feat: support event dispatch from webauthn-lib (#506)

Author: asbiin

README.md

@@ -363,12 +363,14 @@ Then use this new custom rate limiter in your `webauthn.limiters.login` configur
 
 Events are dispatched by LaravelWebauthn:
 
+* `\Illuminate\Auth\Events\Failed` on a failed login check.
 * `\LaravelWebauthn\Events\WebauthnLogin` on login with Webauthn check.
 * `\LaravelWebauthn\Events\WebauthnLoginData` on preparing authentication data challenge.
-* `\Illuminate\Auth\Events\Failed` on a failed login check.
 * `\LaravelWebauthn\Events\WebauthnRegister` on registering a new key.
 * `\LaravelWebauthn\Events\WebauthnRegisterData` on preparing register data challenge.
 * `\LaravelWebauthn\Events\WebauthnRegisterFailed` on failing registering a new key.
+* `\LaravelWebauthn\Events\WebauthnAuthenticate` when a key has been authenticated.
+
 
 ## View response
 

config/webauthn.php

@@ -266,7 +266,7 @@
     | See https://www.w3.org/TR/webauthn/#enum-userVerificationRequirement
     |
     | Supported: "required", "preferred", "discouraged".
-    | Forced to "required" when userless is true.
+    | This should be set to "required" when userless is true.
     |
     */
 
@@ -283,7 +283,7 @@
     | See https://www.w3.org/TR/webauthn/#enum-residentKeyRequirement
     |
     | Supported: "null", "required", "preferred", "discouraged".
-    | Forced to "required" when userless is true.
+    | This should be set to "required" when userless is true.
     |
     */
 

src/Events/EventDispatcher.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace LaravelWebauthn\Events;
+
+use Illuminate\Contracts\Events\Dispatcher;
+use Psr\EventDispatcher\EventDispatcherInterface;
+
+final class EventDispatcher implements EventDispatcherInterface
+{
+    /**
+     * Create a new event dispatcher instance.
+     */
+    public function __construct(
+        private readonly Dispatcher $dispatcher,
+    ) {}
+
+    /**
+     * Dispatch the given event.
+     *
+     * @return object
+     */
+    #[\Override]
+    public function dispatch(object $event)
+    {
+        $this->dispatcher->dispatch($event);
+
+        return $event;
+    }
+}

src/Events/WebauthnAuthenticate.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace LaravelWebauthn\Events;
+
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+
+/**
+ * @psalm-suppress PossiblyUnusedProperty
+ */
+class WebauthnAuthenticate
+{
+    use Dispatchable, SerializesModels;
+
+    /**
+     * Create a new event instance.
+     *
+     * @param  \Illuminate\Database\Eloquent\Model  $webauthnKey  The WebauthnKey used to authenticate.
+     */
+    public function __construct(
+        public Model $webauthnKey,
+    ) {}
+}

src/Http/Controllers/ConfirmableKeyController.php

@@ -13,20 +13,11 @@
 
 class ConfirmableKeyController extends Controller
 {
-    /**
-     * The guard implementation.
-     *
-     * @var \Illuminate\Contracts\Auth\StatefulGuard
-     */
-    protected $guard;
-
     /**
      * Create a new controller instance.
      */
-    public function __construct(StatefulGuard $guard)
-    {
-        $this->guard = $guard;
-    }
+    public function __construct(
+        protected StatefulGuard $guard) {}
 
     /**
      * Confirm the user's key.

src/Models/WebauthnKey.php

@@ -39,7 +39,6 @@ class WebauthnKey extends Model
         'aaguid',
         'credentialPublicKey',
         'counter',
-        'timestamp',
     ];
 
     /**

src/Services/Webauthn/CredentialAssertionValidator.php

@@ -5,6 +5,7 @@
 use Illuminate\Contracts\Auth\Authenticatable as User;
 use Illuminate\Contracts\Cache\Repository as Cache;
 use Illuminate\Http\Request;
+use LaravelWebauthn\Events\WebauthnAuthenticate;
 use LaravelWebauthn\Exceptions\ResponseMismatchException;
 use LaravelWebauthn\Services\Webauthn;
 use ParagonIE\ConstantTime\Base64UrlSafe;
@@ -36,15 +37,19 @@ public function __invoke(?User $user, array $data): bool
         $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
         $publicKeyCredential = $this->loader->deserialize($content, PublicKeyCredential::class, 'json');
 
+        $webauthnKey = $this->getKey($user, $publicKeyCredential);
+
         // Check the response against the request
         $this->validator->check(
-            $this->getCredentialSource($user, $publicKeyCredential),
+            $webauthnKey->publicKeyCredentialSource,
             $this->getResponse($publicKeyCredential),
             $this->pullPublicKey($user),
             $this->request->host(),
             optional($user)->getAuthIdentifier()
         );
 
+        WebauthnAuthenticate::dispatch($webauthnKey);
+
         return true;
     }
 
@@ -87,7 +92,7 @@ protected function getResponse(PublicKeyCredential $publicKeyCredential): Authen
     /**
      * Get credential source from user and public key.
      */
-    protected function getCredentialSource(?User $user, PublicKeyCredential $publicKeyCredential)
+    protected function getKey(?User $user, PublicKeyCredential $publicKeyCredential)
     {
         $credentialId = $publicKeyCredential->rawId;
 
@@ -97,7 +102,6 @@ protected function getCredentialSource(?User $user, PublicKeyCredential $publicK
         )->where(
             fn ($query) => $user !== null ? $query->where('user_id', $user->getAuthIdentifier()) : $query
         )
-            ->firstOrFail()
-            ->publicKeyCredentialSource;
+            ->firstOrFail();
     }
 }

src/WebauthnAuthenticatable.php

@@ -3,7 +3,7 @@
 namespace LaravelWebauthn;
 
 use Illuminate\Database\Eloquent\Relations\HasMany;
-use LaravelWebauthn\Models\WebauthnKey;
+use LaravelWebauthn\Facades\Webauthn;
 
 /**
  * Trait to add Webauthn authenticatable to a user model.
@@ -17,6 +17,6 @@ trait WebauthnAuthenticatable
      */
     public function webauthnKeys(): HasMany
     {
-        return $this->hasMany(WebauthnKey::class);
+        return $this->hasMany(Webauthn::model());
     }
 }