diff options
Diffstat (limited to 'lib/private/Authentication/WebAuthn/Manager.php')
| -rw-r--r-- | lib/private/Authentication/WebAuthn/Manager.php | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/lib/private/Authentication/WebAuthn/Manager.php b/lib/private/Authentication/WebAuthn/Manager.php index 007be245992..96dc0719b54 100644 --- a/lib/private/Authentication/WebAuthn/Manager.php +++ b/lib/private/Authentication/WebAuthn/Manager.php @@ -53,7 +53,7 @@ class Manager { CredentialRepository $repository, PublicKeyCredentialMapper $credentialMapper, LoggerInterface $logger, - IConfig $config + IConfig $config, ) { $this->repository = $repository; $this->credentialMapper = $credentialMapper; @@ -88,8 +88,8 @@ class Manager { ]; $authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( - null, - AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED, + AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE, + AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED, null, false, ); @@ -151,7 +151,8 @@ class Manager { } // Persist the data - return $this->repository->saveAndReturnCredentialSource($publicKeyCredentialSource, $name); + $userVerification = $response->attestationObject->authData->isUserVerified(); + return $this->repository->saveAndReturnCredentialSource($publicKeyCredentialSource, $name, $userVerification); } private function stripPort(string $serverHost): string { @@ -160,7 +161,11 @@ class Manager { public function startAuthentication(string $uid, string $serverHost): PublicKeyCredentialRequestOptions { // List of registered PublicKeyCredentialDescriptor classes associated to the user - $registeredPublicKeyCredentialDescriptors = array_map(function (PublicKeyCredentialEntity $entity) { + $userVerificationRequirement = AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED; + $registeredPublicKeyCredentialDescriptors = array_map(function (PublicKeyCredentialEntity $entity) use (&$userVerificationRequirement) { + if ($entity->getUserVerification() !== true) { + $userVerificationRequirement = AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED; + } $credential = $entity->toPublicKeyCredentialSource(); return new PublicKeyCredentialDescriptor( $credential->type, @@ -173,7 +178,7 @@ class Manager { random_bytes(32), // Challenge $this->stripPort($serverHost), // Relying Party ID $registeredPublicKeyCredentialDescriptors, // Registered PublicKeyCredentialDescriptor classes - AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED, + $userVerificationRequirement, 60000, // Timeout ); } @@ -241,14 +246,6 @@ class Manager { } public function isWebAuthnAvailable(): bool { - if (!extension_loaded('bcmath')) { - return false; - } - - if (!extension_loaded('gmp')) { - return false; - } - if (!$this->config->getSystemValueBool('auth.webauthn.enabled', true)) { return false; } |