|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* balloon |
|
7
|
|
|
* |
|
8
|
|
|
* @copyright Copryright (c) 2012-2019 gyselroth GmbH (https://gyselroth.com) |
|
9
|
|
|
* @license GPL-3.0 https://opensource.org/licenses/GPL-3.0 |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Balloon\App\Webauthn\GrantType; |
|
13
|
|
|
|
|
14
|
|
|
use Balloon\App\Webauthn\RequestChallenge\RequestChallengeFactory; |
|
15
|
|
|
use Balloon\Hook; |
|
16
|
|
|
use Balloon\Server; |
|
17
|
|
|
use Dolondro\GoogleAuthenticator\GoogleAuthenticator; |
|
18
|
|
|
use Micro\Auth\Auth; |
|
19
|
|
|
use OAuth2\RequestInterface; |
|
20
|
|
|
use OAuth2\ResponseInterface; |
|
21
|
|
|
use Psr\Log\LoggerInterface; |
|
22
|
|
|
use Webauthn\AuthenticatorAssertionResponseValidator; |
|
23
|
|
|
use Webauthn\PublicKeyCredentialLoader; |
|
24
|
|
|
|
|
25
|
|
|
class WebauthnMfa extends Webauthn |
|
26
|
|
|
{ |
|
27
|
|
|
/** |
|
28
|
|
|
* GoogleAuthenticator. |
|
29
|
|
|
* |
|
30
|
|
|
* @var GoogleAuthenticator |
|
31
|
|
|
*/ |
|
32
|
|
|
protected $authenticator; |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* User details. |
|
36
|
|
|
* |
|
37
|
|
|
* @var array |
|
38
|
|
|
*/ |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* Init. |
|
42
|
|
|
*/ |
|
43
|
|
|
public function __construct(RequestChallengeFactory $request_challenge_factory, Server $server, Auth $auth, PublicKeyCredentialLoader $loader, AuthenticatorAssertionResponseValidator $validator, Hook $hook, GoogleAuthenticator $authenticator, LoggerInterface $logger) |
|
44
|
|
|
{ |
|
45
|
|
|
parent::__construct($request_challenge_factory, $server, $auth, $loader, $validator, $hook, $logger); |
|
46
|
|
|
$this->authenticator = $authenticator; |
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
|
|
/** |
|
50
|
|
|
* {@inheritdoc} |
|
51
|
|
|
*/ |
|
52
|
|
|
public function getQueryStringIdentifier() |
|
53
|
|
|
{ |
|
54
|
|
|
return 'webauthn_mfa'; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
/** |
|
58
|
|
|
* {@inheritdoc} |
|
59
|
|
|
*/ |
|
60
|
|
|
public function validateRequest(RequestInterface $request, ResponseInterface $response) |
|
61
|
|
|
{ |
|
62
|
|
View Code Duplication |
if (!$request->request('user') || !$request->request('public_key') || !$request->request('challenge') || !$request->request('code')) { |
|
|
|
|
|
|
63
|
|
|
$response->setError(400, 'invalid_request', 'Missing parameters: "user", "code", "public_key" and "challenge" required'); |
|
64
|
|
|
|
|
65
|
|
|
return null; |
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
$result = parent::validateRequest($request, $response); |
|
69
|
|
|
|
|
70
|
|
|
if (!isset($this->user['google_auth_secret'])) { |
|
71
|
|
|
throw new \LogicException('no google authenticator secret available'); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
View Code Duplication |
if ($this->authenticator->authenticate($this->user['google_auth_secret'], $request->request('code')) === false) { |
|
|
|
|
|
|
75
|
|
|
$response->setError(400, 'invalid_grant', 'Invalid auth code provided'); |
|
76
|
|
|
|
|
77
|
|
|
return null; |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
return $result; |
|
81
|
|
|
} |
|
82
|
|
|
} |
|
83
|
|
|
|
gyselroth /
balloon
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.