selfhosted
/
2FAuth
mirror of https://github.com/Bubka/2FAuth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix missing admin permissions on WebAuthn login - Closes #326

This commit is contained in:
Bubka 2024-03-19 18:13:35 +01:00
parent f4624e2793
commit f2c9f8aaa8
3 changed files with 79 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/Auth/WebAuthnLoginController.php
View File

@ -147,8 +147,11 @@ class WebAuthnLoginController extends Controller
return response()->json([
'message' => 'authenticated',
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
'preferences' => $user->preferences,
'is_admin' => $user->isAdministrator(),
], Response::HTTP_OK);
}

32
tests/Feature/Http/Auth/LoginTest.php
View File

@ -28,6 +28,11 @@ class LoginTest extends FeatureTestCase
*/
protected $user;
/**
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
*/
protected $admin;
private const PASSWORD = 'password';
private const WRONG_PASSWORD = 'wrong_password';
@ -39,7 +44,8 @@ class LoginTest extends FeatureTestCase
{
parent::setUp();
$this->user = User::factory()->create();
$this->user = User::factory()->create();
$this->admin = User::factory()->administrator()->create();
}
/**
@ -53,16 +59,32 @@ class LoginTest extends FeatureTestCase
])
->assertOk()
->assertJsonFragment([
'message' => 'authenticated',
'name' => $this->user->name,
'message' => 'authenticated',
'id' => $this->user->id,
'name' => $this->user->name,
'email' => $this->user->email,
'is_admin' => false,
])
->assertJsonStructure([
'message',
'name',
'preferences',
]);
}
/**
* @test
*/
public function test_admin_login_returns_admin_role()
{
$response = $this->json('POST', '/user/login', [
'email' => $this->admin->email,
'password' => self::PASSWORD,
])
->assertOk()
->assertJsonFragment([
'is_admin' => true,
]);
}
/**
* @test
*

53
tests/Feature/Http/Auth/WebAuthnLoginControllerTest.php
View File

@ -25,6 +25,11 @@ class WebAuthnLoginControllerTest extends FeatureTestCase
*/
protected $user;
/**
* @var \App\Models\User
*/
protected $admin;
const CREDENTIAL_ID = 's06aG41wsIYh5X1YUhB-SlH8y3F2RzdJZVse8iXRXOCd3oqQdEyCOsBawzxrYBtJRQA2azAMEN_q19TUp6iMgg';
const CREDENTIAL_ID_ALT = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
@ -125,16 +130,56 @@ class WebAuthnLoginControllerTest extends FeatureTestCase
$this->json('POST', '/webauthn/login', self::ASSERTION_RESPONSE)
->assertOk()
->assertJsonFragment([
'message' => 'authenticated',
'name' => $this->user->name,
'message' => 'authenticated',
'id' => $this->user->id,
'name' => $this->user->name,
'email' => $this->user->email,
'is_admin' => false,
])
->assertJsonStructure([
'message',
'name',
'preferences',
]);
}
/**
* @test
*/
public function test_webauthn_admin_login_returns_admin_role()
{
$this->admin = User::factory()->administrator()->create(['email' => self::EMAIL]);
DB::table('webauthn_credentials')->insert([
'id' => self::CREDENTIAL_ID_ALT,
'authenticatable_type' => \App\Models\User::class,
'authenticatable_id' => $this->admin->id,
'user_id' => self::USER_ID_ALT,
'counter' => 0,
'rp_id' => 'http://localhost',
'origin' => 'http://localhost',
'aaguid' => '00000000-0000-0000-0000-000000000000',
'attestation_format' => 'none',
'public_key' => self::PUBLIC_KEY,
'updated_at' => now(),
'created_at' => now(),
]);
$this->session(['_webauthn' => new \Laragear\WebAuthn\Challenge(
new \Laragear\WebAuthn\ByteBuffer(base64_decode(self::ASSERTION_CHALLENGE)),
60,
false,
)]);
$this->mock(AssertionValidator::class)
->expects('send->thenReturn')
->andReturn();
$this->json('POST', '/webauthn/login', self::ASSERTION_RESPONSE)
->assertOk()
->assertJsonFragment([
'is_admin' => true,
]);
}
/**
* @test
*/