lahaxearnaud / laravel-u2f Goto Github PK

View Code? Open in Web Editor NEW

52.0 5.0 22.0 137 KB

Laravel U2F support

License: MIT License

PHP 38.66% JavaScript 49.63% Blade 11.71%

laravel-u2f u2f-key php laravel laravel-5-package security laravel-6-package

laravel-u2f's Introduction

laravel-u2f

This PSR4 package provide u2f protocol integration in laravel 6 framework.

Requirements

A top level domain
HTTPS
PHP >= 7.2 (If you want to use this package with php 5 you need to use the version v1.1.0)

Install

Via Composer

$ composer require lahaxearnaud/laravel-u2f

Laravel 5.5+ uses Package Auto-Discovery, so doesn't require you to manually add the ServiceProvider.

Configs

$ php artisan vendor:publish --provider="Lahaxearnaud\U2f\U2fServiceProvider" --tag=u2f-config

Assets

$ php artisan vendor:publish --provider="Lahaxearnaud\U2f\U2fServiceProvider" --tag=u2f-components

Views

$ php artisan vendor:publish --provider="Lahaxearnaud\U2f\U2fServiceProvider" --tag=u2f-views

Note that default views use Laravel's default Bootstrap 4. If you don't use it, you have to update the views.

Migrations

$ php artisan vendor:publish --provider="Lahaxearnaud\U2f\U2fServiceProvider" --tag=u2f-migrations
$ php artisan migrate

Middleware

In the app/Http/Kernel.php file

 protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    // ...
    'u2f' => \Lahaxearnaud\U2f\Http\Middleware\U2f::class,
    ];

Usage

A example project is available to help you with the configuration / usage.

Middleware

In the route.php file add the u2f middleware on your routes or groups:

Route::get('admin/profile', ['middleware' => ['auth', 'u2f'], function () {
    //
}]);

In controller:

/**
 * Create a new controller instance.
 *
 * @return void
 */
public function __construct()
{
    $this->middleware(['auth', 'u2f']);
}

Configuration

Events

Name: u2f.authentication

Payload: [ 'u2fKey' => $key, 'user' => Auth::user() ]

Description: An user authenticate himself with a valid u2f key
Name: u2f.register

Payload [ 'u2fKey' => $key, 'user' => Auth::user() ]

Description: An user register a new u2f key

Changelog

Please see CHANGELOG for more information what has changed recently.

Security

If you discover any security related issues, please email lahaxe[dot]arnaud[at]gmail[dot]com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

After coding

What better way to relax, after spending hours coding, than a good cocktail on the terrace?

laravel-u2f's People

Contributors

Stargazers

Watchers

Forkers

certly simplenotezy annejan asbiin multiwebinc brucewu16899 am-chris idevjoe laravel-matrix lipetuga summercms martinmulder rpbaguio thomasjosif vrajroham zorcik cloudnepal

laravel-u2f's Issues

Package with problems in yubico authentication

Hi,

Thank you for the package.

I have a problem with the package.
The key registration works well, but when i try login again the key dont work.
Im using laravel 6.2.
I have searched a solution for the problem and i think the problem it's related with the last version of Yubico/php-u2flib-server. When i changed to the version 1.0.1 your package works well.

Sorry the bad english.

Class 'Form' not found

Error Class 'Form' not found is shown.

Library should include Form by default. Running

composer require "laravelcollective/html":"^5.5.0"

Solved the problem

Unable to install the package on Laravel 5.8

Hi,

I'm trying to install this package on a up-to-date Laravel but composer (1.8.4) complains about Laravel 5.8 dependancy :

$ composer require lahaxearnaud/laravel-u2f
Using version ^1.4 for lahaxearnaud/laravel-u2f
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for lahaxearnaud/laravel-u2f ^1.4 -> satisfiable by lahaxearnaud/laravel-u2f[1.4.0].
    - Conclusion: remove laravel/laravel dev-master
    - lahaxearnaud/laravel-u2f 1.4.0 requires laravel/laravel ^5.8 -> satisfiable by laravel/laravel[v5.8.0, v5.8.3].
    - Can only install one of: laravel/laravel[v5.8.0, dev-master].
    - Can only install one of: laravel/laravel[v5.8.3, dev-master].
    - Installation request for laravel/laravel dev-master -> satisfiable by laravel/laravel[dev-master].


Installation failed, reverting ./composer.json to its original content.

My composer file is not exotic... :

{
    "name": "laravel/laravel",
    "description": "The Laravel Framework.",
    "keywords": ["framework", "laravel"],
    "license": "MIT",
    "type": "project",
    "require": {
        "php": "^7.1.3",
        "doctrine/dbal": "^2.8",
        "facebook/php-ads-sdk": "^3.1",
        "fideloper/proxy": "^4.0",
        "laravel/framework": "5.8.*",
        "laravel/passport": "^7.0",
        "laravel/socialite": "^4.0",
        "laravel/tinker": "^1.0"
    },
    "require-dev": {
        "beyondcode/laravel-dump-server": "^1.0",
        "filp/whoops": "^2.0",
        "fzaninotto/faker": "^1.4",
        "mockery/mockery": "^1.0",
        "nunomaduro/collision": "^2.0",
        "phpunit/phpunit": "^7.0"
    },
    "autoload": {
        "classmap": [
            "database/seeds",
            "database/factories"
        ],
        "psr-4": {
            "App\\": "app/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "Tests\\": "tests/"
        }
    },
    "extra": {
        "laravel": {
            "dont-discover": [
            ]
        }
    },
    "scripts": {
        "post-root-package-install": [
            "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
        ],
        "post-create-project-cmd": [
            "@php artisan key:generate"
        ],
        "post-autoload-dump": [
            "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
            "@php artisan package:discover"
        ]
    },
    "config": {
        "preferred-install": "dist",
        "sort-packages": true,
        "optimize-autoloader": true
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}

Do you have an idea of what happens here ?
Thanks ;-)

"The visited URL doesn’t match the App ID or your are tot using HTTPS"

I am getting the error: The visited URL doesn’t match the App ID or your are tot using HTTPS when visiting u2f/auth

Cannot install on laravel 8

Is there a way of this package being updated to work with laravel 8?

