composer: require asbiin/laravel-webauthn

This commit is contained in:
Matthew Penner 2021-07-17 11:26:30 -06:00
parent f137192113
commit cdd07fa275
4 changed files with 1743 additions and 1 deletions

View file

@ -17,6 +17,7 @@
"ext-pdo": "*", "ext-pdo": "*",
"ext-pdo_mysql": "*", "ext-pdo_mysql": "*",
"ext-zip": "*", "ext-zip": "*",
"asbiin/laravel-webauthn": "^1.1",
"aws/aws-sdk-php": "^3.185", "aws/aws-sdk-php": "^3.185",
"doctrine/dbal": "^2.13", "doctrine/dbal": "^2.13",
"fideloper/proxy": "^4.4", "fideloper/proxy": "^4.4",

1473
composer.lock generated

File diff suppressed because it is too large Load diff

225
config/webauthn.php Normal file
View file

@ -0,0 +1,225 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| LaravelWebauthn Master Switch
|--------------------------------------------------------------------------
|
| This option may be used to disable LaravelWebauthn.
|
*/
'enable' => true,
/*
|--------------------------------------------------------------------------
| Route Middleware
|--------------------------------------------------------------------------
|
| These middleware will be assigned to Webauthn routes, giving you
| the chance to add your own middleware to this list or change any of
| the existing middleware. Or, you can simply stick with this list.
|
*/
'middleware' => [
'web',
'auth',
],
/*
|--------------------------------------------------------------------------
| Prefix path
|--------------------------------------------------------------------------
|
| The uri prefix for all webauthn requests.
|
*/
'prefix' => 'webauthn',
'authenticate' => [
/*
|--------------------------------------------------------------------------
| View to load after middleware login request.
|--------------------------------------------------------------------------
|
| The name of blade template to load whe a user login and it request to validate
| the Webauthn 2nd factor.
|
*/
'view' => 'webauthn::authenticate',
/*
|--------------------------------------------------------------------------
| Redirect with callback url after login.
|--------------------------------------------------------------------------
|
| Save the destination url, then after a successful login, redirect to this
| url.
|
*/
'postSuccessCallback' => true,
/*
|--------------------------------------------------------------------------
| Redirect route
|--------------------------------------------------------------------------
|
| If postSuccessCallback if false, redirect to this route after login
| request is complete.
| If empty, send a json response to let the client side redirection.
|
*/
'postSuccessRedirectRoute' => '',
],
'register' => [
/*
|--------------------------------------------------------------------------
| View to load on register request.
|--------------------------------------------------------------------------
|
| The name of blade template to load when a user request a creation of
| Webauthn key.
|
*/
'view' => 'webauthn::register',
/*
|--------------------------------------------------------------------------
| Redirect route
|--------------------------------------------------------------------------
|
| The route to redirect to after register key request is complete.
| If empty, send a json response to let the client side redirection.
|
*/
'postSuccessRedirectRoute' => '',
],
/*
|--------------------------------------------------------------------------
| Session name
|--------------------------------------------------------------------------
|
| Name of the session parameter to store the successful login.
|
*/
'sessionName' => 'webauthn_auth',
/*
|--------------------------------------------------------------------------
| Webauthn challenge length
|--------------------------------------------------------------------------
|
| Length of the random string used in the challenge request.
|
*/
'challenge_length' => 32,
/*
|--------------------------------------------------------------------------
| Webauthn timeout (milliseconds)
|--------------------------------------------------------------------------
|
| Time that the caller is willing to wait for the call to complete.
|
*/
'timeout' => 60000,
/*
|--------------------------------------------------------------------------
| Webauthn extension client input
|--------------------------------------------------------------------------
|
| Optional authentication extension.
| See https://www.w3.org/TR/webauthn/#client-extension-input
|
*/
'extensions' => [],
/*
|--------------------------------------------------------------------------
| Webauthn icon
|--------------------------------------------------------------------------
|
| Url which resolves to an image associated with the entity.
| See https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-icon
|
*/
'icon' => null,
/*
|--------------------------------------------------------------------------
| Webauthn Attestation Conveyance
|--------------------------------------------------------------------------
|
| This parameter specify the preference regarding the attestation conveyance
| during credential generation.
| See https://www.w3.org/TR/webauthn/#attestation-convey
|
*/
'attestation_conveyance' => \Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
/*
|--------------------------------------------------------------------------
| Google Safetynet ApiKey
|--------------------------------------------------------------------------
|
| Api key to use Google Safetynet.
| See https://developer.android.com/training/safetynet/attestation
|
*/
'google_safetynet_api_key' => '',
/*
|--------------------------------------------------------------------------
| Webauthn Public Key Credential Parameters
|--------------------------------------------------------------------------
|
| List of allowed Cryptographic Algorithm Identifier.
| See https://www.w3.org/TR/webauthn/#alg-identifier
|
*/
'public_key_credential_parameters' => [
\Cose\Algorithms::COSE_ALGORITHM_ES256,
\Cose\Algorithms::COSE_ALGORITHM_RS256,
],
/*
|--------------------------------------------------------------------------
| Webauthn Authenticator Selection Criteria
|--------------------------------------------------------------------------
|
| Requirement for the creation operation.
| See https://www.w3.org/TR/webauthn/#authenticatorSelection
|
*/
'authenticator_selection_criteria' => [
/*
| See https://www.w3.org/TR/webauthn/#attachment
*/
'attachment_mode' => \Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE,
'require_resident_key' => false,
/*
| See https://www.w3.org/TR/webauthn/#userVerificationRequirement
*/
'user_verification' => \Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED,
],
];

View file

@ -0,0 +1,45 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class AddWebauthn extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('webauthn_keys', function (Blueprint $table) {
$table->increments('id');
$table->unsignedInteger('user_id');
$table->string('name')->default('key');
$table->string('credential_id', 255);
$table->string('type', 255);
$table->text('transports');
$table->string('attestation_type', 255);
$table->text('trust_path');
$table->text('aaguid');
$table->text('credential_public_key');
$table->integer('counter');
$table->timestamps();
$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
$table->index('credential_id');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('webauthn_keys');
}
}