2022-03-15 14:47:07 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Http\Controllers\Auth;
|
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
|
|
|
use App\Providers\RouteServiceProvider;
|
|
|
|
use DarkGhostHunter\Larapass\Http\RecoversWebAuthn;
|
|
|
|
use DarkGhostHunter\Larapass\Facades\WebAuthn;
|
|
|
|
use Illuminate\Http\JsonResponse;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
|
|
|
|
class WebAuthnRecoveryController extends Controller
|
|
|
|
{
|
|
|
|
use RecoversWebAuthn;
|
|
|
|
|
|
|
|
/*
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
| WebAuthn Recovery Controller
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
| When an user loses his device he will reach this controller to attach a
|
|
|
|
| new device. The user will attach a new device, and optionally, disable
|
|
|
|
| all others. Then he will be authenticated and redirected to your app.
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Where to redirect users after resetting their password.
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $redirectTo = RouteServiceProvider::HOME;
|
2022-03-24 14:58:30 +01:00
|
|
|
|
2022-03-15 14:47:07 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the credential creation options to the user.
|
|
|
|
*
|
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
*
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
*/
|
|
|
|
public function options(Request $request): JsonResponse
|
|
|
|
{
|
|
|
|
$user = WebAuthn::getUser($request->validate($this->rules()));
|
|
|
|
|
|
|
|
// We will proceed only if the broker can find the user and the token is valid.
|
|
|
|
// If the user doesn't exists or the token is invalid, we will bail out with a
|
|
|
|
// HTTP 401 code because the user doing the request is not authorized for it.
|
|
|
|
abort_unless(WebAuthn::tokenExists($user, $request->input('token')), 401, __('auth.webauthn.invalid_recovery_token'));
|
|
|
|
|
|
|
|
return response()->json(WebAuthn::generateAttestation($user));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the response for a successful account recovery.
|
|
|
|
*
|
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
* @param string $response
|
|
|
|
*
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2022-03-31 08:38:35 +02:00
|
|
|
*
|
|
|
|
* @codeCoverageIgnore - already covered by larapass test
|
2022-03-15 14:47:07 +01:00
|
|
|
*/
|
|
|
|
protected function sendRecoveryResponse(Request $request, string $response): JsonResponse
|
|
|
|
{
|
|
|
|
return response()->json(['message' => __('auth.webauthn.device_successfully_registered')]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the response for a failed account recovery.
|
|
|
|
*
|
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
|
* @param string $response
|
|
|
|
*
|
2022-08-26 15:57:18 +02:00
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2022-03-15 14:47:07 +01:00
|
|
|
* @throws \Illuminate\Validation\ValidationException
|
2022-03-31 08:38:35 +02:00
|
|
|
*
|
|
|
|
* @codeCoverageIgnore - already covered by larapass test
|
2022-03-15 14:47:07 +01:00
|
|
|
*/
|
|
|
|
protected function sendRecoveryFailedResponse(Request $request, string $response): JsonResponse
|
|
|
|
{
|
|
|
|
throw ValidationException::withMessages(['email' => [trans($response)]]);
|
|
|
|
}
|
|
|
|
}
|