composer: require asbiin/laravel-webauthn
This commit is contained in:
parent
f137192113
commit
cdd07fa275
4 changed files with 1743 additions and 1 deletions
|
@ -17,6 +17,7 @@
|
|||
"ext-pdo": "*",
|
||||
"ext-pdo_mysql": "*",
|
||||
"ext-zip": "*",
|
||||
"asbiin/laravel-webauthn": "^1.1",
|
||||
"aws/aws-sdk-php": "^3.185",
|
||||
"doctrine/dbal": "^2.13",
|
||||
"fideloper/proxy": "^4.4",
|
||||
|
|
1473
composer.lock
generated
1473
composer.lock
generated
File diff suppressed because it is too large
Load diff
225
config/webauthn.php
Normal file
225
config/webauthn.php
Normal file
|
@ -0,0 +1,225 @@
|
|||
<?php
|
||||
|
||||
return [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LaravelWebauthn Master Switch
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This option may be used to disable LaravelWebauthn.
|
||||
|
|
||||
*/
|
||||
|
||||
'enable' => true,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Route Middleware
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| These middleware will be assigned to Webauthn routes, giving you
|
||||
| the chance to add your own middleware to this list or change any of
|
||||
| the existing middleware. Or, you can simply stick with this list.
|
||||
|
|
||||
*/
|
||||
|
||||
'middleware' => [
|
||||
'web',
|
||||
'auth',
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Prefix path
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The uri prefix for all webauthn requests.
|
||||
|
|
||||
*/
|
||||
|
||||
'prefix' => 'webauthn',
|
||||
|
||||
'authenticate' => [
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| View to load after middleware login request.
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The name of blade template to load whe a user login and it request to validate
|
||||
| the Webauthn 2nd factor.
|
||||
|
|
||||
*/
|
||||
'view' => 'webauthn::authenticate',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Redirect with callback url after login.
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Save the destination url, then after a successful login, redirect to this
|
||||
| url.
|
||||
|
|
||||
*/
|
||||
'postSuccessCallback' => true,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Redirect route
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| If postSuccessCallback if false, redirect to this route after login
|
||||
| request is complete.
|
||||
| If empty, send a json response to let the client side redirection.
|
||||
|
|
||||
*/
|
||||
'postSuccessRedirectRoute' => '',
|
||||
],
|
||||
|
||||
'register' => [
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| View to load on register request.
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The name of blade template to load when a user request a creation of
|
||||
| Webauthn key.
|
||||
|
|
||||
*/
|
||||
'view' => 'webauthn::register',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Redirect route
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| The route to redirect to after register key request is complete.
|
||||
| If empty, send a json response to let the client side redirection.
|
||||
|
|
||||
*/
|
||||
'postSuccessRedirectRoute' => '',
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Session name
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Name of the session parameter to store the successful login.
|
||||
|
|
||||
*/
|
||||
|
||||
'sessionName' => 'webauthn_auth',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn challenge length
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Length of the random string used in the challenge request.
|
||||
|
|
||||
*/
|
||||
|
||||
'challenge_length' => 32,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn timeout (milliseconds)
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Time that the caller is willing to wait for the call to complete.
|
||||
|
|
||||
*/
|
||||
|
||||
'timeout' => 60000,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn extension client input
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Optional authentication extension.
|
||||
| See https://www.w3.org/TR/webauthn/#client-extension-input
|
||||
|
|
||||
*/
|
||||
|
||||
'extensions' => [],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn icon
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Url which resolves to an image associated with the entity.
|
||||
| See https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-icon
|
||||
|
|
||||
*/
|
||||
|
||||
'icon' => null,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn Attestation Conveyance
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This parameter specify the preference regarding the attestation conveyance
|
||||
| during credential generation.
|
||||
| See https://www.w3.org/TR/webauthn/#attestation-convey
|
||||
|
|
||||
*/
|
||||
|
||||
'attestation_conveyance' => \Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Google Safetynet ApiKey
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Api key to use Google Safetynet.
|
||||
| See https://developer.android.com/training/safetynet/attestation
|
||||
|
|
||||
*/
|
||||
|
||||
'google_safetynet_api_key' => '',
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn Public Key Credential Parameters
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| List of allowed Cryptographic Algorithm Identifier.
|
||||
| See https://www.w3.org/TR/webauthn/#alg-identifier
|
||||
|
|
||||
*/
|
||||
|
||||
'public_key_credential_parameters' => [
|
||||
\Cose\Algorithms::COSE_ALGORITHM_ES256,
|
||||
\Cose\Algorithms::COSE_ALGORITHM_RS256,
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Webauthn Authenticator Selection Criteria
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Requirement for the creation operation.
|
||||
| See https://www.w3.org/TR/webauthn/#authenticatorSelection
|
||||
|
|
||||
*/
|
||||
|
||||
'authenticator_selection_criteria' => [
|
||||
|
||||
/*
|
||||
| See https://www.w3.org/TR/webauthn/#attachment
|
||||
*/
|
||||
'attachment_mode' => \Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE,
|
||||
|
||||
'require_resident_key' => false,
|
||||
|
||||
/*
|
||||
| See https://www.w3.org/TR/webauthn/#userVerificationRequirement
|
||||
*/
|
||||
'user_verification' => \Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED,
|
||||
],
|
||||
|
||||
];
|
45
database/migrations/2019_03_29_163611_add_webauthn.php
Normal file
45
database/migrations/2019_03_29_163611_add_webauthn.php
Normal file
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
class AddWebauthn extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::create('webauthn_keys', function (Blueprint $table) {
|
||||
$table->increments('id');
|
||||
$table->unsignedInteger('user_id');
|
||||
|
||||
$table->string('name')->default('key');
|
||||
$table->string('credential_id', 255);
|
||||
$table->string('type', 255);
|
||||
$table->text('transports');
|
||||
$table->string('attestation_type', 255);
|
||||
$table->text('trust_path');
|
||||
$table->text('aaguid');
|
||||
$table->text('credential_public_key');
|
||||
$table->integer('counter');
|
||||
$table->timestamps();
|
||||
|
||||
$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
|
||||
$table->index('credential_id');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::dropIfExists('webauthn_keys');
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue