, not an URL. Using such an URL makes the webauthn API throwing a SecurityError
(see https://www.w3.org/TR/webauthn-2/#CreateCred-DetermineRpId)
But if I set WEBAUTHN_ID=my.domain.com
, the registration ceremony also fails but this time because the CheckRelyingPartyIdContained
does not pass because of the way $current
is defined:
WebAuthn/src/SharedPipes/CheckRelyingPartyIdContained.php
Lines 46 to 48 in 7e62ec9
Using parse_url()
with the PHP_URL_HOST
flag will return nothing, causing the next evaluation to fail:
WebAuthn/src/SharedPipes/CheckRelyingPartyIdContained.php
Lines 51 to 53 in 7e62ec9
// Set WEBAUTHN_ID=my.domain.com and try to register a new device
No response
Please i am trying to use webauthn in my app i had to upgrade to laravel 9 to user Laragear/WebAuthn because i was unable to set up Larapass and i can't create any issue there.
Wel Successfull Set WebAuthn but having Issue registering Device...
I get 422 Error Code
Actually need Help is not a bug
It would be great if the fields used in the WebAuthn data were configurable instead of being hardcoded to the email
and name
properties of the user.
https://github.com/Laragear/WebAuthn/blob/1.x/src/WebAuthnAuthentication.php#L28
For example, I might want to use the user's username
instead of email
as the visible name of the WebAuthn credential.
It should be straightforward to add a configuration option to set these properties.
`config/webauthn.php`
...
'webauthn_data_properties' => [
'name' => env('WEBAUTHN_NAME_PROP', 'email'),
'displayName' => env('WEBAUTHN_DISPLAYNAME_PROP', 'name'),
]
...
As you can see, there are a lot of small bugs here and there.
Currently I'm under contract and hands full. I've not abandoned this package, or any under the Laragear.
I will retake it as soon as I'm able to, hopefully before this year ends.
8.2
No response
10 [Latest]
I want to login.
When I attempted to log in using my Android device with a QR code, an error message appeared is Laravel Log files:
"Assertion Error: User ID is not the owner of the stored credential."
The userHandle is null. I tried the codes in the PRs and the Android null repository.
...
No response
Hi @DarkGhostHunter ,
I've been using your Larapass package, since it's abandoned now I tried to use this one.
I'm using Laravel-doctrine/orm package which means that I'm not relaying on Eloquent.
With previous package I was able to easily implement contracts, etc. but since current contracts are forcing return types to strictly Eloquent related, I'm not able to implement contracts without Model usage.
I think it's mostly about WebAuthnAuthenticatable
contract and it's webAuthnCredentials
returning MorphMany
which I'm not able to use in doctrine world :)
Are there any plans to make this package more open ?
Thanks
interface WebAuthnAuthenticatable
{
/**
* Returns displayable data to be used to create WebAuthn Credentials.
*
* @return array{name: string, displayName: string}
*/
public function webAuthnData(): array;
/**
* Removes all credentials previously registered.
*
* @param string ...$except
* @return void
*/
public function flushCredentials(string ...$except): void;
/**
* Disables all credentials for the user.
*
* @param string ...$except
* @return void
*/
public function disableAllCredentials(string ...$except): void;
/**
* Makes an instance of a WebAuthn Credential attached to this user.
*
* @param array $properties
* @return \Laragear\WebAuthn\Models\WebAuthnCredential
*/
public function makeWebAuthnCredential(array $properties): WebAuthnCredential;
/**
* Returns a queryable relationship for its WebAuthn Credentials.
*
* @phpstan-ignore-next-line
* @return \Illuminate\Database\Eloquent\Relations\MorphMany|\Laragear\WebAuthn\Models\WebAuthnCredential
*/
public function webAuthnCredentials(): MorphMany;
}
Hi dev team, i have been using the old package Larapass i guess, it was working perfectly.
What about implementing it in this also?
