darkghosthunter / larapass Goto Github PK
View Code? Open in Web Editor NEWAuthenticate users with just their device, fingerprint or biometric data. Goodbye passwords!
License: MIT License
Authenticate users with just their device, fingerprint or biometric data. Goodbye passwords!
License: MIT License
Laravel 8 not supported
It seems that the JSON type doesn't like none as a value for attestation_type
SQLSTATE[22032]: <>: 3140 Invalid JSON text: "Invalid value." at position 1 in value for column 'web_authn_credentials.attestation_type'. (SQL: insert into web_authn_credentials (id, user_handle, type, transports, attestation_type, trust_path, aaguid, public_key, counter, user_id, updated_at, created_at) values (q5Nd7GrQztOkUeWUXA-X_2XiJUc, 076f0803-2531-436d-ae4f-0e4f45a9f6e7, public-key, [], none, {"type":"Webauthn\TrustPath\EmptyTrustPath"}, 00000000-0000-0000-0000-000000000000, ����& �!X �d����"�������@�{0���p����`�x~��"X j��6���2�������6v��'"���:^b.:A�Y, 0, 1, 2021-06-12 13:11:26, 2021-06-12 13:11:26))
To make it work and test TouchID register and login I updated
'attestation_type' => json_encode($source->getAttestationType()),
public static function fromCredentialSource(CredentialSource $source)
{
return ($model = new static())->fill(
[
$model->getKeyName() => $source->getPublicKeyCredentialId(),
'user_handle' => $source->getUserHandle(),
'type' => $source->getType(),
'transports' => $source->getTransports(),
'attestation_type' => json_encode($source->getAttestationType()),
'trust_path' => $source->getTrustPath()->jsonSerialize(),
'aaguid' => $source->getAaguid()->toString(),
'public_key' => $source->getCredentialPublicKey(),
'counter' => $source->getCounter(),
]
);
}
Not sure if that's the proper fix, but it allowed me to test the process.
File: WebAuthnAssertValidator
public function validate(array $data)
{
if (!$assertion = $this->retrieveAssertion()) {
return false;
}
try {
$credentials = $this->loader->loadArray($data);
$response = $credentials->getResponse();
if (!$response instanceof AuthenticatorAssertionResponse) {
return false;
}
return $this->validator->check(
$credentials->getRawId(),
$response,
$this->retrieveAssertion(),
$this->request,
$response->getUserHandle(),
[$this->getCurrentRpId($assertion)]
);
} catch (InvalidArgumentException $exception) {
return false;
} finally {
$this->cache->forget($this->cacheKey());
}
}
i think this is some bug $response->getUserHandle(), allways null, no change to the setting will take effect.
but i change $response->getUserHandle(), -> request()->user()->userEntity()->getId(), all working fine..
I think I'm doing something wrong i use yubikeys and i'm tested default settings and change allmoust everything but no luck.
so i ask what needs to be done differently to get the result to $response->getUserHandle(),??
While trying to run migration 2020_07_24_075358_create_web_authn_tables
I get following error
SQLSTATE[42000]: Syntax error or access violation: 1170 BLOB/TEXT column 'id' used in key specification without a key length (SQL: alter table `web_authn_credentials` add primary key `web_authn_credentials_id_user_id_primary`(`id`, `user_id`))
I'm running this in homestead with
$ mysql --version
mysql Ver 15.1 Distrib 10.4.13-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Any idea what would be sufficient key length?
On following environment:
PHP 7.4.8
Laravel v7.21
Default configuration for larapass.php
On registration process, I got the error:
Response for /webauthn/register/options
:
{"rp":{"name":"Laravel"},"pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-8},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-257}],"challenge":"nB15sPSpNaZNc_qo3RexMg","attestation":"none","user":{"name":"[email protected]","id":"MzQ5MDE3ZTEtYjU2Zi00YWM0LTlkYjEtZmNmZGMyOGE2ZTg3","displayName":"admin"},"authenticatorSelection":{"requireResidentKey":false,"userVerification":"preferred"},"timeout":60000}
On /webauthn/register
:
I think that the reason may be the encoded id/rawId values, because the exception is thrown while attaching the credentials to the user.
As I saw, in
Larapass/src/WebAuthnAuthentication.php
Lines 87 to 92 in fcb0991
$json['id']
and $json['rawId']
, we got a non UTF-8 string.