I am currently getting this error when trying to install with composer:

- lahaxearnaud/laravel-u2f[1.6.0, ..., 1.6.2] require laravel/framework ^6.0 -> found laravel/framework[v6.0.0, ..., 6.x-dev] but it conflicts with your root composer.json require (^8.12).

"A non-numeric value encountered" when running vendor publish

I just tried installing this library on a fresh laravel 5.5 installation.

When running $ php artisan vendor:publish --provider="Lahaxeanaud\U2f\U2fServiceProvider" --tag=config I get the following error: [ErrorException] A non-numeric value encountered

Call to undefined method Illuminate\Session\Store::set()

I am getting the following error:

Symfony \ Component \ Debug \ Exception \ FatalThrowableError (E_ERROR)
Call to undefined method Illuminate\Session\Store::set()

Call to undefined method Illuminate\Session\Store::first() in the login page

I am using Laravel 5.7. In the login page, when i hit login without any value in the form, i see this error.

I also see this when i provide some data in it too. It used to work well I dont know what's causing it.

Session Issue with Laravel 6.8

There is an issue in Laravel 6.8 where a user attempts to authenticate with a key and, once successful, they are redirected to the page they requested, except the session data isn't set, so they the middleware redirects them to the U2f auth page over and over.

I modified the U2f.php file to add some extra logging:

public function doAuthenticate(User $user, $authData, $keyData)
    {

        Log::debug("Attempting U2F Auth...");

        Log::debug("Auth Data:");
        Log::debug($authData);

        $reg = $this->u2f->doAuthenticate(
            $authData,
            U2fKey::where('user_id', $user->getAuthIdentifier())->get()->all(),
            $keyData
        );

        $U2fKey = U2fKey::where([
            'user_id' => $user->getAuthIdentifier(),
            'publicKey' => $reg->publicKey
        ])->first();



        Log::debug("Auth ID:");
        Log::debug($user->getAuthIdentifier());

        Log::debug("Pub Key:");
        Log::debug($reg->publicKey);

        Log::debug("U2F Object:");
        Log::debug($U2fKey);



        if (is_null($U2fKey)) {
            Log::debug("U2f is null... Deny Access...");
            return false;
        }

        $U2fKey->counter = $reg->counter;
        $U2fKey->save();

        session([$this->config->get('u2f.sessionU2fName') => true]);

        return $U2fKey;
    }

with the resultant logs:

Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Attempting U2F Auth...   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Auth Data:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: array (
Dec 20 14:25:24 macpro.local php   0 => 
Dec 20 14:25:24 macpro.local php   u2flib_server\SignRequest::__set_state(array(
Dec 20 14:25:24 macpro.local php      'version' => 'U2F_V2',
Dec 20 14:25:24 macpro.local php      'challenge' => 'eTKTBH<TRUNCATED FOR SECURITY>',
Dec 20 14:25:24 macpro.local php      'keyHandle' => 'SLwzZF<TRUNCATED FOR SECURITY>',
Dec 20 14:25:24 macpro.local php      'appId' => 'https://cobalt.lab',
Dec 20 14:25:24 macpro.local php   )),
Dec 20 14:25:24 macpro.local php )   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Auth ID:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: 3   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Pub Key:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG:    
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: U2F Object:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG:    
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: U2f is null... Deny Access...

u2f middleware on /register route

U2F Middleware on register route should not be there, see:

in which file can i edit this code

Replacing

 \Session::set('u2f.registerData', $req);

WIth

session(['u2f.registerData' => $req]);

Works

Originally posted by @simplenotezy in #8 (comment)

Unathenticated Access prior to registration

I have found that the u2f protection is skipped, if the device is not registered.

If I create a new user with a password and then log them into Laravel without first registering the u2f device, the route /admin/profile can be accessed without the u2f device. However, once the device is registered, /admin/profile is properly protected and u2f authentication is required.

Shouldn't a request to a u2f protected route redirect to the registration page if the user/device is not registered?

Thank you.

Laravel 5.4 social login Error

(1/1) FatalThrowableErrorCall to undefined method Illuminate\Session\Store::set()

in AbstractProvider.php (line 143)
at AbstractProvider->redirect()

When We search about it we can find that

link :https://stackoverflow.com/questions/42126827/a-session-error-after-updating-to-laravel-5-4
I solve it, for more information read this: https://laravel.com/docs/5.4/upgrade

All calls to the ->set() method should be changed to ->put(). Typically, Laravel applications would never call the set method since it has never been documented within the Laravel documentation. However, it is included here out of caution.

pls help in solving it with a permenant solution

How to use this?

I have now installed the library. How do I add my yubi key?

I assume I need to go to a route? Which? I have tried /u2f/auth and /u2f/register but both URLS redirect me to home.

lahaxearnaud / laravel-u2f Goto Github PK

laravel-u2f's Introduction

laravel-u2f

Requirements

Install

Configs

Assets

Views

Migrations

Middleware

Usage

Middleware

Configuration

Events

Changelog

Security

Credits

License

After coding

laravel-u2f's People

Contributors

Stargazers

Watchers

Forkers

laravel-u2f's Issues

(1/1) FatalThrowableErrorCall to undefined method Illuminate\Session\Store::set()

Recommend Projects

Recommend Topics

Recommend Org