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use DarkGhostHunter\Larapass\Http\SendsWebAuthnRecoveryEmail;
class WebAuthnDeviceLostController extends Controller
and
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use DarkGhostHunter\Larapass\Http\RecoversWebAuthn;
class WebAuthnRecoveryController extends Controller
{
use RecoversWebAuthn;
8.1.20 - Cent OS (Plesk)
No response
9.0
No Error Message
Sorry, I'm not sure wether this is an issue, but searching for help.
I'm using Nuxt.js Frontend and Laravel Backend, authenticated with Laravel Sanctum Cookie Based.
Frontend URL: example.com Backend URL: api.example.com, so Cookie Based Auth works fine here, but not Webauthn I get the Error "Attestation Error: Relying Party ID not scoped to current"
On localhost:3000 for frontend and 8010 for backend everything is working fine. I think the problem comes from difference in URL, but I don't know how to configure, for not getting this error. Is this possible?
Thanks!
Install Frontend and Backend on different URLs
No response
PHP 8.1.7 (in Valet) (MAC OS dev)
9.17.0
not applicable
MAC OS Monterrey, FireFox (current)
For the database migration to complete without error. I just ginned up a totally new clean install, installed breeze, created one user, then tried, same issue. MySQL: 10.7.3-MariaDB - Homebrew
I get this error:
Illuminate\Database\QueryException
SQLSTATE[42000]: Syntax error or access violation: 1059 Identifier name 'webauthn_credentials_authenticatable_type_authenticatable_id_index' is too long (SQL: alter table webauthn_credentials
add index webauthn_credentials_authenticatable_type_authenticatable_id_index
(authenticatable_type
, authenticatable_id
))
at vendor/laravel/framework/src/Illuminate/Database/Connection.php:742
738▕ // If an exception occurs when attempting to run a query, we'll format the error
739▕ // message to include the bindings with SQL, which will make this exception a
740▕ // lot more helpful to the developer instead of just the database's errors.
741▕ catch (Exception $e) {
➜ 742▕ throw new QueryException(
743▕ $query, $this->prepareBindings($bindings), $e
744▕ );
745▕ }
746▕ }
+9 vendor frames
10 database/migrations/2022_06_17_161949_create_webauthn_credentials.php:25
Illuminate\Support\Facades\Facade::__callStatic("create")
+22 vendor frames
33 artisan:35
Illuminate\Foundation\Console\Kernel::handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
not applicable
Illuminate\Database\QueryException
SQLSTATE[42000]: Syntax error or access violation: 1059 Identifier name 'webauthn_credentials_authenticatable_type_authenticatable_id_index' is too long (SQL: alter table `webauthn_credentials` add index `webauthn_credentials_authenticatable_type_authenticatable_id_index`(`authenticatable_type`, `authenticatable_id`))
at vendor/laravel/framework/src/Illuminate/Database/Connection.php:742
738▕ // If an exception occurs when attempting to run a query, we'll format the error
739▕ // message to include the bindings with SQL, which will make this exception a
740▕ // lot more helpful to the developer instead of just the database's errors.
741▕ catch (Exception $e) {
➜ 742▕ throw new QueryException(
743▕ $query, $this->prepareBindings($bindings), $e
744▕ );
745▕ }
746▕ }
+9 vendor frames
10 database/migrations/2022_06_17_161949_create_webauthn_credentials.php:25
Illuminate\Support\Facades\Facade::__callStatic("create")
+22 vendor frames
33 artisan:35
Illuminate\Foundation\Console\Kernel::handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
No response
No, don't give priority to this
No response
No response
Code being used with respect to manual ? 😅
https://github.com/Laragear/WebAuthn/blob/1.x/src/Auth/WebAuthnUserProvider.php#L49
class_implements($this->model, WebAuthnAuthenticatable::class)
https://www.php.net/manual/en/function.class-implements.php
class_implements(object|string $object_or_class, bool $autoload = true): array|false
This function returns an array with the names of the interfaces that the given object_or_class and its parents implement.
See above.
No response
No response
No, don't give priority to this
Hi, first of all thanks for super power 🚀 package,
I think it can be very useful and important to give the ability of using a stateless mode (e.g. for token based communications like rest/grapqhl/..).
