From 42b624dc5a6bb3b3b348716e7ed0769c843e9fbb Mon Sep 17 00:00:00 2001
From: Janis Steiner <janis.st44@gmail.com>
Date: Fri, 13 Dec 2024 15:02:02 +0100
Subject: [PATCH] not traking certs folder

---
 .gitignore                            |  1 +
 app-code/api/login/create_passkey.php | 35 +++++++++++++++++++++
 app-code/api/login/test.html          | 45 +++++++++++++++++++++++++++
 app-code/api/login/verify_passkey.php | 17 ++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 app-code/api/login/create_passkey.php
 create mode 100644 app-code/api/login/test.html
 create mode 100644 app-code/api/login/verify_passkey.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..df91287
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+certs/
diff --git a/app-code/api/login/create_passkey.php b/app-code/api/login/create_passkey.php
new file mode 100644
index 0000000..a19ac95
--- /dev/null
+++ b/app-code/api/login/create_passkey.php
@@ -0,0 +1,35 @@
+// registration.php
+
+session_start();
+
+use Webauthn\PublicKeyCredentialCreationOptions;
+use Webauthn\PublicKeyCredentialRpEntity;
+use Webauthn\PublicKeyCredentialUserEntity;
+use Webauthn\AuthenticatorSelectionCriteria;
+use Webauthn\AuthenticatorAttestationResponseValidator;
+
+// Server configuration
+$rpEntity = new PublicKeyCredentialRpEntity('Example App', 'example.com');
+
+// Fetch or create user
+$userId = bin2hex(random_bytes(16)); // Use a unique identifier per user
+$_SESSION['user_id'] = $userId; // Save it for verification
+$user = new PublicKeyCredentialUserEntity($userId, 'username', 'User Display Name');
+
+// Generate options
+$options = new PublicKeyCredentialCreationOptions(
+    $rpEntity,
+    $user,
+    random_bytes(16), // Challenge
+    [
+        ['type' => 'public-key', 'alg' => -7], // Algorithms
+    ],
+    new AuthenticatorSelectionCriteria(),
+    PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE
+);
+
+// Save options in session for later verification
+$_SESSION['creation_options'] = serialize($options);
+
+header('Content-Type: application/json');
+echo json_encode($options, JSON_UNESCAPED_SLASHES);
diff --git a/app-code/api/login/test.html b/app-code/api/login/test.html
new file mode 100644
index 0000000..d1a9388
--- /dev/null
+++ b/app-code/api/login/test.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Passkey Login</title>
+</head>
+<body>
+    <h1>Passkey Login</h1>
+    <form id="register-form">
+        <button type="button" id="register">Register Passkey</button>
+    </form>
+    <form id="login-form">
+        <button type="button" id="login">Login with Passkey</button>
+    </form>
+
+    <script>
+        async function registerPasskey() {
+            const res = await fetch('/registration.php');
+            const options = await res.json();
+
+            // Convert the challenge and user ID to ArrayBuffer
+            options.challenge = new Uint8Array(Object.values(options.challenge)).buffer;
+            options.user.id = new Uint8Array(Object.values(options.user.id)).buffer;
+
+            const credential = await navigator.credentials.create({ publicKey: options });
+            console.log(credential);
+        }
+
+        async function loginPasskey() {
+            const res = await fetch('/login.php');
+            const options = await res.json();
+
+            // Convert challenge to ArrayBuffer
+            options.challenge = new Uint8Array(Object.values(options.challenge)).buffer;
+
+            const assertion = await navigator.credentials.get({ publicKey: options });
+            console.log(assertion);
+        }
+
+        document.getElementById('register').addEventListener('click', registerPasskey);
+        document.getElementById('login').addEventListener('click', loginPasskey);
+    </script>
+</body>
+</html>
diff --git a/app-code/api/login/verify_passkey.php b/app-code/api/login/verify_passkey.php
new file mode 100644
index 0000000..9e8c508
--- /dev/null
+++ b/app-code/api/login/verify_passkey.php
@@ -0,0 +1,17 @@
+// login.php
+
+session_start();
+
+use Webauthn\PublicKeyCredentialRequestOptions;
+use Webauthn\AuthenticatorAssertionResponseValidator;
+use Webauthn\PublicKeyCredentialLoader;
+
+// Fetch stored credential information for the user
+$storedCredentialId = $_SESSION['credential_id']; // Replace with DB fetch
+$storedPublicKey = $_SESSION['public_key']; // Replace with DB fetch
+
+$options = new PublicKeyCredentialRequestOptions(random_bytes(16)); // Challenge
+$_SESSION['request_options'] = serialize($options);
+
+header('Content-Type: application/json');
+echo json_encode($options, JSON_UNESCAPED_SLASHES);