Web Authn(2.75/3)
解决弃用问题 前端改进
This commit is contained in:
parent
413d60f3f4
commit
711c0cd31a
@ -16,6 +16,8 @@ use Webauthn\AuthenticatorAssertionResponse;
|
||||
use Webauthn\AuthenticatorAssertionResponseValidator;
|
||||
use Webauthn\AuthenticatorAttestationResponse;
|
||||
use Webauthn\AuthenticatorAttestationResponseValidator;
|
||||
use Webauthn\CeremonyStep\CeremonyStepManager;
|
||||
use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
|
||||
use Webauthn\Denormalizer\WebauthnSerializerFactory;
|
||||
use Webauthn\Exception\AuthenticatorResponseVerificationException;
|
||||
use Webauthn\PublicKeyCredential;
|
||||
@ -596,7 +598,7 @@ class UserController extends Controller
|
||||
{
|
||||
if (Yii::$app->request->isPjax) {
|
||||
$publicKeyCredentialSourceRepository = $this->findCredentialModel($id);
|
||||
if($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id){
|
||||
if ($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id) {
|
||||
Yii::$app->session->setFlash('error', '非法操作');
|
||||
return $this->redirect('info');
|
||||
}
|
||||
@ -612,6 +614,11 @@ class UserController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* 以下WebAuthn(FIFO)验证代码已经调好了,不要乱动
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* 创建公钥凭证选项
|
||||
* @return Response
|
||||
@ -655,6 +662,8 @@ class UserController extends Controller
|
||||
public function actionCreateCredential(): Response
|
||||
{
|
||||
$data = Yii::$app->request->getRawBody();
|
||||
$json_decode = json_decode($data, true);
|
||||
$fido_name = empty($json_decode['fido_name']) ? '未命名的设备' : $json_decode['fido_name'];
|
||||
$attestationStatementSupportManager = AttestationStatementSupportManager::create();
|
||||
$attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
|
||||
$webauthnSerializerFactory = new WebauthnSerializerFactory($attestationStatementSupportManager);
|
||||
@ -665,14 +674,16 @@ class UserController extends Controller
|
||||
return $this->asJson(['message' => 'Invalid response type']);
|
||||
}
|
||||
|
||||
// PHP Deprecated:
|
||||
// Since web-auth/webauthn-lib 4.8.0:
|
||||
// The parameter "$attestationStatementSupportManager" is deprecated since 4.8.0 will be removed in 5.0.0.
|
||||
// Please set a CheckAttestationFormatIsKnownAndValid object into CeremonyStepManager object instead.
|
||||
// in /vendor/symfony/deprecation-contracts/function.php on line 25
|
||||
// MD, 这个问题在文档更新之前我是不会去解决的
|
||||
// 什么时候更新开发文档?
|
||||
$ceremonyStepManagerFactory = new CeremonyStepManagerFactory();
|
||||
$ceremonyStepManager = $ceremonyStepManagerFactory->creationCeremony();
|
||||
$authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
|
||||
$attestationStatementSupportManager
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
$ceremonyStepManager
|
||||
);
|
||||
|
||||
$publicKeyCredentialCreationOptions = Yii::$app->session->get('publicKeyCredentialCreationOptions');
|
||||
@ -683,7 +694,7 @@ class UserController extends Controller
|
||||
Yii::$app->params['domain']
|
||||
);
|
||||
$publicKeyCredentialSourceRepository = new PublicKeyCredentialSourceRepository();
|
||||
$publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, 'test'); //receive source
|
||||
$publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, $fido_name); //receive source
|
||||
return $this->asJson(['verified' => true]);
|
||||
} catch (Throwable $e) {
|
||||
return $this->asJson(['message' => $e->getMessage(), 'verified' => false]);
|
||||
@ -753,7 +764,16 @@ class UserController extends Controller
|
||||
}
|
||||
|
||||
$PKCS = $webauthnSerializerFactory->create()->deserialize($publicKeyCredentialSourceRepository1->data, PublicKeyCredentialSource::class, 'json');
|
||||
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create();
|
||||
$ceremonyStepManagerFactory = new CeremonyStepManagerFactory();
|
||||
$ceremonyStepManager = $ceremonyStepManagerFactory->requestCeremony();
|
||||
$authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
$ceremonyStepManager
|
||||
);
|
||||
$publicKeyCredentialRequestOptions = Yii::$app->session->get('publicKeyCredentialRequestOptions');
|
||||
try {
|
||||
$publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check(
|
||||
@ -769,7 +789,7 @@ class UserController extends Controller
|
||||
|
||||
// Optional, but highly recommended, you can save the credential source as it may be modified
|
||||
// during the verification process (counter may be higher).
