greg/webauthn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes relaying_party typo

Browse Source
This commit is contained in:
Bubka
2022-10-22 19:21:50 +02:00
parent 7f628f9a79
commit b98d07c277
9 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Attestation/Validator/Pipes/CheckRelyingPartyHashSame.php
View File

@@ -35,6 +35,6 @@ class CheckRelyingPartyHashSame extends BaseCheckRelyingPartyHashSame
*/
protected function relyingPartyId(AssertionValidation|AttestationValidation $validation): string
{
return $this->config->get('webauthn.relaying_party.id') ?? $this->config->get('app.url');
return $this->config->get('webauthn.relying_party.id') ?? $this->config->get('app.url');
}
}

2
src/Attestation/Validator/Pipes/MakeWebAuthnCredential.php
View File

@@ -41,7 +41,7 @@ class MakeWebAuthnCredential
'alias' => $validation->request->json('response.alias'),
'counter' => $validation->attestationObject->authenticatorData->counter,
'rp_id' => $this->config->get('webauthn.relaying_party.id') ?? $this->config->get('app.url'),
'rp_id' => $this->config->get('webauthn.relying_party.id') ?? $this->config->get('app.url'),
'origin' => $validation->clientDataJson->origin,
'transports' => $validation->request->json('response.transports'),
'aaguid' => Uuid::fromBytes($validation->attestationObject->authenticatorData->attestedCredentialData->aaguid),

6
src/SharedPipes/CheckRelyingPartyHashSame.php
View File

@@ -39,11 +39,11 @@ abstract class CheckRelyingPartyHashSame
public function handle(AttestationValidation|AssertionValidation $validation, Closure $next): mixed
{
// This way we can get the app RP ID on attestation, and the Credential RP ID
// on assertion. The credential will have the same Relaying Party ID on both
// on assertion. The credential will have the same Relying Party ID on both
// the authenticator and the application so on assertion both should match.
$relayingParty = parse_url($this->relyingPartyId($validation), PHP_URL_HOST);
$relyingParty = parse_url($this->relyingPartyId($validation), PHP_URL_HOST);
if ($this->authenticatorData($validation)->hasNotSameRPIdHash($relayingParty)) {
if ($this->authenticatorData($validation)->hasNotSameRPIdHash($relyingParty)) {
static::throw($validation, 'Response has different Relying Party ID hash.');
}

6
src/SharedPipes/CheckRelyingPartyIdContained.php
View File

@@ -40,11 +40,11 @@ abstract class CheckRelyingPartyIdContained
public function handle(AttestationValidation|AssertionValidation $validation, Closure $next): mixed
{
if (!$host = parse_url($validation->clientDataJson->origin, PHP_URL_HOST)) {
static::throw($validation, 'Relaying Party ID is invalid.');
static::throw($validation, 'Relying Party ID is invalid.');
}
$current = parse_url(
$this->config->get('webauthn.relaying_party.id') ?? $this->config->get('app.url'), PHP_URL_HOST
$this->config->get('webauthn.relying_party.id') ?? $this->config->get('app.url'), PHP_URL_HOST
);
// Check the host is the same or is a subdomain of the current config domain.
@@ -52,6 +52,6 @@ abstract class CheckRelyingPartyIdContained
return $next($validation);
}
static::throw($validation, 'Relaying Party ID not scoped to current.');
static::throw($validation, 'Relying Party ID not scoped to current.');
}
}