mirror of
https://github.com/Bubka/2FAuth.git
synced 2025-06-21 04:07:44 +02:00
Fix the user provider not honoring the useWebauthnOnly option
This commit is contained in:
parent
47be24b60f
commit
4006deb1e0
28
app/Extensions/WebauthnTwoFAuthUserProvider.php
Normal file
28
app/Extensions/WebauthnTwoFAuthUserProvider.php
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Extensions;
|
||||||
|
|
||||||
|
use Illuminate\Auth\EloquentUserProvider;
|
||||||
|
use App\Models\WebAuthnAuthenticatable;
|
||||||
|
use Laragear\WebAuthn\Auth\WebAuthnUserProvider;
|
||||||
|
|
||||||
|
class WebauthnTwoFAuthUserProvider extends WebAuthnUserProvider
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Validate a user against the given credentials.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Contracts\Auth\Authenticatable|\App\Models\WebAuthnAuthenticatable|\App\Models\User $user
|
||||||
|
* @param array $credentials
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function validateCredentials($user, array $credentials): bool
|
||||||
|
{
|
||||||
|
if ($user instanceof WebAuthnAuthenticatable && $this->isSignedChallenge($credentials)) {
|
||||||
|
return $this->validateWebAuthn();
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the user disabled the fallback is enabled, we will validate the credential password.
|
||||||
|
return $user->preferences['useWebauthnOnly'] == false && EloquentUserProvider::validateCredentials($user, $credentials);
|
||||||
|
}
|
||||||
|
}
|
@ -88,19 +88,17 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
return new ReverseProxyGuard(Auth::createUserProvider($config['provider']));
|
return new ReverseProxyGuard(Auth::createUserProvider($config['provider']));
|
||||||
});
|
});
|
||||||
|
|
||||||
// Previously we were using a custom user provider derived from the Larapass user provider
|
// We use a custom user provider derivated from the Laragear\WebAuthn one to honor the "useWebauthnOnly" user option.
|
||||||
// in order to honor the "useWebauthnOnly" user option.
|
// As this option is now available in the $user->preferences array it is no more possible to overload the $fallback
|
||||||
// Since Laragear\WebAuthn now replaces DarkGhostHunter\Larapass, the new approach is
|
// value here because $user is not available at registration.
|
||||||
// simplier: We overload the 'eloquent-webauthn' registration from Laragear\WebAuthn\WebAuthnServiceProvider
|
|
||||||
// with a custom closure that uses the "useWebauthnOnly" user option
|
|
||||||
Auth::provider(
|
Auth::provider(
|
||||||
'eloquent-webauthn',
|
'eloquent-webauthn',
|
||||||
static function (\Illuminate\Contracts\Foundation\Application $app, array $config) : \Laragear\WebAuthn\Auth\WebAuthnUserProvider {
|
static function (\Illuminate\Contracts\Foundation\Application $app, array $config) : \Laragear\WebAuthn\Auth\WebAuthnUserProvider {
|
||||||
return new \Laragear\WebAuthn\Auth\WebAuthnUserProvider(
|
return new \App\Extensions\WebauthnTwoFAuthUserProvider(
|
||||||
$app->make('hash'),
|
$app->make('hash'),
|
||||||
$config['model'],
|
$config['model'],
|
||||||
$app->make(\Laragear\WebAuthn\Assertion\Validator\AssertionValidator::class),
|
$app->make(\Laragear\WebAuthn\Assertion\Validator\AssertionValidator::class),
|
||||||
Settings::get('useWebauthnOnly') ? false : true
|
true
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user