json([ 'message' => 'no registered user' ], 400); } else $request->merge(['email' => $user->email]); return $this->traitOptions($request); } /** * Log the user in. * * @param \Illuminate\Http\Request $request * * @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse */ public function login(Request $request) { Log::info('User login via webauthn requested'); $request->validate($this->assertionRules()); if ($request->has('response')) { $response = $request->response; // Some authenticators do not send a userHandle so we hack the response to be compliant // with Larapass/webauthn-lib implementation that wait for a userHandle if(!$response['userHandle']) { $user = User::getFromCredentialId($request->id); $response['userHandle'] = base64_encode($user->userHandle()); $request->merge(['response' => $response]); } } return $this->traitLogin($request); } /** * The user has been authenticated. * * @param \Illuminate\Http\Request $request * @param mixed $user * * @return void|\Illuminate\Http\JsonResponse */ protected function authenticated(Request $request, $user) { $user->last_seen_at = Carbon::now()->format('Y-m-d H:i:s'); $user->save(); Log::info('User authenticated via webauthn'); } }