Add controllers and packages for security keys
This commit is contained in:
Matthew Penner
parent
f8ec8b4d5a
commit
06f692e649
29 changed files with 2398 additions and 383 deletions
79
app/Services/Users/SecurityKeys/StoreSecurityKeyService.php
Normal file
79
app/Services/Users/SecurityKeys/StoreSecurityKeyService.php
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Services\Users\SecurityKeys;
|
||||
|
||||
use Ramsey\Uuid\Uuid;
|
||||
use Illuminate\Support\Str;
|
||||
use Pterodactyl\Models\User;
|
||||
use Webmozart\Assert\Assert;
|
||||
use Pterodactyl\Models\SecurityKey;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Webauthn\PublicKeyCredentialCreationOptions;
|
||||
use Pterodactyl\Repositories\SecurityKeys\WebauthnServerRepository;
|
||||
|
||||
class StoreSecurityKeyService
|
||||
{
|
||||
protected ?ServerRequestInterface $request = null;
|
||||
|
||||
protected ?string $keyName = null;
|
||||
|
||||
public function __construct(protected WebauthnServerRepository $webauthnServerRepository)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the server request interface on the service, this is needed by the attestation
|
||||
* checking service on the Webauthn server.
|
||||
*/
|
||||
public function setRequest(ServerRequestInterface $request): self
|
||||
{
|
||||
$this->request = $request;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the security key's name. If not provided a random string will be used.
|
||||
*/
|
||||
public function setKeyName(?string $name): self
|
||||
{
|
||||
$this->keyName = $name;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates and stores a new hardware security key on a user's account.
|
||||
*
|
||||
* @throws \Throwable
|
||||
*/
|
||||
public function handle(User $user, array $registration, PublicKeyCredentialCreationOptions $options): SecurityKey
|
||||
{
|
||||
Assert::notNull($this->request, 'A request interface must be set on the service before it can be called.');
|
||||
|
||||
$source = $this->webauthnServerRepository->loadAndCheckAttestationResponse($user, $registration, $options, $this->request);
|
||||
|
||||
// Unfortunately this repository interface doesn't define a response — it is explicitly
|
||||
// void — so we need to just query the database immediately after this to pull the information
|
||||
// we just stored to return to the caller.
|
||||
/** @var \Pterodactyl\Models\SecurityKey $key */
|
||||
$key = $user->securityKeys()->make()->forceFill([
|
||||
'uuid' => Uuid::uuid4(),
|
||||
'name' => $this->keyName ?? 'Security Key (' . Str::random() . ')',
|
||||
'public_key_id' => $source->getPublicKeyCredentialId(),
|
||||
'public_key' => $source->getCredentialPublicKey(),
|
||||
'aaguid' => $source->getAaguid(),
|
||||
'type' => $source->getType(),
|
||||
'transports' => $source->getTransports(),
|
||||
'attestation_type' => $source->getAttestationType(),
|
||||
'trust_path' => $source->getTrustPath(),
|
||||
'user_handle' => $user->uuid,
|
||||
'counter' => $source->getCounter(),
|
||||
'other_ui' => $source->getOtherUI(),
|
||||
]);
|
||||
|
||||
$key->saveOrFail();
|
||||
|
||||
return $key;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue