webauthn-framework icon indicating copy to clipboard operation
webauthn-framework copied to clipboard

Published 20 hours ago verified publisher icon web-auth

Not work check Authenticate Users, Invalid user handler

Open dizard opened this issue 1 year ago • 1 comments

Version(s) affected

4.8

Description

/** @var PublicKeyCredential $publicKeyCredential */
        $publicKeyCredential = $serializer->deserialize(
            $request->getContent(),
            PublicKeyCredential::class,
            'json'
        );
        $authenticatorAssertionResponse = $publicKeyCredential->response;

        if (! $authenticatorAssertionResponse instanceof AuthenticatorAssertionResponse) {
            throw ValidationException::withMessages([
                'username' => 'Invalid response type',
            ]);
        }

        $res = Authenticator::where('credential_id', base64_encode($publicKeyCredential->rawId))->first();
        if (!$res) {
            throw ValidationException::withMessages([
                'username' => 'Invalid response type',
            ]);
        }

        /** @var PublicKeyCredentialSource $publicKeyCredentialSource */
        $publicKeyCredentialSource = $serializer->deserialize($res->public_key, PublicKeyCredentialSource::class, 'json');

        dd($publicKeyCredentialSource->userHandle, $publicKeyCredential->response->userHandle);
        // $publicKeyCredentialSource->userHandle - binary
        // $publicKeyCredential->response->userHandle - string

        $publicKeyCredentialSource = $responseValidator->check(
            $publicKeyCredentialSource,
            $authenticatorAssertionResponse,
            $publicKeyCredentialCreationOptions,
            $request->getHost(),
            $authenticatorAssertionResponse->userHandle,
        );
        // then exception 
        // Webauthn\Exception\InvalidUserHandleException: Invalid user handle in file /application/vendor/web-auth/webauthn-lib/src/Exception/InvalidUserHandleException.php on line 13
#0 /application/vendor/web-auth/webauthn-lib/src/CeremonyStep/CheckUserHandle.php(29): Webauthn\Exception\InvalidUserHandleException::create()
#1 /application/vendor/web-auth/webauthn-lib/src/CeremonyStep/CeremonyStepManager.php(31): Webauthn\CeremonyStep\CheckUserHandle->process(Object(Webauthn\PublicKeyCredentialSource), Object(Webauthn\AuthenticatorAssertionResponse), Object(Webauthn\PublicKeyCredentialRequestOptions), 'maykl', 'localhost')

How to reproduce

yes, it’s very easy to do according to the documentation and you’ll get this crap https://webauthn-doc.spomky-labs.com/v/v4.8/pure-php/authenticate-your-users

Possible Solution

No response

Additional Context

No response

dizard avatar Jul 02 '24 11:07 dizard