feat: support event dispatch from webauthn-lib

Author: asbiin

config/webauthn.php

@@ -266,7 +266,7 @@
     | See https://www.w3.org/TR/webauthn/#enum-userVerificationRequirement
     |
     | Supported: "required", "preferred", "discouraged".
-    | Forced to "required" when userless is true.
+    | This should be set to "required" when userless is true.
     |
     */
 
@@ -283,7 +283,7 @@
     | See https://www.w3.org/TR/webauthn/#enum-residentKeyRequirement
     |
     | Supported: "null", "required", "preferred", "discouraged".
-    | Forced to "required" when userless is true.
+    | This should be set to "required" when userless is true.
     |
     */
 

src/Events/EventDispatcher.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace LaravelWebauthn\Events;
+
+use Illuminate\Contracts\Events\Dispatcher;
+use Psr\EventDispatcher\EventDispatcherInterface;
+
+final class EventDispatcher implements EventDispatcherInterface
+{
+    /**
+     * Create a new event dispatcher instance.
+     */
+    public function __construct(
+        private readonly Dispatcher $dispatcher,
+    ) {}
+
+    /**
+     * Dispatch the given event.
+     *
+     * @return object
+     */
+    public function dispatch(object $event)
+    {
+        $this->dispatcher->dispatch($event);
+
+        return $event;
+    }
+}

src/Events/WebauthnAuthenticate.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace LaravelWebauthn\Events;
+
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+/**
+ * @psalm-suppress PossiblyUnusedProperty
+ */
+class WebauthnAuthenticate
+{
+    use Dispatchable, SerializesModels;
+
+    /**
+     * Create a new event instance.
+     *
+     * @param  \Illuminate\Database\Eloquent\Model  $webauthnKey  The WebauthnKey used to authenticate.
+     */
+    public function __construct(
+        public Model $webauthnKey,
+    ) {}
+}

src/Models/WebauthnKey.php

@@ -39,7 +39,6 @@ class WebauthnKey extends Model
         'aaguid',
         'credentialPublicKey',
         'counter',
-        'timestamp',
     ];
 
     /**

src/Services/Webauthn/CredentialAssertionValidator.php

@@ -5,6 +5,7 @@
 use Illuminate\Contracts\Auth\Authenticatable as User;
 use Illuminate\Contracts\Cache\Repository as Cache;
 use Illuminate\Http\Request;
+use LaravelWebauthn\Events\WebauthnAuthenticate;
 use LaravelWebauthn\Exceptions\ResponseMismatchException;
 use LaravelWebauthn\Services\Webauthn;
 use ParagonIE\ConstantTime\Base64UrlSafe;
@@ -36,15 +37,19 @@ public function __invoke(?User $user, array $data): bool
         $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
         $publicKeyCredential = $this->loader->deserialize($content, PublicKeyCredential::class, 'json');
 
+        $webauthnKey = $this->getKey($user, $publicKeyCredential);
+
         // Check the response against the request
         $this->validator->check(
-            $this->getCredentialSource($user, $publicKeyCredential),
+            $webauthnKey->publicKeyCredentialSource,
             $this->getResponse($publicKeyCredential),
             $this->pullPublicKey($user),
             $this->request->host(),
             optional($user)->getAuthIdentifier()
         );
 
+        WebauthnAuthenticate::dispatch($webauthnKey);
+
         return true;
     }
 
@@ -87,7 +92,7 @@ protected function getResponse(PublicKeyCredential $publicKeyCredential): Authen
     /**
      * Get credential source from user and public key.
      */
-    protected function getCredentialSource(?User $user, PublicKeyCredential $publicKeyCredential)
+    protected function getKey(?User $user, PublicKeyCredential $publicKeyCredential)
     {
         $credentialId = $publicKeyCredential->rawId;
 
@@ -97,7 +102,6 @@ protected function getCredentialSource(?User $user, PublicKeyCredential $publicK
         )->where(
             fn ($query) => $user !== null ? $query->where('user_id', $user->getAuthIdentifier()) : $query
         )
-            ->firstOrFail()
-            ->publicKeyCredentialSource;
+            ->firstOrFail();
     }
 }

src/WebauthnAuthenticatable.php

@@ -3,7 +3,7 @@
 namespace LaravelWebauthn;
 
 use Illuminate\Database\Eloquent\Relations\HasMany;
-use LaravelWebauthn\Models\WebauthnKey;
+use LaravelWebauthn\Facades\Webauthn;
 