In this sense I identify two areas for improvement:
I'll try to clarify this last point for a moment: at several points pipes expect precise data present in the input of incoming request but this is quite limiting if the communication where the payload of the data exchanged is different (e.g. graphql/rest/..) and this cause complications in use of manual management, (as a work around I currently use request()->merge([])
but I think we can find a better strategy.
What do you think about this? Did I miss something, maybe some security-related steps?
Thanks.
// I'm trying to see if I can produce a draft PR on this.
8.1.11 - Mac OS Ventura 13.2
latest (docker)
9.19
alias should be reflected in the database but it is not.
sadly the parameter seems to be dropped.
const register = event => {
event.preventDefault()
new WebAuthn().register({
alias: 'some alias'
}).then(response => alert('Registration successful!'));
};
alias is sent to the options request but dropped on the way to the register request.
stored credentials do not include the given alias.
vanilla backend as described in docs `WebAuthnRegisterController.php`:
```php
public function options(AttestationRequest $request): Responsable
{
return $request
->fastRegistration()
// ->userless()
// ->allowDuplicates()
->toCreate();
}
public function register(AttestedRequest $request): Response
{
$request->save($request->input('alias'));
return response()->noContent();
}
### Stack trace & logs
_No response_
Currently the method expiresAt
of class Laragear\WebAuthn\Challenge\Challenge
expects the return type to be Carbon. And since it uses Date
facade by default it will return Carbon
only. But for projects where Date
facade uses CarbonImmutable
handler using Date::use(CarbonImmutable::class);
this method will break as the return value from Date facade will be an instance of CarbonImmutable
. We can add the return type of expiresAt
as CarbonInterface
to support both Carbon
and CarbonImmutable
.
Feel free to close this issue if it is of not that importance.
use Carbon\CarbonInterface;
public function expiresAt(): CarbonInterface
{
return Date::createFromTimestamp($this->expiresAt);
}
8.1.11 - Windows 10
MySQL 8.0.30
9.36.3
When registering a security key, the attestation is stored to db.
When registering a Nitrokey, an error occurs when attestation is written to MySQL db because of a too long index (298 chars!)
This Nitrokey does not validate the assumption made here: DarkGhostHunter/Larapass#14 (comment)
// Using the WebAuthn repository tests.
// Change the CREDENTIAL_ID to a 255+ long string
// Then run the Tests\Http\Requests\AttestedRequestTest tests
class FakeAuthenticator
{
public const CREDENTIAL_ID = 'owBYu_waGLhAOCg4EFzi6Lr55x51G2dR5yhJi8q2C3tgZQQL2aEi-nK3I54J6ILj70pJzR_6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd-ShQZ95eHoc8SA_-8vzCyfmy-wI_K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A';
public const CREDENTIAL_ID_RAW = 'owBYu/waGLhAOCg4EFzi6Lr55x51G2dR5yhJi8q2C3tgZQQL2aEi+nK3I54J6ILj70pJzR/6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd+ShQZ95eHoc8SA/+8vzCyfmy+wI/K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A=';
// ...
