From 711c0cd31a69b223812b20d72e0549bdde9740ff Mon Sep 17 00:00:00 2001
From: Chenx221 <chenx221@yandex.com>
Date: Sun, 17 Mar 2024 17:24:26 +0800
Subject: [PATCH] =?UTF-8?q?Web=20Authn(2.75/3)=20=E8=A7=A3=E5=86=B3?=
 =?UTF-8?q?=E5=BC=83=E7=94=A8=E9=97=AE=E9=A2=98=20=E5=89=8D=E7=AB=AF?=
 =?UTF-8?q?=E6=94=B9=E8=BF=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controllers/UserController.php                | 42 ++++++++++++++-----
 .../PublicKeyCredentialSourceRepository.php   |  7 +++-
 views/user/info.php                           |  7 ++--
 web/js/user-info.js                           |  5 +--
 4 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/controllers/UserController.php b/controllers/UserController.php
index 6a6a1ed..1c93901 100644
--- a/controllers/UserController.php
+++ b/controllers/UserController.php
@@ -16,6 +16,8 @@ use Webauthn\AuthenticatorAssertionResponse;
 use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
+use Webauthn\CeremonyStep\CeremonyStepManager;
+use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
 use Webauthn\Denormalizer\WebauthnSerializerFactory;
 use Webauthn\Exception\AuthenticatorResponseVerificationException;
 use Webauthn\PublicKeyCredential;
@@ -596,7 +598,7 @@ class UserController extends Controller
     {
         if (Yii::$app->request->isPjax) {
             $publicKeyCredentialSourceRepository = $this->findCredentialModel($id);
-            if($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id){
+            if ($publicKeyCredentialSourceRepository->user_id !== Yii::$app->user->id) {
                 Yii::$app->session->setFlash('error', '非法操作');
                 return $this->redirect('info');
             }
@@ -612,6 +614,11 @@ class UserController extends Controller
         }
     }
 
+    /*
+     * 以下WebAuthn(FIFO)验证代码已经调好了，不要乱动
+     */
+
+
     /**
      * 创建公钥凭证选项
      * @return Response
@@ -655,6 +662,8 @@ class UserController extends Controller
     public function actionCreateCredential(): Response
     {
         $data = Yii::$app->request->getRawBody();
+        $json_decode = json_decode($data, true);
+        $fido_name = empty($json_decode['fido_name']) ? '未命名的设备' : $json_decode['fido_name'];
         $attestationStatementSupportManager = AttestationStatementSupportManager::create();
         $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
         $webauthnSerializerFactory = new WebauthnSerializerFactory($attestationStatementSupportManager);
@@ -665,14 +674,16 @@ class UserController extends Controller
             return $this->asJson(['message' => 'Invalid response type']);
         }
 
-        // PHP Deprecated:
-        // Since web-auth/webauthn-lib 4.8.0:
-        // The parameter "$attestationStatementSupportManager" is deprecated since 4.8.0 will be removed in 5.0.0.
-        // Please set a CheckAttestationFormatIsKnownAndValid object into CeremonyStepManager object instead.
-        // in /vendor/symfony/deprecation-contracts/function.php on line 25
-        // MD, 这个问题在文档更新之前我是不会去解决的
+        // 什么时候更新开发文档?
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory();
+        $ceremonyStepManager = $ceremonyStepManagerFactory->creationCeremony();
         $authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
-            $attestationStatementSupportManager
+            null,
+            null,
+            null,
+            null,
+            null,
+            $ceremonyStepManager
         );
 
         $publicKeyCredentialCreationOptions = Yii::$app->session->get('publicKeyCredentialCreationOptions');
@@ -683,7 +694,7 @@ class UserController extends Controller
                 Yii::$app->params['domain']
             );
             $publicKeyCredentialSourceRepository = new PublicKeyCredentialSourceRepository();
-            $publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, 'test'); //receive source
+            $publicKeyCredentialSourceRepository->saveCredential($publicKeyCredentialSource, $fido_name); //receive source
             return $this->asJson(['verified' => true]);
         } catch (Throwable $e) {
             return $this->asJson(['message' => $e->getMessage(), 'verified' => false]);
@@ -753,7 +764,16 @@ class UserController extends Controller
         }
 
