This commit is contained in:
@@ -15,15 +15,19 @@ if ($conn->connect_error) {
|
||||
try {
|
||||
// read get argument and post body
|
||||
$fn = filter_input(INPUT_GET, 'fn');
|
||||
if (!in_array($fn, ['getGetArgs', 'processGet'], true)) {
|
||||
throw new Exception('Invalid passkey operation.');
|
||||
}
|
||||
$requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
|
||||
$userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
|
||||
$userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$userVerification = 'preferred';
|
||||
|
||||
$userName = preg_replace('/[^0-9a-z_]/i', '', $_SESSION["username"] ?? "");
|
||||
if ($userName === "") {
|
||||
throw new Exception('Missing login session.');
|
||||
}
|
||||
$userId = bin2hex($userName);
|
||||
$userDisplayName = $userName;
|
||||
$userId = preg_replace('/[^0-9a-f]/i', '', $userId);
|
||||
$userName = preg_replace('/[^0-9a-z]/i', '', $userName);
|
||||
$userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
|
||||
|
||||
$post = trim(file_get_contents('php://input'));
|
||||
@@ -88,6 +92,7 @@ try {
|
||||
|
||||
// Save challenge to session or somewhere else if needed
|
||||
} else if ($fn === 'getGetArgs') {
|
||||
check_rate_limit($conn, 'passkey_get_args', 10, 5 * 60, $userName);
|
||||
$ids = [];
|
||||
|
||||
//get registrations form user table
|
||||
@@ -100,11 +105,12 @@ try {
|
||||
$row = $registration->fetch_assoc();
|
||||
|
||||
|
||||
if ($registration->num_rows <= 0) {
|
||||
if ($registration->num_rows <= 0 || empty($row["credential_id"])) {
|
||||
throw new Exception('User does not exist');
|
||||
}
|
||||
|
||||
$_SESSION["registrations"]["credentialId"]=$row["credential_id"];
|
||||
$_SESSION["registrations"]["username"]=$userName;
|
||||
|
||||
$ids[]=$row["credential_id"];
|
||||
$_SESSION["registrations"]["userId"]=$userId;
|
||||
@@ -118,16 +124,28 @@ try {
|
||||
$_SESSION['challenge'] = $WebAuthn->getChallenge();
|
||||
|
||||
}else if ($fn === 'processGet') {
|
||||
check_rate_limit($conn, 'passkey_process', 5, 10 * 60, $userName);
|
||||
if (empty($_SESSION["challenge"]) || empty($_SESSION["registrations"]["credentialId"]) || ($_SESSION["registrations"]["username"] ?? "") !== $userName) {
|
||||
throw new Exception('Invalid passkey session.');
|
||||
}
|
||||
foreach (['id', 'clientDataJSON', 'authenticatorData', 'signature'] as $requiredField) {
|
||||
if (!is_object($post) || empty($post->{$requiredField})) {
|
||||
throw new Exception('Invalid passkey response.');
|
||||
}
|
||||
}
|
||||
// Process get
|
||||
// Retrieve registration data from the database based on credential ID
|
||||
$id = base64_decode($post->id);
|
||||
$stmt = $conn->prepare("SELECT * FROM users WHERE credential_id = ?");
|
||||
$stmt->bind_param("s", $_SESSION["registrations"]["credentialId"]);
|
||||
if (!hash_equals($_SESSION["registrations"]["credentialId"], $id)) {
|
||||
throw new Exception('Invalid credential.');
|
||||
}
|
||||
$stmt = $conn->prepare("SELECT public_key, counter FROM users WHERE credential_id = ? AND username = ?");
|
||||
$stmt->bind_param("ss", $_SESSION["registrations"]["credentialId"], $userName);
|
||||
$stmt->execute();
|
||||
$registration = $stmt->get_result();
|
||||
$row = $registration->fetch_assoc();
|
||||
|
||||
if (!$registration) {
|
||||
if (!$row) {
|
||||
throw new Exception('Public Key for credential ID not found!');
|
||||
}
|
||||
|
||||
@@ -139,7 +157,14 @@ try {
|
||||
$credentialPublicKey = $row['public_key'];
|
||||
|
||||
// Process the get request
|
||||
$WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
|
||||
$WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, (int)$row['counter'], $userVerification === 'required');
|
||||
$newCounter = $WebAuthn->getSignatureCounter();
|
||||
if ($newCounter !== null) {
|
||||
$stmt = $conn->prepare("UPDATE users SET counter = ? WHERE username = ?");
|
||||
$stmt->bind_param("is", $newCounter, $userName);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
// Authentication success
|
||||
//set sessionso user is authenticated
|
||||
@@ -147,6 +172,8 @@ try {
|
||||
$_SESSION["pw_authenticated"]=1;
|
||||
$_SESSION["passkey_authenticated"]=1;
|
||||
session_regenerate_id(true);
|
||||
unset($_SESSION["challenge"], $_SESSION["registrations"]);
|
||||
clear_rate_limit($conn, 'passkey_process', $userName);
|
||||
$return = new stdClass();
|
||||
$return->success = true;
|
||||
|
||||
@@ -158,7 +185,7 @@ try {
|
||||
} catch (Throwable $ex) {
|
||||
$return = new stdClass();
|
||||
$return->success = false;
|
||||
$return->msg = $ex->getMessage();
|
||||
$return->msg = 'Passkey authentication failed.';
|
||||
|
||||
header('Content-Type: application/json');
|
||||
print(json_encode($return));
|
||||
|
||||
Reference in New Issue
Block a user