mirror of https://github.com/Bubka/2FAuth.git
Fix the user provider not honoring the useWebauthnOnly option
This commit is contained in:
parent
47be24b60f
commit
4006deb1e0
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
namespace App\Extensions;
|
||||
|
||||
use Illuminate\Auth\EloquentUserProvider;
|
||||
use App\Models\WebAuthnAuthenticatable;
|
||||
use Laragear\WebAuthn\Auth\WebAuthnUserProvider;
|
||||
|
||||
class WebauthnTwoFAuthUserProvider extends WebAuthnUserProvider
|
||||
{
|
||||
/**
|
||||
* Validate a user against the given credentials.
|
||||
*
|
||||
* @param \Illuminate\Contracts\Auth\Authenticatable|\App\Models\WebAuthnAuthenticatable|\App\Models\User $user
|
||||
* @param array $credentials
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function validateCredentials($user, array $credentials): bool
|
||||
{
|
||||
if ($user instanceof WebAuthnAuthenticatable && $this->isSignedChallenge($credentials)) {
|
||||
return $this->validateWebAuthn();
|
||||
}
|
||||
|
||||
// If the user disabled the fallback is enabled, we will validate the credential password.
|
||||
return $user->preferences['useWebauthnOnly'] == false && EloquentUserProvider::validateCredentials($user, $credentials);
|
||||
}
|
||||
}
|
|
@ -88,19 +88,17 @@ class AuthServiceProvider extends ServiceProvider
|
|||
return new ReverseProxyGuard(Auth::createUserProvider($config['provider']));
|
||||
});
|
||||
|
||||
// Previously we were using a custom user provider derived from the Larapass user provider
|
||||
// in order to honor the "useWebauthnOnly" user option.
|
||||
// Since Laragear\WebAuthn now replaces DarkGhostHunter\Larapass, the new approach is
|
||||
// simplier: We overload the 'eloquent-webauthn' registration from Laragear\WebAuthn\WebAuthnServiceProvider
|
||||
// with a custom closure that uses the "useWebauthnOnly" user option
|
||||
// We use a custom user provider derivated from the Laragear\WebAuthn one to honor the "useWebauthnOnly" user option.
|
||||
// As this option is now available in the $user->preferences array it is no more possible to overload the $fallback
|
||||
// value here because $user is not available at registration.
|
||||
Auth::provider(
|
||||
'eloquent-webauthn',
|
||||
static function (\Illuminate\Contracts\Foundation\Application $app, array $config) : \Laragear\WebAuthn\Auth\WebAuthnUserProvider {
|
||||
return new \Laragear\WebAuthn\Auth\WebAuthnUserProvider(
|
||||
return new \App\Extensions\WebauthnTwoFAuthUserProvider(
|
||||
$app->make('hash'),
|
||||
$config['model'],
|
||||
$app->make(\Laragear\WebAuthn\Assertion\Validator\AssertionValidator::class),
|
||||
Settings::get('useWebauthnOnly') ? false : true
|
||||
true
|
||||
);
|
||||
}
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue