Fix login authentication using security key

2022-02-13 14:57:45 -05:00 · 2022-02-13 14:57:45 -05:00 · 2d2352017d
commit 2d2352017d
parent 09497c234a
3 changed files with 9 additions and 9 deletions
--- a/app/Http/Controllers/Auth/LoginCheckpointController.php
+++ b/app/Http/Controllers/Auth/LoginCheckpointController.php
@ -92,7 +92,7 @@ class LoginCheckpointController extends AbstractLoginController
        if (!$key instanceof PublicKeyCredentialRequestOptions) {
            throw new BadRequestHttpException('No security keys configured in session.');
        }
-        
+
        $user = $this->extractUserFromRequest($request);

        $source = $this->repository->getServer($user)->loadAndCheckAssertionResponse(
@ -102,7 +102,11 @@ class LoginCheckpointController extends AbstractLoginController
            SecurityKey::getPsrRequestFactory($request)
        );

-        dd($source->getUserHandle());
+        if (!hash_equals($user->uuid, $source->getUserHandle())) {
+            throw new BadRequestHttpException('An unexpected error was encountered while validating that security key.');
+        }
+
+        return $this->sendLoginResponse($user, $request);
    }

    /**
--- a/app/Models/SecurityKey.php
+++ b/app/Models/SecurityKey.php
@ -88,11 +88,7 @@ class SecurityKey extends Model

    public function getPublicKeyCredentialDescriptor(): PublicKeyCredentialDescriptor
    {
-        return new PublicKeyCredentialDescriptor(
-            $this->type,
-            $this->public_key_id,
-            $this->transports
-        );
+        return new PublicKeyCredentialDescriptor($this->type, $this->public_key_id, $this->transports);
    }

    public function getPublicKeyCredentialSource(): PublicKeyCredentialSource
@ -105,7 +101,7 @@ class SecurityKey extends Model
            $this->trust_path,
            $this->aaguid ?? Uuid::fromString(Uuid::NIL),
            $this->public_key,
-            (string) $this->user_id,
+            $this->user_handle,
            $this->counter
        );
    }
--- a/app/Repositories/SecurityKeys/PublicKeyCredentialSourceRepository.php
+++ b/app/Repositories/SecurityKeys/PublicKeyCredentialSourceRepository.php
@ -26,7 +26,7 @@ class PublicKeyCredentialSourceRepository implements PublicKeyRepositoryInterfac
    {
        /** @var \Pterodactyl\Models\SecurityKey $key */
        $key = $this->user->securityKeys()
-            ->where('public_key_id', $id)
+            ->where('public_key_id', base64_encode($id))
            ->first();

        return optional($key)->getPublicKeyCredentialSource();