diff --git a/controllers/UserController.php b/controllers/UserController.php index 6a6a1ed..1c93901 100644 --- a/controllers/UserController.php +++ b/controllers/UserController.php @@ -16,6 +16,8 @@ use Webauthn\AuthenticatorAssertionResponse; use Webauthn\AuthenticatorAssertionResponseValidator; use Webauthn\AuthenticatorAttestationResponse; use Webauthn\AuthenticatorAttestationResponseValidator; +use Webauthn\CeremonyStep\CeremonyStepManager; +use Webauthn\CeremonyStep\CeremonyStepManagerFactory; use Webauthn\Denormalizer\WebauthnSerializerFactory; use Webauthn\Exception\AuthenticatorResponseVerificationException; use Webauthn\PublicKeyCredential; @@ -596,7 +598,7 @@ class UserController extends Controller { if (Yii::$app->request->isPjax) { $publicKeyCredentialSourceRepository = $this->findCredentialModel($id); - if($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id){ + if ($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id) { Yii::$app->session->setFlash('error', '非法操作'); return $this->redirect('info'); } @@ -612,6 +614,11 @@ class UserController extends Controller } } + /* + * 以下WebAuthn(FIFO)验证代码已经调好了,不要乱动 + */ + + /** * 创建公钥凭证选项 * @return Response @@ -655,6 +662,8 @@ class UserController extends Controller public function actionCreateCredential(): Response { $data = Yii::$app->request->getRawBody(); + $json_decode = json_decode($data, true); + $fido_name = empty($json_decode['fido_name']) ? '未命名的设备' : $json_decode['fido_name']; $attestationStatementSupportManager = AttestationStatementSupportManager::create(); $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create()); $webauthnSerializerFactory = new WebauthnSerializerFactory($attestationStatementSupportManager); @@ -665,14 +674,16 @@ class UserController extends Controller return $this->asJson(['message' => 'Invalid response type']); } - // PHP Deprecated: - // Since web-auth/webauthn-lib 4.8.0: - // The parameter "$attestationStatementSupportManager" is deprecated since 4.8.0 will be removed in 5.0.0. - // Please set a CheckAttestationFormatIsKnownAndValid object into CeremonyStepManager object instead. - // in /vendor/symfony/deprecation-contracts/function.php on line 25 - // MD, 这个问题在文档更新之前我是不会去解决的 + // 什么时候更新开发文档? + $ceremonyStepManagerFactory = new CeremonyStepManagerFactory(); + $ceremonyStepManager = $ceremonyStepManagerFactory->creationCeremony(); $authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create( - $attestationStatementSupportManager + null, + null, + null, + null, + null, + $ceremonyStepManager ); $publicKeyCredentialCreationOptions = Yii::$app->session->get('publicKeyCredentialCreationOptions'); @@ -683,7 +694,7 @@ class UserController extends Controller Yii::$app->params['domain'] ); $publicKeyCredentialSourceRepository = new PublicKeyCredentialSourceRepository(); - $publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, 'test'); //receive source + $publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, $fido_name); //receive source return $this->asJson(['verified' => true]); } catch (Throwable $e) { return $this->asJson(['message' => $e->getMessage(), 'verified' => false]); @@ -753,7 +764,16 @@ class UserController extends Controller } $PKCS = $webauthnSerializerFactory->create()->deserialize($publicKeyCredentialSourceRepository1->data, PublicKeyCredentialSource::class, 'json'); - $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(); + $ceremonyStepManagerFactory = new CeremonyStepManagerFactory(); + $ceremonyStepManager = $ceremonyStepManagerFactory->requestCeremony(); + $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create( + null, + null, + null, + null, + null, + $ceremonyStepManager + ); $publicKeyCredentialRequestOptions = Yii::$app->session->get('publicKeyCredentialRequestOptions'); try { $publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check( @@ -769,7 +789,7 @@ class UserController extends Controller // Optional, but highly recommended, you can save the credential source as it may be modified // during the verification process (counter may be higher). - $publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, 'test'); + $publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, '',false); return $this->asJson(['verified' => true]); } diff --git a/models/PublicKeyCredentialSourceRepository.php b/models/PublicKeyCredentialSourceRepository.php index e75dba8..1609b1f 100644 --- a/models/PublicKeyCredentialSourceRepository.php +++ b/models/PublicKeyCredentialSourceRepository.php @@ -92,16 +92,19 @@ class PublicKeyCredentialSourceRepository extends ActiveRecord * 保存PublicKeyCredentialSource对象到数据库 * @param PublicKeyCredentialSource $PKCS * @param string $name + * @param bool $isNewRecord * @return bool * @throws JsonException */ - public function saveCredential(PublicKeyCredentialSource $PKCS,string $name): bool + public function saveCredential(PublicKeyCredentialSource $PKCS, string $name, bool $isNewRecord = true): bool { $jsonSerialize = $PKCS->jsonSerialize(); $this->public_key_credential_id = $jsonSerialize['publicKeyCredentialId']; $publicKeyCredentialSourceJson = json_encode($jsonSerialize, JSON_THROW_ON_ERROR); $this->data = $publicKeyCredentialSourceJson; - $this->name = $name; + if($isNewRecord){ + $this->name = $name; + } $this->user_id = Yii::$app->user->id; return $this->save(); } diff --git a/views/user/info.php b/views/user/info.php index 9f1bd52..ec6a8db 100644 --- a/views/user/info.php +++ b/views/user/info.php @@ -276,10 +276,11 @@ $darkMode = Yii::$app->user->identity->dark_mode; Passwordless验证 (Webauthn) (BETA) -
+
+ "webauthn_add", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?> "webauthn_verify", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?> - "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?> + "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>