 /**
  * Trait to add Webauthn authenticatable to a user model.
@@ -17,6 +17,6 @@ trait WebauthnAuthenticatable
      */
     public function webauthnKeys(): HasMany
     {
-        return $this->hasMany(WebauthnKey::class);
+        return $this->hasMany(Webauthn::model());
     }
 }

src/WebauthnServiceProvider.php

@@ -24,6 +24,7 @@
 use LaravelWebauthn\Contracts\RegisterSuccessResponse as RegisterSuccessResponseContract;
 use LaravelWebauthn\Contracts\RegisterViewResponse as RegisterViewResponseContract;
 use LaravelWebauthn\Contracts\UpdateResponse as UpdateResponseContract;
+use LaravelWebauthn\Events\EventDispatcher;
 use LaravelWebauthn\Facades\Webauthn as WebauthnFacade;
 use LaravelWebauthn\Http\Responses\DestroyResponse;
 use LaravelWebauthn\Http\Responses\FailedKeyConfirmedResponse;
@@ -58,6 +59,8 @@
 use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
 use Webauthn\Counter\CounterChecker;
 use Webauthn\Counter\ThrowExceptionIfInvalid;
+use Webauthn\Event\CanDispatchEvents;
+use Webauthn\MetadataService\CanLogData;
 use Webauthn\PublicKeyCredentialRpEntity;
 
 /**
@@ -82,6 +85,8 @@ public function boot(): void
     #[\Override]
     public function register(): void
     {
+        $this->app->bind('webauthn.log', fn ($app) => $app['log']->channel(config('webauthn.log', config('logging.default'))));
+
         $this->app->singleton(WebauthnFacade::class, Webauthn::class);
 
         $this->registerResponseBindings();
@@ -93,7 +98,6 @@ public function register(): void
         );
 
         $this->app->bind(StatefulGuard::class, fn () => Auth::guard(config('webauthn.guard', null)));
-        $this->app->bind('webauthn.log', fn ($app) => $app['log']->channel(config('webauthn.log', config('logging.default'))));
     }
 
     /**
@@ -132,6 +136,10 @@ public function registerResponseBindings(): void
      */
     protected function bindWebAuthnPackage(): void
     {
+        $this->app->singleton(EventDispatcher::class);
+        $this->app->resolving(CanDispatchEvents::class, fn (CanDispatchEvents $object) => $object->setEventDispatcher($this->app[EventDispatcher::class]));
+        $this->app->resolving(CanLogData::class, fn (CanLogData $object) => $object->setLogger($this->app['webauthn.log']));
+
         $this->app->bind(
             PackedAttestationStatementSupport::class,
             fn ($app) => new PackedAttestationStatementSupport(
@@ -141,60 +149,69 @@ protected function bindWebAuthnPackage(): void
         $this->app->bind(
             AttestationStatementSupportManager::class,
             fn ($app) => tap(new AttestationStatementSupportManager, function ($manager) use ($app) {
-                // https://www.w3.org/TR/webauthn/#sctn-none-attestation
-                $manager->add($app[NoneAttestationStatementSupport::class]);
-
-                // https://www.w3.org/TR/webauthn/#sctn-fido-u2f-attestation
-                $manager->add($app[FidoU2FAttestationStatementSupport::class]);
-
-                // https://www.w3.org/TR/webauthn/#sctn-android-key-attestation
-                $manager->add($app[AndroidKeyAttestationStatementSupport::class]);
-
-                // https://www.w3.org/TR/webauthn/#sctn-tpm-attestation
-                $manager->add($app[TPMAttestationStatementSupport::class]);
-
-                // https://www.w3.org/TR/webauthn/#sctn-packed-attestation
-                $manager->add($app[PackedAttestationStatementSupport::class]);
-
-                // https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation
-                $manager->add($app[AppleAttestationStatementSupport::class]);
+                $supports = [
+                    // https://www.w3.org/TR/webauthn/#sctn-packed-attestation
+                    PackedAttestationStatementSupport::class,
+                    // https://www.w3.org/TR/webauthn/#sctn-tpm-attestation
+                    TPMAttestationStatementSupport::class,
+                    // https://www.w3.org/TR/webauthn/#sctn-android-key-attestation
+                    AndroidKeyAttestationStatementSupport::class,
+                    // https://www.w3.org/TR/webauthn/#sctn-fido-u2f-attestation
+                    FidoU2FAttestationStatementSupport::class,
+                    // https://www.w3.org/TR/webauthn/#sctn-none-attestation
+                    NoneAttestationStatementSupport::class,
+                    // https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation
+                    AppleAttestationStatementSupport::class,
+                ];
+                foreach ($supports as $support) {
+                    $manager->add($app[$support]);
+                }
             })
         );
         $this->app->bind(
             AttestationObjectLoader::class,
-            fn ($app) => tap(new AttestationObjectLoader(
-                $app[AttestationStatementSupportManager::class]
-            ), fn (AttestationObjectLoader $loader) => $loader->setLogger($app['webauthn.log'])
+            fn ($app) => new AttestationObjectLoader(
+                attestationStatementSupportManager: $app[AttestationStatementSupportManager::class]
             )
         );
-
         $this->app->bind(
-            CounterChecker::class,
-            fn ($app) => new ThrowExceptionIfInvalid($app['webauthn.log'])
+            SerializerInterface::class,
+            fn ($app) => (new \Webauthn\Denormalizer\WebauthnSerializerFactory($app[AttestationStatementSupportManager::class]))->create()
         );
 
