feat: improve userless connection mode (#488)

asbiin · web-flow · commit a079006bf861 · 2024-07-21T22:53:04.000+02:00
diff --git a/src/Events/WebauthnLoginData.php b/src/Events/WebauthnLoginData.php
@@ -18,7 +18,7 @@ class WebauthnLoginData
      * @param  PublicKeyCredentialRequestOptions  $publicKey  The authentication data.
      */
     public function __construct(
-        public User $user,
+        public ?User $user,
         public PublicKeyCredentialRequestOptions $publicKey
     ) {}
 }
diff --git a/src/Services/Webauthn.php b/src/Services/Webauthn.php
@@ -102,7 +102,7 @@ public static function forgetAuthenticate(): void
     /**
      * Get publicKey data to prepare Webauthn login.
      */
-    public static function prepareAssertion(User $user): PublicKeyCredentialRequestOptions
+    public static function prepareAssertion(?User $user): PublicKeyCredentialRequestOptions
     {
         return tap(app(RequestOptionsFactory::class)($user), function ($publicKey) use ($user) {
             WebauthnLoginData::dispatch($user, $publicKey);
diff --git a/src/Services/Webauthn/CredentialAssertionValidator.php b/src/Services/Webauthn/CredentialAssertionValidator.php
@@ -30,7 +30,7 @@ public function __construct(
      *
      * @throws ResponseMismatchException
      */
-    public function __invoke(User $user, array $data): bool
+    public function __invoke(?User $user, array $data): bool
     {
         // Load the data
         $content = json_encode($data, flags: JSON_THROW_ON_ERROR);
@@ -51,11 +51,15 @@ public function __invoke(User $user, array $data): bool
     /**
      * Get public Key credential.
      */
-    protected function pullPublicKey(User $user): PublicKeyCredentialRequestOptions
+    protected function pullPublicKey(?User $user): PublicKeyCredentialRequestOptions
     {
         try {
             $value = $this->cache->pull($this->cacheKey($user));
 
+            if ($value === null && in_array(config('webauthn.userless'), ['required', 'preferred'], true)) {
+                $value = $this->cache->pull($this->cacheKey(null));
+            }
+
             return $this->loader->deserialize($value, PublicKeyCredentialRequestOptions::class, 'json');
         } catch (\Exception $e) {
             app('webauthn.log')->debug('Webauthn publickKey deserialize error', ['exception' => $e]);
@@ -79,14 +83,16 @@ protected function getResponse(PublicKeyCredential $publicKeyCredential): Authen
     /**
      * Get credential source from user and public key.
      */
-    protected function getCredentialSource(User $user, PublicKeyCredential $publicKeyCredential)
+    protected function getCredentialSource(?User $user, PublicKeyCredential $publicKeyCredential)
     {
         $credentialId = $publicKeyCredential->rawId;
 