This provokes the following mysql error:
SQLSTATE[HY000]: General error: 1366 Incorrect string value: '\xFD\x81\x06[@z...' for column 'id' at row 1 (SQL: insert into `web_authn_credentials` (`id`, `user_handle`, `type`, `transports`, `attestation_type`, `trust_path`, `aaguid`, `public_key`, `counter`, `user_id`, `updated_at`, `created_at`) values (\t²ü\x06[@z!6\x18Bâ¥c\x192P´─╩6ÆÒÝÅ ╩WsE;É, 624905a3-f0ba-4ad1-8186-cc7b5da7cb37, public-key, [], none, {"type":"Webauthn\\TrustPath\\EmptyTrustPath"}, 00000000-0000-0000-0000-000000000000, Ñ\x01\x02\x03& \x01!X \x14bÿâ^a? TÂפ¨Æ\x18Y·┌©j¾\fr\x16ó░┌í├Ad"X èÄð|áı%Tàóês\x08Æø·F┌+\x04TG¶CK╬┬U┐\x19F=, 1, 1, 2020-07-29 07:01:07, 2020-07-29 07:01:07)) ◀SQLSTATE[HY000]: General error: 1366 Incorrect string value: '\xFD\x81\x06[@z...' for column 'id' at row 1 (SQL: insert into `web_authn_credentials` (`id`, `use...
Hi all
what this should be, i can't find help in the document?
As you can see, Larapass has no Laravel 9 support.
I'm holding updates back as until I finish a big rewrite. Once done, a new version will be up targeting Laravel 9, and will be available at Laragear.
If you want to speedy up development, you can hit me in Patreon.
I've opened a PR which should fix it :) #18
Hi,
larapass support yobikey or google cloud key or something other secure usb keys ?
I have an issue using Yubikeys.
I've created an example application with a fresh Laravel installation and breeze for authentication. My goal is to use this package for a second factor after login.
However, I've just followed your installation guide, use the default published controller and everything.
It works flawlessly with chromes "this device" feature (im on macOS). I can register new keys and login using them.
However, if I try to use Yubikeys, only the registration works. They are stored correctly in the database. When trying to login, I get a 422 response.
I've installed telescope and it shows that the package bails because of an "Assert\InvalidArgumentException: User handle is mandatory
" error. The Database entry has the user_handle column filled.
Stacktrace:
/var/www/html/vendor/beberlei/assert/lib/Assert/Assertion.php:642
/var/www/html/vendor/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php:125
/var/www/html/vendor/darkghosthunter/larapass/src/WebAuthn/WebAuthnAssertValidator.php:224
/var/www/html/vendor/darkghosthunter/larapass/src/Auth/EloquentWebAuthnProvider.php:85
/var/www/html/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php:422
/var/www/html/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php:371
/var/www/html/vendor/darkghosthunter/larapass/src/Http/AuthenticatesWebAuthn.php:120
/var/www/html/vendor/darkghosthunter/larapass/src/Http/AuthenticatesWebAuthn.php:90
---
Is there something I've misconfigured?
Thanks in advance!
I don't have much experience of webauthn.
My issue is I don't see fingerprint option in the window. (Check attached image) just only usb security key is appearing.
Issue Image : https://drive.google.com/file/d/1KYVs1tKeUe4MJ5_-Eo24RQc-5OXxf5Kr/view?usp=sharing
I get same results using bellow link. It just show only usb security key option. Please check.
https://webauthn.bin.coffee/
But I can fingerprint is working correctly bellow links.
https://webauthn.me/
https://webauthn.io/
My problem is why I don't see fingerprint and pin option when using larapass.
There is another issue the library is not working for browsers in mobile phones. Even Chrome.
I am waiting for solution.
Regards,
Pasindu.
I just installed this package on a Laravel 7 project, when trying to migrate it gives the error, also the project is throwing Error 500.
The full log is:
PHP Fatal error: Uncaught TypeError: Argument 1 passed to Webauthn\PublicKeyCredentialRpEntity::__construct() must be of the type string, null given, called in /home/douglas/repos/newproject/vendor/darkghosthunter/larapass/src/LarapassServiceProvider.php on line 145 and defined in /home/douglas/repos/newproject/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialRpEntity.php:25
Stack trace:
#0 /home/douglas/repos/newproject/vendor/darkghosthunter/larapass/src/LarapassServiceProvider.php(145): Webauthn\PublicKeyCredentialRpEntity->__construct()
#1 /home/douglas/repos/newproject/vendor/laravel/framework/src/Illuminate/Container/Container.php(805): DarkGhostHunter\Larapass\LarapassServiceProvider::DarkGhostHunter\Larapass\{closure}()
#2 /home/douglas/repos/newproject/vendor/laravel/framework/src/Illuminate/Container/Container.php(691): Illuminate\Container\Container->build()
#3 /home/douglas/repos/newproject/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(796): Illuminate\Container\Container->resol in /home/douglas/repos/newproject/vendor/web-auth/webauthn-lib/src/PublicKeyCredentialRpEntity.php on line 25
I've changed the web-authn version from 3.3.1 to 3.2 manually, made cache:clear route:clear and config:clear, deleted vendor folder and composer.lock and reinstalled everything and the same issue is happening.
