2FAuth/app/Extensions/WebauthnCredentialBroker.php

70 lines
1.8 KiB
PHP

<?php
namespace App\Extensions;
use App\Models\WebAuthnAuthenticatable;
use Closure;
use Illuminate\Auth\Passwords\PasswordBroker;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Support\Facades\Log;
class WebauthnCredentialBroker extends PasswordBroker
{
/**
* Send a password reset link to a user.
*
* @param array $credentials
* @param \Closure|null $callback
* @return string
*/
public function sendResetLink(array $credentials, Closure $callback = null) : string
{
/**
* @var \App\Models\User
*/
$user = $this->getUser($credentials);
if (! $user instanceof WebAuthnAuthenticatable) {
return static::INVALID_USER;
}
if ($this->tokens->recentlyCreatedToken($user)) {
return static::RESET_THROTTLED;
}
$token = $this->tokens->create($user);
if ($callback) {
$callback($user, $token); // @codeCoverageIgnore
} else {
$user->sendWebauthnRecoveryNotification($token);
}
Log::notice(sprintf('Webauthn recovery email sent to user ID #%s', $user->id));
return static::RESET_LINK_SENT;
}
/**
* Reset the password for the given token.
*
* @param array $credentials
* @param \Closure $callback
* @return \Illuminate\Contracts\Auth\CanResetPassword|string
*/
public function reset(array $credentials, Closure $callback)
{
$user = $this->validateReset($credentials);
if (! $user instanceof CanResetPasswordContract || ! $user instanceof WebAuthnAuthenticatable) {
return $user;
}
$callback($user);
$this->tokens->delete($user);
return static::PASSWORD_RESET;
}
}