Merge pull request #39 from Laragear/fix/key-length

[1.x] Fixes id length limitation #38

.github/workflows/php.yml

@@ -52,11 +52,16 @@ jobs:
         php-version:
           - "8.0"
           - "8.1"
+          - "8.2"
         laravel-constrain:
           - "9.*"
+          - "10.*"
         dependencies:
           - "lowest"
           - "highest"
+        exclude:
+          - laravel-constrain: "10.*"
+            php-version: "8.0"
     steps:
       - name: "Set up PHP"
         uses: "shivammathur/setup-php@v2"
@@ -77,7 +82,7 @@ jobs:
         run: "composer run-script test"
 
       - name: "Upload coverage to Codecov"
-        uses: "codecov/codecov-action@v2"
+        uses: "codecov/codecov-action@v3"
 
   static_analysis:
     name: "3️⃣ Static Analysis"
@@ -91,6 +96,7 @@ jobs:
         with:
           tools: "phpstan"
           php-version: "latest"
+          coverage: "none"
 
       - name: "Checkout code"
         uses: "actions/checkout@v3"

.gitignore

@@ -4,5 +4,6 @@
 /.vscode
 .php-cs-fixer.cache
 .phpunit.result.cache
+.phpunit.cache
 composer.lock
 phpunit.xml.bak

README.md

@@ -258,6 +258,8 @@ const webAuthn = new WebAuthn({}, {
 
 Attestation is the _ceremony_ to create WebAuthn Credentials. To create an Attestable Response that the user device can understand, use the `AttestationRequest::toCreate()` form request.
 
+For example, we can create our own `AttestationController` to create it.
+
 ```php
 // app\Http\Controllers\WebAuthn\AttestationController.php
 use Laragear\WebAuthn\Http\Requests\AttestationRequest;
@@ -354,6 +356,8 @@ The Assertion procedure also follows a two-step procedure: the user will input i
 
 First, use the `AssertionRequest::toVerify()` form request. It will automatically create an assertion for the user that matches the credentials, or a blank one in case you're using [userless login](#userlessone-touchtypeless-login). Otherwise, you may set stricter validation rules to always ask for credentials.
 
+For example, we can use our own `AssertionController` to handle it.
+
 ```php
 // app\Http\Controllers\WebAuthn\AssertionController.php
 use Laragear\WebAuthn\Http\Requests\AssertionRequest;
@@ -573,10 +577,17 @@ return [
 The _Relying Party_ is just a way to uniquely identify your application in the user device:
 
 * `name`: The name of the application. Defaults to the application name.
-* `id`: An unique ID the application, like the site domain. If `null`, the device may fill it internally, usually as the full domain.
+* `id`: An unique ID the application, like the site URL. If `null`, the device _may_ fill it internally, usually as the full domain.
 
 > WebAuthn authentication only work on the top domain it was registered. 
 
