mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-25 16:39:13 +01:00
102 lines
3.7 KiB
PHP
102 lines
3.7 KiB
PHP
<?php
|
|
|
|
use Illuminate\Database\Migrations\Migration;
|
|
use Illuminate\Database\Schema\Blueprint;
|
|
use Illuminate\Support\Facades\Schema;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
/**
|
|
* @see \Laragear\WebAuthn\Models\WebAuthnCredential
|
|
*/
|
|
return new class extends Migration {
|
|
|
|
/**
|
|
* Run the migrations.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function up(): void
|
|
{
|
|
// We reset the user option 'useWebauthnOnly' to prevent lockout
|
|
DB::table('options')->where('key', 'useWebauthnOnly')->delete();
|
|
|
|
Schema::create('webauthn_credentials', static function (Blueprint $table): void {
|
|
static::defaultBlueprint($table);
|
|
});
|
|
|
|
Schema::dropIfExists('web_authn_credentials');
|
|
Schema::rename('web_authn_recoveries', 'webauthn_recoveries');
|
|
}
|
|
|
|
/**
|
|
* Reverse the migrations.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function down(): void
|
|
{
|
|
Schema::dropIfExists('webauthn_credentials');
|
|
Schema::rename('webauthn_recoveries', 'web_authn_recoveries');
|
|
|
|
Schema::create('web_authn_credentials', function (Blueprint $table) {
|
|
// This must be the exact same definition as migration 2021_12_03_220140_create_web_authn_tables.php
|
|
$table->string('id', 191);
|
|
$table->unsignedBigInteger('user_id');
|
|
$table->string('name')->nullable();
|
|
$table->string('type', 16);
|
|
$table->json('transports');
|
|
$table->string('attestation_type');
|
|
$table->json('trust_path');
|
|
$table->uuid('aaguid');
|
|
$table->binary('public_key');
|
|
$table->unsignedInteger('counter')->default(0);
|
|
$table->uuid('user_handle')->nullable();
|
|
$table->timestamps();
|
|
$table->softDeletes('disabled_at');
|
|
$table->primary(['id', 'user_id']);
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Generate the default blueprint for the WebAuthn credentials table.
|
|
*
|
|
* @param \Illuminate\Database\Schema\Blueprint $table
|
|
* @return void
|
|
*/
|
|
protected static function defaultBlueprint(Blueprint $table): void
|
|
{
|
|
$table->string('id')->primary();
|
|
|
|
$table->morphs('authenticatable', 'webauthn_user_index');
|
|
|
|
// This is the user UUID that is generated automatically when a credential for the
|
|
// given user is created. If a second credential is created, this UUID is queried
|
|
// and then copied on top of the new one, this way the real User ID doesn't change.
|
|
$table->uuid('user_id');
|
|
|
|
// The app may allow the user to name or rename a credential to a friendly name,
|
|
// like "John's iPhone" or "Office Computer".
|
|
$table->string('alias')->nullable();
|
|
|
|
// Allows to detect cloned credentials when the assertion does not have this same counter.
|
|
$table->unsignedBigInteger('counter')->nullable();
|
|
// Who created the credential. Should be the same reported by the Authenticator.
|
|
$table->string('rp_id');
|
|
// Where the credential was created. Should be the same reported by the Authenticator.
|
|
$table->string('origin');
|
|
$table->json('transports')->nullable();
|
|
$table->uuid('aaguid')->nullable(); // GUID are essentially UUID
|
|
|
|
// This is the public key the credential uses to verify the challenges.
|
|
$table->text('public_key');
|
|
// The attestation of the public key.
|
|
$table->string('attestation_format')->default('none');
|
|
// This would hold the certificate chain for other different attestation formats.
|
|
$table->json('certificates')->nullable();
|
|
|
|
// A way to disable the credential without deleting it.
|
|
$table->timestamp('disabled_at')->nullable();
|
|
$table->timestamps();
|
|
}
|
|
};
|