Anyone is having the same issue?
Hi,
Is it possible to check if the user has webauth enabled on this device to show a button on login for them to use the webauth login?
The package is working fine with Google Chrome Desktop on a Windows 10 PC using windows hello, however in android the devices register successfully as I can see the data on the log but when trying to login the userHandle says NULL while on the desktop the userHandle has the uuid.
Working Google Chrome with Windows 10:
array (
'id' => 'dJjow4rF261_sEpbZKq1jPCsf122ssRZY9y4aL-qUnE',
'rawId' => 'dJjow4rF261/sEpbZKq1jPCsf122ssRZY9y4aL+qUnE=',
'response' =>
array (
'authenticatorData' => 'dVNCo7N4HwFvr8OfsnhZHulzNq/CpP4Dcq2AFBnmp4EFAAAAAg==',
'clientDataJSON' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiLVE0ZWdMSTY5bHJMX0otN0xqY09IUSIsIm9yaWdpbiI6Imh0dHBzOi8vc3RhZ2luZy50dXJpY29pbi5uZXQiLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm90aGVyX2tleXNfY2FuX2JlX2FkZGVkX2hlcmUiOiJkbyBub3QgY29tcGFyZSBjbGllbnREYXRhSlNPTiBhZ2FpbnN0IGEgdGVtcGxhdGUuIFNlZSBodHRwczovL2dvby5nbC95YWJQZXgifQ==',
'signature' => 'odVDuyRMw9YIlx+mzhs76VcKSMvCc7C+TBKmdzZGzWLsuUdqWroAN14vxkuge2w+KKYQnfoXLUAazLe94MhIBBktAPaEvvgSPUq0DB98FMoCzI81BsB2Yi1m32KbPO+OtpEZeaWMeCSddtNTFMntb8vmorvYO1vTwQGBlJidQZS7b39Kh7ixW/G6S3YwwMHVtG/g12/JnpkpzjbzWGvrx7oHgt0vhUevnppuTZhilFvygUkRZeCspEr1KIhP+1w+xyGd4Auom+iXieuHV+hQCyfQc03e3ZO3uauqIwyrFue9CWNJ9tqAxkyupqgcf1BUJfBSLe9Dcr7cdNfjgrw0Ag==',
'userHandle' => 'ZTc5MWJkZGEtYzRhMS00MjRiLTg2NjItZTU3YzRhYmIzNDVi',
),
'type' => 'public-key',
)
Not Working Google Chrome on Android 10:
array (
'id' => 'Aaf2Op4CSSB0SenC-JnJ9nGKfCLrq-OO_w2K_I2nYM6vOBWCvWr-r2ECE-1a6y0j93lQIk5rugYwoX37DHZoYig',
'type' => 'public-key',
'rawId' => 'Aaf2Op4CSSB0SenC+JnJ9nGKfCLrq+OO/w2K/I2nYM6vOBWCvWr+r2ECE+1a6y0j93lQIk5rugYwoX37DHZoYig=',
'response' =>
array (
'clientDataJSON' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiY2dWcGxTa1lfd2N2RHdiYjBrQXRsQSIsIm9yaWdpbiI6Imh0dHBzOlwvXC9zdGFnaW5nLnR1cmljb2luLm5ldCIsImFuZHJvaWRQYWNrYWdlTmFtZSI6ImNvbS5hbmRyb2lkLmNocm9tZSJ9',
'authenticatorData' => 'dVNCo7N4HwFvr8OfsnhZHulzNq/CpP4Dcq2AFBnmp4EFAAAAAg==',
'signature' => 'MEUCICcWlIP3H2yeSXHKGTr3SRPS6ES+tRMpLIKv+y28XRzuAiEA3pqJEbBqnZNBjVl+4PNHk3vghKE7DEm7sDiBt5AbjAQ=',
'userHandle' => NULL,
),
)
The userHandle index is empty so this leads to the library response 422
When attempting to register my YubiKey using Larapass I run into the following error: "SQLSTATE[22021]: Character not in repertoire: 7 ERROR: invalid byte sequence for encoding "UTF8": 0xa5 (SQL: insert into "web_authn_credentials" ("id", "user_handle", "type", "transports", "attestation_type", "trust_path", "aaguid", "public_key", "counter", "user_id", "updated_at", "created_at") values (...)
