u
This commit is contained in:
jakani24
@@ -57,6 +57,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Create user table
|
// Create user table
|
||||||
|
//INSERT INTO registrations (userId, credentialId, publicKey, counter) VALUES (?, ?, ?, ?)");
|
||||||
$sql = "CREATE TABLE IF NOT EXISTS users (
|
$sql = "CREATE TABLE IF NOT EXISTS users (
|
||||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||||
username VARCHAR(255) NOT NULL,
|
username VARCHAR(255) NOT NULL,
|
||||||
@@ -64,7 +65,11 @@
|
|||||||
perms VARCHAR(255),
|
perms VARCHAR(255),
|
||||||
password VARCHAR(255),
|
password VARCHAR(255),
|
||||||
2fa VARCHAR(255),
|
2fa VARCHAR(255),
|
||||||
telegram_id VARCHAR(255)
|
telegram_id VARCHAR(255),
|
||||||
|
user_hex_id VARCHAR(255):
|
||||||
|
credential_id VARBINARY(64),
|
||||||
|
public_key TEXT,
|
||||||
|
counter INT
|
||||||
)";
|
)";
|
||||||
|
|
||||||
if ($conn->query($sql) === TRUE) {
|
if ($conn->query($sql) === TRUE) {
|
||||||
|
|||||||
@@ -185,56 +185,7 @@ try {
|
|||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
print(json_encode($return));
|
print(json_encode($return));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// ------------------------------------
|
|
||||||
// proccess get
|
|
||||||
// ------------------------------------
|
|
||||||
|
|
||||||
} else if ($fn === 'processGet') {
|
|
||||||
$clientDataJSON = base64_decode($post->clientDataJSON);
|
|
||||||
$authenticatorData = base64_decode($post->authenticatorData);
|
|
||||||
$signature = base64_decode($post->signature);
|
|
||||||
$userHandle = base64_decode($post->userHandle);
|
|
||||||
$id = base64_decode($post->id);
|
|
||||||
$challenge = $_SESSION['challenge'] ?? '';
|
|
||||||
$credentialPublicKey = null;
|
|
||||||
|
|
||||||
// looking up correspondending public key of the credential id
|
|
||||||
// you should also validate that only ids of the given user name
|
|
||||||
// are taken for the login.
|
|
||||||
if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
|
|
||||||
foreach ($_SESSION['registrations'] as $reg) {
|
|
||||||
if ($reg->credentialId === $id) {
|
|
||||||
$credentialPublicKey = $reg->credentialPublicKey;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($credentialPublicKey === null) {
|
|
||||||
throw new Exception('Public Key for credential ID not found!');
|
|
||||||
}
|
|
||||||
|
|
||||||
// if we have resident key, we have to verify that the userHandle is the provided userId at registration
|
|
||||||
if ($requireResidentKey && $userHandle !== hex2bin($reg->userId)) {
|
|
||||||
throw new \Exception('userId doesnt match (is ' . bin2hex($userHandle) . ' but expect ' . $reg->userId . ')');
|
|
||||||
}
|
|
||||||
|
|
||||||
// process the get request. throws WebAuthnException if it fails
|
|
||||||
$WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
|
|
||||||
|
|
||||||
$return = new stdClass();
|
|
||||||
$return->success = true;
|
|
||||||
|
|
||||||
header('Content-Type: application/json');
|
|
||||||
print(json_encode($return));
|
|
||||||
|
|
||||||
// ------------------------------------
|
|
||||||
// proccess clear registrations
|
|
||||||
// ------------------------------------
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
} catch (Throwable $ex) {
|
} catch (Throwable $ex) {
|
||||||
$return = new stdClass();
|
$return = new stdClass();
|
||||||
@@ -245,4 +196,89 @@ try {
|
|||||||
print(json_encode($return));
|
print(json_encode($return));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
<?php
|
||||||
|
//with db:
|
||||||
|
/*
|
||||||
|
|
||||||
|
require_once 'WebAuthn.php';
|
||||||
|
// Assuming you've already established a database connection here
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Read input parameters
|
||||||
|
$fn = filter_input(INPUT_GET, 'fn');
|
||||||
|
$requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
|
||||||
|
$userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
|
||||||
|
$userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
$userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
$userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
|
||||||
|
// Validate and sanitize input
|
||||||
|
$userId = preg_replace('/[^0-9a-f]/i', '', $userId);
|
||||||
|
$userName = preg_replace('/[^0-9a-z]/i', '', $userName);
|
||||||
|
$userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
|
||||||
|
|
||||||
|
$post = trim(file_get_contents('php://input'));
|
||||||
|
if ($post) {
|
||||||
|
$post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initialize WebAuthn
|
||||||
|
$rpId=$_SERVER['SERVER_NAME'];
|
||||||
|
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId);
|
||||||
|
|
||||||
|
// Other configurations...