         $this->app->bind(
-            AuthenticatorAttestationResponseValidator::class,
-            fn ($app) => tap(new AuthenticatorAttestationResponseValidator(
-                ceremonyStepManager: ($app[CeremonyStepManagerFactory::class])->creationCeremony(),
-            ), fn (AuthenticatorAttestationResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log'])
+            CounterChecker::class,
+            fn ($app) => new ThrowExceptionIfInvalid(
+                logger: $app['webauthn.log']
             )
         );
+
         $this->app->bind(
             CeremonyStepManagerFactory::class,
             fn ($app) => tap(new CeremonyStepManagerFactory, function (CeremonyStepManagerFactory $factory) use ($app) {
                 $factory->setExtensionOutputCheckerHandler($app[ExtensionOutputCheckerHandler::class]);
                 $factory->setAlgorithmManager($app[CoseAlgorithmManager::class]);
                 $factory->setCounterChecker($app[CounterChecker::class]);
+                $factory->setAttestationStatementSupportManager($app[AttestationStatementSupportManager::class]);
+                // $factory->setAllowedOrigins(
+                //     allowedOrigins: $app['config']->get('webauthn.allowed_origins'),
+                //     allowSubdomains: $app['config']->get('webauthn.allow_subdomains')
+                // );
             })
         );
+        $this->app->bind(
+            AuthenticatorAttestationResponseValidator::class,
+            fn ($app) => new AuthenticatorAttestationResponseValidator(
+                ceremonyStepManager: ($app[CeremonyStepManagerFactory::class])->creationCeremony(),
+            )
+        );
         $this->app->bind(
             AuthenticatorAssertionResponseValidator::class,
-            fn ($app) => tap((new AuthenticatorAssertionResponseValidator(
+            fn ($app) => (new AuthenticatorAssertionResponseValidator(
                 ceremonyStepManager: ($app[CeremonyStepManagerFactory::class])->requestCeremony()
-            )), fn (AuthenticatorAssertionResponseValidator $responseValidator) => $responseValidator->setLogger($app['webauthn.log'])
-            )
+            ))
         );
+
         $this->app->bind(
             AuthenticatorSelectionCriteria::class,
             fn ($app) => new AuthenticatorSelectionCriteria(
@@ -203,6 +220,7 @@ protected function bindWebAuthnPackage(): void
                 residentKey: $app['config']->get('webauthn.resident_key', 'preferred')
             )
         );
+
         $this->app->bind(
             PublicKeyCredentialRpEntity::class,
             fn ($app) => new PublicKeyCredentialRpEntity(
@@ -211,6 +229,7 @@ protected function bindWebAuthnPackage(): void
                 icon: $app['config']->get('webauthn.icon')
             )
         );
+
         $this->app->bind(
             CoseAlgorithmManager::class,
             fn ($app) => $app[CoseAlgorithmManagerFactory::class]
@@ -243,10 +262,6 @@ protected function bindWebAuthnPackage(): void
                 }
             })
         );
-        $this->app->bind(
-            SerializerInterface::class,
-            fn ($app) => (new \Webauthn\Denormalizer\WebauthnSerializerFactory($app[AttestationStatementSupportManager::class]))->create()
-        );
     }
 
     /**