         $PKCS = $webauthnSerializerFactory->create()->deserialize($publicKeyCredentialSourceRepository1->data, PublicKeyCredentialSource::class, 'json');
-        $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create();
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory();
+        $ceremonyStepManager = $ceremonyStepManagerFactory->requestCeremony();
+        $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
+            null,
+            null,
+            null,
+            null,
+            null,
+            $ceremonyStepManager
+        );
         $publicKeyCredentialRequestOptions = Yii::$app->session->get('publicKeyCredentialRequestOptions');
         try {
             $publicKeyCredentialSource = $authenticatorAssertionResponseValidator->check(
@@ -769,7 +789,7 @@ class UserController extends Controller
 
         // Optional, but highly recommended, you can save the credential source as it may be modified
         // during the verification process (counter may be higher).
-        $publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, 'test');
+        $publicKeyCredentialSourceRepository1->saveCredential($publicKeyCredentialSource, '',false);
         return $this->asJson(['verified' => true]);
     }
 
diff --git a/models/PublicKeyCredentialSourceRepository.php b/models/PublicKeyCredentialSourceRepository.php
index e75dba8..1609b1f 100644
--- a/models/PublicKeyCredentialSourceRepository.php
+++ b/models/PublicKeyCredentialSourceRepository.php
@@ -92,16 +92,19 @@ class PublicKeyCredentialSourceRepository extends ActiveRecord
      * 保存PublicKeyCredentialSource对象到数据库
      * @param PublicKeyCredentialSource $PKCS
      * @param string $name
+     * @param bool $isNewRecord
      * @return bool
      * @throws JsonException
      */
-    public function saveCredential(PublicKeyCredentialSource $PKCS,string $name): bool
+    public function saveCredential(PublicKeyCredentialSource $PKCS, string $name, bool $isNewRecord = true): bool
     {
         $jsonSerialize = $PKCS->jsonSerialize();
         $this->public_key_credential_id = $jsonSerialize['publicKeyCredentialId'];
         $publicKeyCredentialSourceJson = json_encode($jsonSerialize, JSON_THROW_ON_ERROR);
         $this->data = $publicKeyCredentialSourceJson;
-        $this->name = $name;
+        if($isNewRecord){
+            $this->name = $name;
+        }
         $this->user_id = Yii::$app->user->id;
         return $this->save();
     }
diff --git a/views/user/info.php b/views/user/info.php
index 9f1bd52..ec6a8db 100644
--- a/views/user/info.php
+++ b/views/user/info.php
@@ -276,10 +276,11 @@ $darkMode = Yii::$app->user->identity->dark_mode;
                                 <i class="fa-solid fa-key"></i>
                                 Passwordless验证 (Webauthn) (BETA)
                             </h5>
-                            <div>
+                            <div class="input-group" id="totp_area" style="width: 50%">
+                                <input type="text" class="form-control" placeholder="在这里为新的FIDO设备命名" aria-label="在这里为新的FIDO设备命名" name="fido_name" id="fido_name">
                                 <?= Html::button('添加', ['id' => "webauthn_add", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
                                 <?= Html::button('测试', ['id' => "webauthn_verify", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
-                                <?= Html::button('查看详情', ['id' => "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
+                                <?= Html::button('管理', ['id' => "webauthn_detail", 'type' => 'button', 'class' => 'btn btn-primary btn-sm']) ?>
                             </div>
                             <div class="alert alert-success" role="alert" hidden>
                                 <span id="webauthn_success"></span>
@@ -422,7 +423,7 @@ Modal::end();
 Modal::begin([
     'title' => '<h4>管理已添加的Webauthn设备</h4>',
     'id' => 'credentialModal',
-    'size' => 'modal-lg',
+    'size' => 'modal-xl modal-fullscreen-xl-down',
 ]);
 
 echo Html::tag('div', '你可以在下方查看和删除已经添加的Webauthn设备', ['class' => 'modal-body']);
diff --git a/web/js/user-info.js b/web/js/user-info.js
index f36c832..d6c7a82 100644
--- a/web/js/user-info.js
+++ b/web/js/user-info.js
@@ -45,9 +45,8 @@ document.querySelector('.editable-username').addEventListener('click', function
 });
 
 document.querySelector('#webauthn_detail').addEventListener('click', function () {
-    // $('#credentialModal').modal('show');
     $.ajax({
-        url: 'index.php?r=user%2Fcredential-list', // 替换为你的 API 路径
+        url: 'index.php?r=user%2Fcredential-list',
         method: 'GET',
         success: function(data) {
             $('#pjax-container').html(data);
@@ -94,7 +93,7 @@ elemBegin.addEventListener('click', async () => {
         throw error;
     }
     const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
-
+    attResp.fido_name = document.getElementById('fido_name').value;
     // POST the response to the endpoint that calls
     const verificationResp = await fetch('index.php?r=user%2Fcreate-credential', {
         method: 'POST',