-        return (Webauthn::model())::where('user_id', $user->getAuthIdentifier())
-            ->where(fn ($query) => $query->where('credentialId', Base64UrlSafe::encode($credentialId))
+        return (Webauthn::model())::where(
+            fn ($query) => $query->where('credentialId', Base64UrlSafe::encode($credentialId))
                 ->orWhere('credentialId', Base64UrlSafe::encodeUnpadded($credentialId))
-            )
+        )->where(
+            fn ($query) => $user !== null ? $query->where('user_id', $user->getAuthIdentifier()) : $query
+        )
             ->firstOrFail()
             ->publicKeyCredentialSource;
     }
diff --git a/src/Services/Webauthn/CredentialValidator.php b/src/Services/Webauthn/CredentialValidator.php
@@ -21,13 +21,13 @@ public function __construct(
     /**
      * Returns the cache key to remember the challenge for the user.
      */
-    protected function cacheKey(User $user): string
+    protected function cacheKey(?User $user): string
     {
         return implode(
             '|',
             [
                 self::CACHE_PUBLICKEY_REQUEST,
-                get_class($user).':'.$user->getAuthIdentifier(),
+                $user !== null ? get_class($user).':'.$user->getAuthIdentifier() : '',
                 hash('sha512', $this->request->host().'|'.$this->request->ip()),
             ]
         );
diff --git a/src/Services/Webauthn/RequestOptionsFactory.php b/src/Services/Webauthn/RequestOptionsFactory.php
@@ -31,7 +31,7 @@ public function __construct(
     /**
      * Create a new PublicKeyCredentialCreationOptions object.
      */
-    public function __invoke(User $user): PublicKeyCredentialRequestOptions
+    public function __invoke(?User $user): PublicKeyCredentialRequestOptions
     {
         $publicKey = new PublicKeyCredentialRequestOptions(
             $this->getChallenge(),
@@ -63,9 +63,9 @@ private static function getUserVerification(Config $config): ?string
      *
      * @return array<array-key,PublicKeyCredentialDescriptor>
      */
-    private function getAllowedCredentials(User $user): array
+    private function getAllowedCredentials(?User $user): array
     {
-        return CredentialRepository::getRegisteredKeys($user);
+        return $user !== null ? CredentialRepository::getRegisteredKeys($user) : [];
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ class WebauthnLoginData`
`18`	`18`	`* @param PublicKeyCredentialRequestOptions $publicKey The authentication data.`
`19`	`19`	`*/`
`20`	`20`	`public function __construct(`
`21`		`- public User $user,`
	`21`	`+ public ?User $user,`
`22`	`22`	`public PublicKeyCredentialRequestOptions $publicKey`
`23`	`23`	`) {}`
`24`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ public static function forgetAuthenticate(): void`
`102`	`102`	`/**`
`103`	`103`	`* Get publicKey data to prepare Webauthn login.`
`104`	`104`	`*/`
`105`		`- public static function prepareAssertion(User $user): PublicKeyCredentialRequestOptions`
	`105`	`+ public static function prepareAssertion(?User $user): PublicKeyCredentialRequestOptions`
`106`	`106`	`{`
`107`	`107`	`return tap(app(RequestOptionsFactory::class)($user), function ($publicKey) use ($user) {`
`108`	`108`	`WebauthnLoginData::dispatch($user, $publicKey);`
Original file line number	Diff line number	Diff line change
`@@ -21,13 +21,13 @@ public function __construct(`
`21`	`21`	`/**`
`22`	`22`	`* Returns the cache key to remember the challenge for the user.`
`23`	`23`	`*/`
`24`		`- protected function cacheKey(User $user): string`
	`24`	`+ protected function cacheKey(?User $user): string`
`25`	`25`	`{`
`26`	`26`	`return implode(`
`27`	`27`	`'\|',`
`28`	`28`	`[`
`29`	`29`	`self::CACHE_PUBLICKEY_REQUEST,`
`30`		`- get_class($user).':'.$user->getAuthIdentifier(),`
	`30`	`+ $user !== null ? get_class($user).':'.$user->getAuthIdentifier() : '',`
`31`	`31`	`hash('sha512', $this->request->host().'\|'.$this->request->ip()),`
`32`	`32`	`]`
`33`	`33`	`);`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function __construct(`
`31`	`31`	`/**`
`32`	`32`	`* Create a new PublicKeyCredentialCreationOptions object.`
`33`	`33`	`*/`
`34`		`- public function __invoke(User $user): PublicKeyCredentialRequestOptions`
	`34`	`+ public function __invoke(?User $user): PublicKeyCredentialRequestOptions`
`35`	`35`	`{`
`36`	`36`	`$publicKey = new PublicKeyCredentialRequestOptions(`
`37`	`37`	`$this->getChallenge(),`
`@@ -63,9 +63,9 @@ private static function getUserVerification(Config $config): ?string`
`63`	`63`	`*`
`64`	`64`	`* @return array<array-key,PublicKeyCredentialDescriptor>`
`65`	`65`	`*/`
`66`		`- private function getAllowedCredentials(User $user): array`
	`66`	`+ private function getAllowedCredentials(?User $user): array`
`67`	`67`	`{`
`68`		`- return CredentialRepository::getRegisteredKeys($user);`
	`68`	`+ return $user !== null ? CredentialRepository::getRegisteredKeys($user) : [];`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`/**`