}
// Error in VS Code during the execution of Tests\Http\Requests\AttestedRequestTest tests
node:events:504
throw er; // Unhandled 'error' event
^
Error: ENOENT: no such file or directory, open 'd:\ SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'id' at row 1 in ...\WebAuthn\vendor\laravel\framework\src\Illuminate\Database\Connection.php'
Emitted 'error' event on Interface instance at:
at ReadStream.onerror (node:readline:265:10)
at ReadStream.emit (node:events:526:28)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21) {
errno: -4058,
code: 'ENOENT',
syscall: 'open',
path: "d:\\ SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'id' at row 1 in ...\\WebAuthn\\vendor\\laravel\\framework\\src\\Illuminate\\Database\\Connection.php"
}
// In production stacktrace (from https://github.com/Bubka/2FAuth/issues/166#issuecomment-1460991223)
[2023-03-01 12:24:10] local.ERROR: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'id' at row 1 (SQL: insert into `web_authn_credentials` (`id`, `user_handle`, `type`, `transports`, `attestation_type`, `trust_path`, `aaguid`, `public_key`, `counter`, `user_id`, `updated_at`, `created_at`) values (owBYu_waGLhAOCg4EFzi6Lr55x51G2bhCQIYNOXkC3tgZQQL2aEi-nK3I54J6ILj70pJzR_6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd-ShQZ95eHoc8SA_-8vzCyfmy-wI_K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A, c6d01c4c-95fb-4e39-ab4f-78be47568837, public-key, [], none, {"type":"Webauthn\\TrustPath\\EmptyTrustPath"}, 00000000-0000-0000-0000-000000000000, XXXXXXXXXXXXXXXXX, 25, 1, 2023-03-01 12:24:10, 2023-03-01 12:24:10)) {"userId":1,"exception":"[object] (Illuminate\\Database\\QueryException(code: 22001): SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'id' at row 1 (SQL: insert into `web_authn_credentials` (`id`, `user_handle`, `type`, `transports`, `attestation_type`, `trust_path`, `aaguid`, `public_key`, `counter`, `user_id`, `updated_at`, `created_at`) values (owBYu_waGLhAOCg4EFzi6Lr55x51G2bhCQIYNOXkC3tgZQQL2aEi-nK3I54J6ILj70pJzR_6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd-ShQZ95eHoc8SA_-8vzCyfmy-wI_K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A, c6d01c4c-95fb-4e39-ab4f-78be47568837, public-key, [], none, {\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"}, 00000000-0000-0000-0000-000000000000, XXXXXXXXXXXXXXXXXXXX, 25, 1, 2023-03-01 12:24:10, 2023-03-01 12:24:10)) at /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Connection.php:712)
[stacktrace]
#0 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Connection.php(672): Illuminate\\Database\\Connection->runQueryCallback()
#1 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Connection.php(502): Illuminate\\Database\\Connection->run()
#2 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Connection.php(454): Illuminate\\Database\\Connection->statement()
#3 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2980): Illuminate\\Database\\Connection->insert()
#4 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(1657): Illuminate\\Database\\Query\\Builder->insert()
#5 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(1164): Illuminate\\Database\\Eloquent\\Builder->__call()
#6 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(994): Illuminate\\Database\\Eloquent\\Model->performInsert()
#7 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Relations/HasOneOrMany.php(267): Illuminate\\Database\\Eloquent\\Model->save()
#8 /var/www/2fauth/vendor/darkghosthunter/larapass/src/WebAuthnAuthentication.php(93): Illuminate\\Database\\Eloquent\\Relations\\HasOneOrMany->save()
#9 /var/www/2fauth/vendor/darkghosthunter/larapass/src/Http/RegistersWebAuthn.php(47): App\\Models\\User->addCredential()
#10 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\\Http\\Controllers\\Auth\\WebAuthnRegisterController->register()
#11 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#12 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#13 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController()
#14 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run()
#15 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#16 /var/www/2fauth/app/Http/Middleware/RejectIfReverseProxy.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#17 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\RejectIfReverseProxy->handle()
#18 /var/www/2fauth/app/Http/Middleware/KickOutInactiveUser.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#19 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\KickOutInactiveUser->handle()
#20 /var/www/2fauth/app/Http/Middleware/LogUserLastSeen.php(35): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#21 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\LogUserLastSeen->handle()
#22 /var/www/2fauth/vendor/laravel/passport/src/Http/Middleware/CreateFreshApiToken.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#23 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Laravel\\Passport\\Http\\Middleware\\CreateFreshApiToken->handle()
#24 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#25 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
#26 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(44): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#27 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Auth\\Middleware\\Authenticate->handle()
#28 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#29 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#30 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#31 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#32 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
#33 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#34 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#35 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#36 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#37 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#38 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then()
#39 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack()
#40 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute()
#41 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute()
#42 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
#43 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#44 /var/www/2fauth/app/Http/Middleware/ForceJsonResponse.php(20): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#45 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\ForceJsonResponse->handle()
#46 /var/www/2fauth/app/Http/Middleware/SetLanguage.php(54): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#47 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\\Http\\Middleware\\SetLanguage->handle()
#48 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#49 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#50 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#51 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#52 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#53 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#54 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#55 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#56 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#57 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#58 /var/www/2fauth/vendor/fruitcake/laravel-cors/src/HandleCors.php(38): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#59 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fruitcake\\Cors\\HandleCors->handle()
#60 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#61 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#62 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#63 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
#64 /var/www/2fauth/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#65 /var/www/2fauth/public/index.php(73): Illuminate\\Foundation\\Http\\Kernel->handle()
#66 {main}
8.2.11 - Windows 21H2
MariaDB 10.9.3
10.28
successful registration
api returns an error response when registering through webauthn. i have an SPA with the package @simplewebauthn/browser.
