public extension points (#12)

Author: benbjurstrom

README.md

@@ -179,7 +179,7 @@ use Webauthn\AuthenticatorSelectionCriteria;
 
 class CustomRegistrationOptions extends GenerateRegistrationOptions
 {
-    protected function authenticatorSelection(): AuthenticatorSelectionCriteria
+    public function authenticatorSelection(): AuthenticatorSelectionCriteria
     {
         // Only allow platform authenticators (Touch ID, Face ID, Windows Hello)
         return AuthenticatorSelectionCriteria::create(

src/Actions/GenerateRegistrationOptions.php

@@ -71,7 +71,7 @@ protected function userEntity(PasskeyUser $user): PublicKeyCredentialUserEntity
      *
      * @see https://www.w3.org/TR/webauthn-3/#dictdef-authenticatorselectioncriteria
      */
-    protected function authenticatorSelection(): AuthenticatorSelectionCriteria
+    public function authenticatorSelection(): AuthenticatorSelectionCriteria
     {
         // Allow any authenticator: built-in (Touch ID, Windows Hello) or external (YubiKey).
         $crossPlatform = AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE;
@@ -95,7 +95,7 @@ protected function authenticatorSelection(): AuthenticatorSelectionCriteria
      *
      * @return array<PublicKeyCredentialDescriptor>
      */
-    protected function excludedCredentials(PasskeyUser $user): array
+    public function excludedCredentials(PasskeyUser $user): array
     {
         $type = PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY;
 
@@ -112,7 +112,7 @@ protected function excludedCredentials(PasskeyUser $user): array
      *
      * @return array<PublicKeyCredentialParameters>
      */
-    protected function supportedAlgorithms(): array
+    public function supportedAlgorithms(): array
     {
         $type = PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY;
 

src/Actions/GenerateVerificationOptions.php

@@ -36,7 +36,7 @@ public function __invoke(?PasskeyUser $user = null): PublicKeyCredentialRequestO
      *
      * @return array<PublicKeyCredentialDescriptor>
      */
-    protected function allowCredentials(?PasskeyUser $user): array
+    public function allowCredentials(?PasskeyUser $user): array
     {
         if (! $user instanceof PasskeyUser) {
             return [];

src/Actions/StorePasskey.php

@@ -95,7 +95,7 @@ protected function ensureCredentialIsUnique(PublicKeyCredentialSource $source):
     /**
      * Create the passkey record for the user.
      */
-    protected function createPasskey(
+    public function createPasskey(
         PasskeyUser $user,
         string $name,
         PublicKeyCredentialSource $source

src/Actions/VerifyPasskey.php

@@ -61,7 +61,7 @@ protected function getResponse(PublicKeyCredential $credential): AuthenticatorAs
      *
      * @throws InvalidPasskeyException
      */
-    protected function getPasskey(PublicKeyCredential $credential): Passkey
+    public function getPasskey(PublicKeyCredential $credential): Passkey
     {
         $credentialId = Base64UrlSafe::encodeUnpadded($credential->rawId);
 
@@ -74,7 +74,7 @@ protected function getPasskey(PublicKeyCredential $credential): Passkey
      *
      * @throws InvalidPasskeyException
      */
-    protected function ensurePasskeyBelongsToUser(Passkey $passkey, ?PasskeyUser $user): void
+    public function ensurePasskeyBelongsToUser(Passkey $passkey, ?PasskeyUser $user): void
     {
         if (! $user instanceof PasskeyUser) {
             return;
@@ -115,7 +115,7 @@ protected function validate(
      * The credential must be persisted after each use to store the updated
      * signature counter, which is used to detect cloned authenticators.
      */
-    protected function updatePasskey(Passkey $passkey, PublicKeyCredentialSource $source): void
+    public function updatePasskey(Passkey $passkey, PublicKeyCredentialSource $source): void
     {
         $passkey->forceFill([
             'credential' => json_decode(WebAuthn::toJson($source), true, flags: JSON_THROW_ON_ERROR),

tests/Feature/Actions/GenerateRegistrationOptionsTest.php

@@ -2,6 +2,7 @@
 
 use Laravel\Passkeys\Actions\GenerateRegistrationOptions;
 use Laravel\Passkeys\Tests\User;
+use Webauthn\AuthenticatorSelectionCriteria;
 use Webauthn\PublicKeyCredentialCreationOptions;
 
 it('generates registration options with user data', function (): void {
@@ -33,3 +34,27 @@
 
     expect($options->excludeCredentials)->toHaveCount(1);
 });
+
+it('allows overriding authenticator selection with a custom action binding', function (): void {
+    $user = User::create([
+        'name' => 'John Doe',
+        'email' => 'john@example.com',
+    ]);
+
+    app()->bind(GenerateRegistrationOptions::class, fn () => new class extends GenerateRegistrationOptions
+    {
+        public function authenticatorSelection(): AuthenticatorSelectionCriteria
+        {
+            return AuthenticatorSelectionCriteria::create(
+                authenticatorAttachment: AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_PLATFORM,
+                userVerification: AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED,
+                residentKey: AuthenticatorSelectionCriteria::RESIDENT_KEY_REQUIREMENT_REQUIRED,
+            );
+        }
+    });
+
+    $options = app(GenerateRegistrationOptions::class)($user);
+
+    expect($options->authenticatorSelection->authenticatorAttachment)
+        ->toBe(AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_PLATFORM);
+});