|
||||
$publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, 'test');
|
||||
$publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, '',false);
|
||||
return $this->asJson(['verified' => true]);
|
||||
}
|
||||
|
||||
|
@ -92,16 +92,19 @@ class PublicKeyCredentialSourceRepository extends ActiveRecord
|
||||
* 保存PublicKeyCredentialSource对象到数据库
|
||||
* @param PublicKeyCredentialSource $PKCS
|
||||
* @param string $name
|
||||
* @param bool $isNewRecord
|
||||
* @return bool
|
||||
* @throws JsonException
|
||||
*/
|
||||
public function saveCredential(PublicKeyCredentialSource $PKCS,string $name): bool
|
||||
public function saveCredential(PublicKeyCredentialSource $PKCS, string $name, bool $isNewRecord = true): bool
|
||||
{
|
||||
$jsonSerialize = $PKCS->jsonSerialize();
|
||||
$this->public_key_credential_id = $jsonSerialize['publicKeyCredentialId'];
|
||||
$publicKeyCredentialSourceJson = json_encode($jsonSerialize, JSON_THROW_ON_ERROR);
|
||||
$this->data = $publicKeyCredentialSourceJson;
|
||||
$this->name = $name;
|
||||
if($isNewRecord){
|
||||
$this->name = $name;
|
||||
}
|
||||
$this->user_id = Yii::$app->user->id;
|
||||
return $this->save();
|
||||
}
|
||||
|
@ -276,10 +276,11 @@ $darkMode = Yii::$app->user->identity->dark_mode;
|
||||
<i class="fa-solid fa-key"></i>
|
||||
Passwordless验证 (Webauthn) (BETA)
|
||||
</h5>
|
||||
<div>
|
||||
<div class="input-group" id="totp_area" style="width: 50%">
|
||||
<input type="text" class="form-control" placeholder="在这里为新的FIDO设备命名" aria-label="在这里为新的FIDO设备命名" name="fido_name" id="fido_name">
|
||||
<?= Html::button('添加', ['id' => "webauthn_add", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
|
||||
<?= Html::button('测试', ['id' => "webauthn_verify", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
|
||||
<?= Html::button('查看详情', ['id' => "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
|
||||
<?= Html::button('管理', ['id' => "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
|
||||
</div>
|
||||
<div class="alert alert-success" role="alert" hidden>
|
||||
<span id="webauthn_success"></span>
|
||||
@ -422,7 +423,7 @@ Modal::end();
|
||||
Modal::begin([
|
||||
'title' => '<h4>管理已添加的Webauthn设备</h4>',
|
||||
'id' => 'credentialModal',
|
||||
'size' => 'modal-lg',
|
||||
'size' => 'modal-xl modal-fullscreen-xl-down',
|
||||
]);
|
||||
|
||||
echo Html::tag('div', '你可以在下方查看和删除已经添加的Webauthn设备', ['class' => 'modal-body']);
|
||||
|
@ -45,9 +45,8 @@ document.querySelector('.editable-username').addEventListener('click', function
|
||||
});
|
||||
|
||||
document.querySelector('#webauthn_detail').addEventListener('click', function () {
|
||||
// $('#credentialModal').modal('show');
|
||||
$.ajax({
|
||||
url: 'index.php?r=user%2Fcredential-list', // 替换为你的 API 路径
|
||||
url: 'index.php?r=user%2Fcredential-list',
|
||||
method: 'GET',
|
||||
success: function(data) {
|
||||
$('#pjax-container').html(data);
|
||||
@ -94,7 +93,7 @@ elemBegin.addEventListener('click', async () => {
|
||||
throw error;
|
||||
}
|
||||
const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
|
||||
|
||||
attResp.fido_name = document.getElementById('fido_name').value;
|
||||
// POST the response to the endpoint that calls
|
||||
const verificationResp = await fetch('index.php?r=user%2Fcreate-credential', {
|
||||
method: 'POST',
|
||||
|
Loading…
Reference in New Issue
Block a user