i setup the default configs w/ breeze; sanctum, api
routes/auth.php
Route::prefix('webauth')
->middleware(['auth:sanctum'])
->group(function () {
Route::get('/register/options', [WebAuthnRegisterController::class, 'options'])->name('webauthn.register.options');
Route::post('/register', [WebAuthnRegisterController::class, 'register'])->name('webauthn.register');
});
sample fetch:
register/options response
{
"rp": {
"name": "Laravel"
},
"authenticatorSelection": {
"residentKey": "required",
"requireResidentKey": true,
"userVerification": "required"
},
"user": {
"name": "[email protected]",
"displayName": "Test User",
"id": "671b1314af7a4ae59acb11bfe31da868"
},
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
},
{
"type": "public-key",
"alg": -257
}
],
"attestation": "none",
"excludeCredentials": [],
"timeout": 60000,
"challenge": "B_nNl8II2S7rLFDkciHU2Q"
}
simplewebauthn startRegistration() payload to /register
{
"id": "EBKcjOuGFLJkuKALSW4FxGGgVEKb_hQywCjx4Qa-i1E",
"rawId": "EBKcjOuGFLJkuKALSW4FxGGgVEKb_hQywCjx4Qa-i1E",
"response": {
"attestationObject": "o2N ... AB",
"clientDataJSON": "eyJ ... V9",
"transports": [],
"publicKeyAlgorithm": -257,
"publicKey": "MI ... AB",
"authenticatorData": "x8 ... AE"
},
"type": "public-key",
"clientExtensionResults": {},
"authenticatorAttachment": "platform"
}
/register response
{
"message": [
"Attestation Error: ByteBuffer: Invalid offset or length."
],
"file": "\\vendor\\laravel\\framework\\src\\Illuminate\\Validation\\ValidationException.php",
"line": 71,
"trace": [
{
"file": "\\vendor\\laragear\\webauthn\\src\\Exceptions\\AttestationException.php",
"line": 18,
"function": "withMessages",
"class": "Illuminate\\Validation\\ValidationException",
...
*
also tested on w11, but the same error happens.
Full stack trace: https://pastebin.com/raw/9UfA1GxT
excuse my poor understanding of all these. many thanks in advance
When a user logs in via Assertion, a session key should be set with the ID of the credential used to login via assertion.
This would help developers to check which device the user is using, and reject disabling the current device by mistake by simple id comparison: If the Credential ID is equal to the Session Credential ID, don't allow to disable it.
Implementation should be in the guard. Assertion pipelines should be kept as-is as the feature is authentication-session-specific.
/**
* Validate the WebAuthn assertion.
*/
protected function validateWebAuthn(WebAuthnAuthenticatable $user, array $credentials): bool
{
try {
// When we hit this method, we already have the user for the credential, so we will
// pass it to the Assertion Validation data, thus avoiding fetching it again.
$this->validator
->send(new AssertionValidation(new JsonTransport($credentials), $user))
->thenReturn();
} catch (AssertionException $e) {
// If we're debugging, like under local development, push the error to the logger.
if (config('app.debug')) {
logger($e->getMessage());
}
return false;
}
+ // If the dev has ID-on-session enabled, set it.