This appears to be happening on the store of the model into the database (ONLY WHEN USING POSTGRES, not in MySQL) and I can't seem to patch it myself. I have verified that the database is using UTF-8 as its encoding. Any help would be greatly appreciated
Here are the versions I am using:
Laravel 8.x
Postgres 11.5
PHP 8.0
The registration of a device (android displaylock fingeprint) works perfectly and generates following database entry.
INSERT INTO `web_authn_credentials` (`id`, `user_id`, `name`, `type`, `transports`, `attestation_type`, `trust_path`, `aaguid`, `public_key`, `counter`, `user_handle`, `created_at`, `updated_at`, `disabled_at`) VALUES
('AUlo', 1, NULL, 'public-key', '[]', 'none', '{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"}', '00000000-0000-0000-0000-000000000000', 0xae, 0, '1afgcc4a-92b7-465f-9967-09c28fgfb2c8', '2021-04-30 13:30:29', '2021-04-30 13:30:29', NULL);
(Data obfuscated :) )
But login with either email or typeless fails with following log entries:
[2021-04-30 15:59:04] local.INFO: Trying to load data from an array {"data":{"id":"lo","rawId":"AAlo=","response":{"authenticatorData":"AAg==","clientDataJSON":"In0=","signature":"Czg==","userHandle":""},"type":"public-key"}}
[2021-04-30 15:59:04] local.INFO: The data has been loaded
[2021-04-30 15:59:04] local.DEBUG: Public Key Credential {"publicKeyCredential":{"Webauthn\\PublicKeyCredential":"{}"}}
[2021-04-30 15:59:04] local.INFO: Checking the authenticator assertion response {"credentialId":"\Z","authenticatorAssertionResponse":{"Webauthn\\AuthenticatorAssertionResponse":[]},"publicKeyCredentialRequestOptions":{"Webauthn\\PublicKeyCredentialRequestOptions":{"challenge":"E","userVerification":"preferred","allowCredentials":[{"type":"public-key","id":"lo"}],"timeout":60000}},"host":"somedomain.de","userHandle":""}
[2021-04-30 15:59:04] local.ERROR: An error occurred {"exception":"[object] (Assert\\InvalidArgumentException(code: 33): Invalid user handle at vendor/beberlei/assert/lib/Assert/Assertion.php:2723)
(Data obfuscated :) )
Somehow no user handle is available to authenticate against. So maybe either the stored credential data is incorrect or something else is broken.
I followed the implementation guide exactly. (Laravel 8.38)
Any help ? Thanks
Hi @DarkGhostHunter, it might be worth to add "hacktoberfest" tag to your repo as this is great package !
i got this error when i want to install package in laravel 8
[InvalidArgumentException]
Package darkghosthunter/larapass has a PHP requirement incompatible with your PHP version, PHP extensions and Compo ser version
please fix this issue
I'm testing the package using MongoDB and jenssegers/mongodb
as my default database.
The problem is that all models needs to extend from mongo class.
I'm able to make it work by updating src/Eloquent/WebAuthnCredential.php
:
from use Illuminate\Database\Eloquent\Model;
to use Jenssegers\Mongodb\Eloquent\Model;
so, my question: do you have any suggestion how/where i can override this class?
like copy to App\Models or something like that ...
Hi,
When using the Larapass config file, the challenge configuration includes 'cache' => env('WEBAUTHN_CACHE')
.
What are possible values for WEBAUTHN_CACHE
? Same as CACHE_DRIVER
? i.e file
Thx
Unable to install in Laravel 9
I have a fresh laravel install with laravel/ui --auth initialized.
Then I pulled in your package as described and stuck at Point 5. Your javascript file won't be read from browser unless the #
will be changed to '_' or something like that.
After that I changed the register form where the user can register (/register) and added your script to be called on submit. The only route that was called was /webauthn/register/options
and it solved in a 401 Unauthorized. I think I did something wrong, but I did not see any. My case is to register a brand new unknown user to the app.
The bug from #14 did I fixed too.
Please help me.
Do you know/have a list of hardware and software (e.g. Windows Hello, https://krypt.co/ ) solutions?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.