|
||||||
|
|
||||||
|
// Handle different functions
|
||||||
|
if ($fn === 'getCreateArgs') {
|
||||||
|
// Get create arguments
|
||||||
|
$createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification);
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($createArgs));
|
||||||
|
|
||||||
|
// Save challenge to session or somewhere else if needed
|
||||||
|
} else if ($fn === 'getGetArgs') {
|
||||||
|
// Get get arguments
|
||||||
|
// Retrieve credential IDs from the database based on $userId
|
||||||
|
$ids = []; // Fetch credential IDs from the database
|
||||||
|
$getArgs = $WebAuthn->getGetArgs($ids, 60*4);
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($getArgs));
|
||||||
|
|
||||||
|
// Save challenge to session or somewhere else if needed
|
||||||
|
} else if ($fn === 'processCreate') {
|
||||||
|
// Process create
|
||||||
|
$clientDataJSON = base64_decode($post->clientDataJSON);
|
||||||
|
$attestationObject = base64_decode($post->attestationObject);
|
||||||
|
|
||||||
|
// Process create and store data in the database
|
||||||
|
$data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, $userVerification === 'required', true, false);
|
||||||
|
|
||||||
|
// Store registration data in the database
|
||||||
|
$stmt = $conn->prepare("INSERT INTO registrations (userId, credentialId, publicKey, counter) VALUES (?, ?, ?, ?)");
|
||||||
|
$stmt->execute([$userId, $data->credentialId, $data->publicKey, $data->counter]);
|
||||||
|
|
||||||
|
$msg = 'registration success.';
|
||||||
|
$return = new stdClass();
|
||||||
|
$return->success = true;
|
||||||
|
$return->msg = $msg;
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($return));
|
||||||
|
}
|
||||||
|
|
||||||
|
} catch (Throwable $ex) {
|
||||||
|
$return = new stdClass();
|
||||||
|
$return->success = false;
|
||||||
|
$return->msg = $ex->getMessage();
|
||||||
|
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($return));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
*/
|
||||||
?>
|
?>
|
||||||
@@ -201,4 +201,101 @@ try {
|
|||||||
print(json_encode($return));
|
print(json_encode($return));
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<?php
|
||||||
|
//with db:
|
||||||
|
/*
|
||||||
|
require_once 'WebAuthn.php';
|
||||||
|
// Assuming you've already established a database connection here
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Read input parameters
|
||||||
|
$fn = filter_input(INPUT_GET, 'fn');
|
||||||
|
$requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
|
||||||
|
$userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
|
||||||
|
$userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
$userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
$userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
|
|
||||||
|
// Validate and sanitize input
|
||||||
|
$userId = preg_replace('/[^0-9a-f]/i', '', $userId);
|
||||||
|
$userName = preg_replace('/[^0-9a-z]/i', '', $userName);
|
||||||
|
$userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
|
||||||
|
|
||||||
|
$post = trim(file_get_contents('php://input'));
|
||||||
|
if ($post) {
|
||||||
|
$post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initialize WebAuthn
|
||||||
|
$rpId=$_SERVER['SERVER_NAME'];
|
||||||
|
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId);
|
||||||
|
|
||||||
|
// Other configurations...
|
||||||
|
|
||||||
|
// Handle different functions
|
||||||
|
if ($fn === 'getCreateArgs') {
|
||||||
|
// Get create arguments
|
||||||
|
$createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification);
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($createArgs));
|
||||||
|
|
||||||
|
// Save challenge to session or somewhere else if needed
|
||||||
|
} else if ($fn === 'getGetArgs') {
|
||||||
|
// Get get arguments
|
||||||
|
// Retrieve credential IDs from the database based on $userId
|
||||||
|
$ids = []; // Fetch credential IDs from the database
|
||||||
|
$getArgs = $WebAuthn->getGetArgs($ids, 60*4);
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($getArgs));
|
||||||
|
|
||||||
|
// Save challenge to session or somewhere else if needed
|
||||||
|
} else if ($fn === 'processGet') {
|
||||||
|
// Process get
|
||||||
|
// Retrieve registration data from the database based on credential ID
|
||||||
|
$id = base64_decode($post->id);
|
||||||
|
$stmt = $conn->prepare("SELECT * FROM registrations WHERE credentialId = ?");
|
||||||
|
$stmt->execute([$id]);
|
||||||
|
$registration = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
|
if (!$registration) {
|
||||||
|
throw new Exception('Public Key for credential ID not found!');
|
||||||
|
}
|
||||||
|
|
||||||
|
$clientDataJSON = base64_decode($post->clientDataJSON);
|
||||||
|
$authenticatorData = base64_decode($post->authenticatorData);
|
||||||
|
$signature = base64_decode($post->signature);
|
||||||
|
$userHandle = base64_decode($post->userHandle);
|
||||||
|
$challenge = $_SESSION['challenge'] ?? '';
|
||||||
|
$credentialPublicKey = $registration['publicKey'];
|
||||||
|
|
||||||
|
// Process the get request
|
||||||
|
$WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
|
||||||
|
|
||||||
|
// Authentication success
|
||||||
|
$return = new stdClass();
|
||||||
|
$return->success = true;
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($return));
|
||||||
|
}
|
||||||
|
|
||||||
|
} catch (Throwable $ex) {
|
||||||
|
$return = new stdClass();
|
||||||
|
$return->success = false;
|
||||||
|
$return->msg = $ex->getMessage();
|
||||||
|
|
||||||
|
header('Content-Type: application/json');
|
||||||
|
print(json_encode($return));
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
?>
|
||||||
|
|||||||
Reference in New Issue
Block a user