2FAuth/database/migrations/2022_10_20_122032_create_webauthn_credentials.php

102 lines
3.7 KiB
PHP

<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\DB;
/**
* @see \Laragear\WebAuthn\Models\WebAuthnCredential
*/
return new class extends Migration {
/**
* Run the migrations.
*
* @return void
*/
public function up(): void
{
// We reset the user option 'useWebauthnOnly' to prevent lockout
DB::table('options')->where('key', 'useWebauthnOnly')->delete();
Schema::create('webauthn_credentials', static function (Blueprint $table): void {
static::defaultBlueprint($table);
});
Schema::dropIfExists('web_authn_credentials');
Schema::rename('web_authn_recoveries', 'webauthn_recoveries');
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down(): void
{
Schema::dropIfExists('webauthn_credentials');
Schema::rename('webauthn_recoveries', 'web_authn_recoveries');
Schema::create('web_authn_credentials', function (Blueprint $table) {
// This must be the exact same definition as migration 2021_12_03_220140_create_web_authn_tables.php
$table->string('id', 191);
$table->unsignedBigInteger('user_id');
$table->string('name')->nullable();
$table->string('type', 16);
$table->json('transports');
$table->string('attestation_type');
$table->json('trust_path');
$table->uuid('aaguid');
$table->binary('public_key');
$table->unsignedInteger('counter')->default(0);
$table->uuid('user_handle')->nullable();
$table->timestamps();
$table->softDeletes('disabled_at');
$table->primary(['id', 'user_id']);
});
}
/**
* Generate the default blueprint for the WebAuthn credentials table.
*
* @param \Illuminate\Database\Schema\Blueprint $table
* @return void
*/
protected static function defaultBlueprint(Blueprint $table): void
{
$table->string('id')->primary();
$table->morphs('authenticatable', 'webauthn_user_index');
// This is the user UUID that is generated automatically when a credential for the
// given user is created. If a second credential is created, this UUID is queried
// and then copied on top of the new one, this way the real User ID doesn't change.
$table->uuid('user_id');
// The app may allow the user to name or rename a credential to a friendly name,
// like "John's iPhone" or "Office Computer".
$table->string('alias')->nullable();
// Allows to detect cloned credentials when the assertion does not have this same counter.
$table->unsignedBigInteger('counter')->nullable();
// Who created the credential. Should be the same reported by the Authenticator.
$table->string('rp_id');
// Where the credential was created. Should be the same reported by the Authenticator.
$table->string('origin');
$table->json('transports')->nullable();
$table->uuid('aaguid')->nullable(); // GUID are essentially UUID
// This is the public key the credential uses to verify the challenges.
$table->text('public_key');
// The attestation of the public key.
$table->string('attestation_format')->default('none');
// This would hold the certificate chain for other different attestation formats.
$table->json('certificates')->nullable();
// A way to disable the credential without deleting it.
$table->timestamp('disabled_at')->nullable();
$table->timestamps();
}
};