+ if (config('webauthn.auth.set_id')) {
+ $this->session->put(
+ config('webauthn.auth.session_key', '_webauthn.credential_id'),
+ $credentials['id']
+ ):
+ }
return true;
}
"While WebAuthn was designed primarily for authentication, the framework can be extended to support signing with keypairs generated on authenticators without requiring custom clients for end users."
I found this functionality very interesting, the flow is described here:
"In short, the registration and authentication events consists of a cryptographic signing process with the public key returned, which is then used to sign a data set which is provided by the relying party. Replacing the randomly generated challenge with a hash of a file to be signed allows this signature flow to be applied to actual documentation, with the public key also available for verification after the fact."
Currently the related discuss and progress in this regard under webauthn / webcrypto are in a sort of "limbo" (see w3c/webauthn#1608 and related w3c/webcrypto#263) so I have the thought there would be room for use currently.
Interesting also this caveats to keep in mind.
On the implementation side, I think it would be enough to give the possibility to inject the ByteBuffer
into AssertionCreation
and then use it as an alternative for the creation of the Challenge
(instead of random).
What do you think about it?
$assertion = app()->make(AssertionCreator::class)
->send(new AssertionCreation(
user: null,
userVerification: UserVerification::DISCOURAGED,
challengeData: new ByteBuffer('...hash_of_a_file...')
))
->then(static function (AssertionCreation $creation): Responsable {
return $creation->json;
});
8.1.5 - Debian
9.2
No response
No response
CSRF are not always provided, sometimes a XCRF token is provided in the cookies headers. Those should be supported.
Larapass was supporting XCRF tokens:
https://github.com/DarkGhostHunter/Larapass/blob/master/resources/js/larapass.js#L85
Use Laragear with any Laravel installation without using @csrf in meta or form.
No response
No response
No, don't give priority to this
Studying the integration of the library on Android and iOS we found that although via WebView (both platform) or Android CustomTabs / iOS SFSafariViewController there are no difficulties, it is necessary to carry out a small server side integration to allow the native implementation of the solution on Android and iOS.
The evaluation of this analysis was done with a small poc (actors: android / ios / web / server), in essence, everything translates (in addition to the various configurations of the case for both environments which are not the responsibility of this library) in:
On the implementation side, the areas of impact that I find are:
I looked at a previous "draft" of closed pr #61 which went in that direction, although in my opinion it can be simplified with a simple in_array (match string) to be able to also be used for other possible non-Android scenarios.
For example, for Android I would value with the already calculated android:apk-key-hash (e.g. android:apk-key-hash:hlbf0LpDSuQ3UpvvmFAMc1OhrD96549OYYOkGJKxJVs) instead of calculating the relevant fingerprint (see detail on the composition), in order to make everything simpler (avoid recalculations at each request) and not differentiate per os (possibly commands could be provided for os as helpers to generate the appropriate strings).
Although at the current state of the branches it seems to me that this feat is also compatible on 2.x, perhaps it is better to keep 3.x as the basis (I don't seem to see any conflicts but I don't understand the tests part).
Let me know what you think,
thanks.
8.2.1 & MacOs
No response
10
When I try to register a new device, the credential should be saved in the DB.
I am getting this error when I try to register a new device:
Attestation Error: ByteBuffer: Invalid offset or length.
It's coming from this class: CompileAttestationObject
and the line number is 78.
Try to register a new device.
No response
8.1
No response
10
When I'm logging in with wrong E-Mail Adress, the browser should not be able to find a matching Key.
The browser is not able to find a matching key, but if I only have one key, the browser is choosing the one and logging in into the account where the key is for and not the account I typed the email-adress in.
So long story short: No matter which E-Mail I'm inserting in Login Form, I am always in the same account.
Tested on MacOS with Chrome.
Potentially a bug in chrome? I'm not shure? Or is this the expected behaviour?
Generate Webauthn Login and try to log in with different E-Mail.
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.