composer: require asbiin/laravel-webauthn
This commit is contained in:
parent
f137192113
commit
cdd07fa275
4 changed files with 1743 additions and 1 deletions
|
@ -17,6 +17,7 @@
|
||||||
"ext-pdo": "*",
|
"ext-pdo": "*",
|
||||||
"ext-pdo_mysql": "*",
|
"ext-pdo_mysql": "*",
|
||||||
"ext-zip": "*",
|
"ext-zip": "*",
|
||||||
|
"asbiin/laravel-webauthn": "^1.1",
|
||||||
"aws/aws-sdk-php": "^3.185",
|
"aws/aws-sdk-php": "^3.185",
|
||||||
"doctrine/dbal": "^2.13",
|
"doctrine/dbal": "^2.13",
|
||||||
"fideloper/proxy": "^4.4",
|
"fideloper/proxy": "^4.4",
|
||||||
|
|
1473
composer.lock
generated
1473
composer.lock
generated
File diff suppressed because it is too large
Load diff
225
config/webauthn.php
Normal file
225
config/webauthn.php
Normal file
|
@ -0,0 +1,225 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
return [
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| LaravelWebauthn Master Switch
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| This option may be used to disable LaravelWebauthn.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'enable' => true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Route Middleware
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| These middleware will be assigned to Webauthn routes, giving you
|
||||||
|
| the chance to add your own middleware to this list or change any of
|
||||||
|
| the existing middleware. Or, you can simply stick with this list.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'middleware' => [
|
||||||
|
'web',
|
||||||
|
'auth',
|
||||||
|
],
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Prefix path
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| The uri prefix for all webauthn requests.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'prefix' => 'webauthn',
|
||||||
|
|
||||||
|
'authenticate' => [
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| View to load after middleware login request.
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| The name of blade template to load whe a user login and it request to validate
|
||||||
|
| the Webauthn 2nd factor.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
'view' => 'webauthn::authenticate',
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Redirect with callback url after login.
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Save the destination url, then after a successful login, redirect to this
|
||||||
|
| url.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
'postSuccessCallback' => true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Redirect route
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| If postSuccessCallback if false, redirect to this route after login
|
||||||
|
| request is complete.
|
||||||
|
| If empty, send a json response to let the client side redirection.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
'postSuccessRedirectRoute' => '',
|
||||||
|
],
|
||||||
|
|
||||||
|
'register' => [
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| View to load on register request.
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| The name of blade template to load when a user request a creation of
|
||||||
|
| Webauthn key.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
'view' => 'webauthn::register',
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Redirect route
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| The route to redirect to after register key request is complete.
|
||||||
|
| If empty, send a json response to let the client side redirection.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
'postSuccessRedirectRoute' => '',
|
||||||
|
],
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Session name
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Name of the session parameter to store the successful login.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'sessionName' => 'webauthn_auth',
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn challenge length
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Length of the random string used in the challenge request.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'challenge_length' => 32,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn timeout (milliseconds)
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Time that the caller is willing to wait for the call to complete.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'timeout' => 60000,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn extension client input
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Optional authentication extension.
|
||||||
|
| See https://www.w3.org/TR/webauthn/#client-extension-input
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'extensions' => [],
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn icon
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Url which resolves to an image associated with the entity.
|
||||||
|
| See https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-icon
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'icon' => null,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn Attestation Conveyance
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| This parameter specify the preference regarding the attestation conveyance
|
||||||
|
| during credential generation.
|
||||||
|
| See https://www.w3.org/TR/webauthn/#attestation-convey
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'attestation_conveyance' => \Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Google Safetynet ApiKey
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Api key to use Google Safetynet.
|
||||||
|
| See https://developer.android.com/training/safetynet/attestation
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'google_safetynet_api_key' => '',
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn Public Key Credential Parameters
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| List of allowed Cryptographic Algorithm Identifier.
|
||||||
|
| See https://www.w3.org/TR/webauthn/#alg-identifier
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'public_key_credential_parameters' => [
|
||||||
|
\Cose\Algorithms::COSE_ALGORITHM_ES256,
|
||||||
|
\Cose\Algorithms::COSE_ALGORITHM_RS256,
|
||||||
|
],
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Webauthn Authenticator Selection Criteria
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Requirement for the creation operation.
|
||||||
|
| See https://www.w3.org/TR/webauthn/#authenticatorSelection
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'authenticator_selection_criteria' => [
|
||||||
|
|
||||||
|
/*
|
||||||
|
| See https://www.w3.org/TR/webauthn/#attachment
|
||||||
|
*/
|
||||||
|
'attachment_mode' => \Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE,
|
||||||
|
|
||||||
|
'require_resident_key' => false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
| See https://www.w3.org/TR/webauthn/#userVerificationRequirement
|
||||||
|
*/
|
||||||
|
'user_verification' => \Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED,
|
||||||
|
],
|
||||||
|
|
||||||
|
];
|
45
database/migrations/2019_03_29_163611_add_webauthn.php
Normal file
45
database/migrations/2019_03_29_163611_add_webauthn.php
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
||||||
|
class AddWebauthn extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::create('webauthn_keys', function (Blueprint $table) {
|
||||||
|
$table->increments('id');
|
||||||
|
$table->unsignedInteger('user_id');
|
||||||
|
|
||||||
|
$table->string('name')->default('key');
|
||||||
|
$table->string('credential_id', 255);
|
||||||
|
$table->string('type', 255);
|
||||||
|
$table->text('transports');
|
||||||
|
$table->string('attestation_type', 255);
|
||||||
|
$table->text('trust_path');
|
||||||
|
$table->text('aaguid');
|
||||||
|
$table->text('credential_public_key');
|
||||||
|
$table->integer('counter');
|
||||||
|
$table->timestamps();
|
||||||
|
|
||||||
|
$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
|
||||||
|
$table->index('credential_id');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::dropIfExists('webauthn_keys');
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue