From 7673d1b4aea9adf767af36a2cf418b7ad9091382 Mon Sep 17 00:00:00 2001 From: phpipam <miha.petkovsek@telemach.si> Date: Wed, 13 Dec 2023 14:55:34 +0100 Subject: [PATCH] Fixed invalid RP --- app/login/passkey_login_check.php | 3 +-- app/tools/user-menu/passkey_save.php | 6 ++--- app/tools/user-menu/passkeys.php | 37 +++++----------------------- 3 files changed, 10 insertions(+), 36 deletions(-) diff --git a/app/login/passkey_login_check.php b/app/login/passkey_login_check.php index af58b038..c955cfbb 100644 --- a/app/login/passkey_login_check.php +++ b/app/login/passkey_login_check.php @@ -36,7 +36,6 @@ use Firehed\WebAuthn\{ $json = file_get_contents('php://input'); $data = json_decode($json, true); - // parser $parser = new ResponseParser(); $getResponse = $parser->parseGetResponse($data); @@ -47,7 +46,7 @@ $getResponse = $parser->parseGetResponse($data); // die(); // Set relaying party -$rp = new \Firehed\WebAuthn\SingleOriginRelyingParty('https://ipam-dc.ugbb.net'); +$rp = new \Firehed\WebAuthn\SingleOriginRelyingParty($User->createURL ()); // challange manager $challengeManager = new \Firehed\WebAuthn\SessionChallengeManager(); diff --git a/app/tools/user-menu/passkey_save.php b/app/tools/user-menu/passkey_save.php index 3c15ed54..0be8bbc6 100644 --- a/app/tools/user-menu/passkey_save.php +++ b/app/tools/user-menu/passkey_save.php @@ -27,7 +27,7 @@ use Firehed\WebAuthn\{ RelyingParty, SessionChallengeManager, SingleOriginRelyingParty, - ResponseParser + JsonResponseParser }; # process request @@ -35,14 +35,14 @@ $json = file_get_contents('php://input'); $data = json_decode($json, true); // parser -$parser = new ResponseParser(); +$parser = new JsonResponseParser(); $createResponse = $parser->parseCreateResponse($data); // escape keyId $data['keyId'] = $User->strip_input_tags ($data['keyId']); // Relaying party -$rp = new \Firehed\WebAuthn\SingleOriginRelyingParty('https://ipam-dc.ugbb.net'); +$rp = new \Firehed\WebAuthn\SingleOriginRelyingParty($User->createURL ()); // challange manager $challengeManager = new \Firehed\WebAuthn\SessionChallengeManager(); diff --git a/app/tools/user-menu/passkeys.php b/app/tools/user-menu/passkeys.php index 82709412..240fd5cf 100644 --- a/app/tools/user-menu/passkeys.php +++ b/app/tools/user-menu/passkeys.php @@ -119,7 +119,7 @@ const startRegister = async (e) => { const createOptions = { publicKey: { rp: { - name: 'https://ipam-dc.ugbb.net', + name: '<?php print $User->createURL (); ?>', }, user: { name: "<?php print $User->user->username; ?>", @@ -133,10 +133,10 @@ const startRegister = async (e) => { alg: -7, // ES256 type: "public-key", }, - // { - // alg: -257, // Value registered by this specification for "RS256" - // type: "public-key", - // } + { + alg: -257, // Value registered by this specification for "RS256" + type: "public-key", + } ] }, attestation: 'direct', @@ -145,7 +145,7 @@ const startRegister = async (e) => { // Call the WebAuthn browser API and get the response. This may throw, which you // should handle. Example: user cancels or never interacts with the device. const credential = await navigator.credentials.create(createOptions) - // console.log(credential) + console.log(Array.from(new Uint8Array(credential.rawId))) // Format the credential to send to the server. This must match the format // handed by the ResponseParser class. The formatting code below can be used @@ -195,31 +195,6 @@ const startRegister = async (e) => { $('.jqueryErrorText').html(jqxhr.statusText+"<br>Status: "+textStatus+"<br>Error: "+errorThrown).show(); $('div.loading').hide(); }); - - /* this functions saves popup result */ - /* --------------------------------- */ - // function submit_popup_data (result_div, target_script, post_data, reload) { - // // show spinner - // showSpinner(); - // // set reload - // reload = typeof reload !== 'undefined' ? reload : true; - // // post - // $.post(target_script, post_data, function(data) { - // $('div'+result_div).html(data).slideDown('fast'); - // //reload after 2 seconds if succeeded! - // if(reload) { - // if(data.search("alert-danger")==-1 && data.search("error")==-1 && data.search("alert-warning")==-1 ) { setTimeout(function (){window.location.reload();}, 1500); } - // else { hideSpinner(); } - // } - // else { - // hideSpinner(); - // } - // }).fail(function(jqxhr, textStatus, errorThrown) { showError(jqxhr.statusText + "<br>Status: " + textStatus + "<br>Error: "+errorThrown); }); - // // prevent reload - // return false; - // } - - } else { $('#loginCheckPasskeys').html("<div class='alert alert-danger'>Failed to register new passkey.</div>"); -- GitLab