+Instead of modifying the config file, you should use the environment variables to set the name and ID for WebAuthn.
+
+```dotenv
+WEBAUTHN_NAME=SecureBank
+WEBAUTHN_ID=https://auth.securebank.com
+```
+
 ### Challenge configuration
 
 ```php

composer.json

@@ -24,7 +24,7 @@
             "name": "Italo Israel Baeza Cabrera",
             "email": "DarkGhostHunter@Gmail.com",
             "role": "Developer",
-            "homepage": "https://patreon.com/packagesforlaravel"
+            "homepage": "https://github.com/sponsors/DarkGhostHunter"
         }
     ],
     "support": {
@@ -32,22 +32,20 @@
         "issues": "https://github.com/Laragear/TwoFactor/issues"
     },
     "require": {
-        "php": ">=8.0.2",
+        "php": "8.*",
         "ext-openssl": "*",
         "ext-json": "*",
-        "illuminate/auth": "9.*",
+        "illuminate/auth": "9.*|10.*",
-        "illuminate/http": "9.*",
+        "illuminate/http": "9.*|10.*",
-        "illuminate/session": "9.*",
+        "illuminate/session": "9.*|10.*",
-        "illuminate/support": "9.*",
+        "illuminate/support": "9.*|10.*",
-        "illuminate/config": "9.*",
+        "illuminate/config": "9.*|10.*",
-        "illuminate/database": "9.*",
+        "illuminate/database": "9.*|10.*",
-        "illuminate/encryption": "9.*"
+        "illuminate/encryption": "9.*|10.*"
     },
     "require-dev": {
-        "orchestra/testbench": "7.*",
+        "orchestra/testbench": "^7.22|8.*",
-        "phpunit/phpunit": "^9.5",
+        "jetbrains/phpstorm-attributes": "*"
-        "mockery/mockery": "^1.5",
-        "jetbrains/phpstorm-attributes": "^1.0"
     },
     "autoload": {
         "psr-4": {
@@ -76,16 +74,8 @@
     },
     "funding": [
         {
-            "type": "Patreon",
+            "type": "Github Sponsorship",
-            "url": "https://patreon.com/PackagesForLaravel"
+            "url": "https://github.com/sponsors/DarkGhostHunter"
-        },
-        {
-            "type": "Ko-Fi",
-            "url": "https://ko-fi.com/DarkGhostHunter"
-        },
-        {
-            "type": "Buy me a cofee",
-            "url": "https://www.buymeacoffee.com/darkghosthunter"
         },
         {
             "type": "Paypal",

database/migrations/2022_07_01_000000_create_webauthn_credentials.php

@@ -43,7 +43,7 @@ return new class extends Migration {
      */
     protected static function defaultBlueprint(Blueprint $table): void
     {
-        $table->string('id')->primary();
+        $table->string('id', 510)->primary();
 
         $table->morphs('authenticatable', 'webauthn_user_index');
 

phpunit.xml

@@ -1,11 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/autoload.php" backupGlobals="false"
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/autoload.php" colors="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.0/phpunit.xsd" cacheDirectory=".phpunit.cache">
-         backupStaticAttributes="false" colors="true" verbose="true" convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true" convertWarningsToExceptions="true" processIsolation="false"
-         stopOnFailure="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.5/phpunit.xsd">
   <coverage>
     <include>
       <directory suffix=".php">src/</directory>
+      <directory suffix=".php">stubs/controllers</directory>
     </include>
     <report>
       <clover outputFile="build/logs/clover.xml"/>
@@ -14,14 +12,10 @@
   <testsuites>
     <testsuite name="Test Suite">
       <directory>tests</directory>
-            <file>stubs/controllers/WebAuthnLoginController.php</file>
-            <file>stubs/controllers/WebAuthnRegisterController.php</file>
     </testsuite>
   </testsuites>
-    <logging>
-        <junit outputFile="build/report.junit.xml"/>
-    </logging>
   <php>
+    <includePath>stubs/controllers</includePath>
     <env name="APP_ENV" value="testing"/>
     <env name="APP_DEBUG" value="true"/>
     <env name="APP_KEY" value="AckfSECXIvnK5r28GVIWUAxmbBSjTsmF"/>

resources/js/webauthn.js

@@ -156,7 +156,9 @@ class WebAuthn {
      * @returns {Promise<Response>}
      */
     #fetch(data, route, headers = {}) {
-        return fetch(route, {
+        const url = new URL(route, window.location.origin).href;
+        
+        return fetch(url, {
             method: "POST",
             credentials: this.#includeCredentials ? "include" : "same-origin",
             redirect: "error",
@@ -313,6 +315,7 @@ class WebAuthn {
         const publicKeyCredential = this.#parseOutgoingCredentials(credentials);
 
         Object.assign(publicKeyCredential, response);
+        Object.assign(publicKeyCredential, request);
 
         return await this.#fetch(publicKeyCredential, this.#routes.register).then(WebAuthn.#handleResponse);
     }

tests/FakeAuthenticator.php

@@ -6,8 +6,8 @@ use JetBrains\PhpStorm\ArrayShape;
 
 class FakeAuthenticator
 {
-    public const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
+    public const CREDENTIAL_ID = 'owBYu_waGLhAOCg4EFzi6Lr55x51G2dR5yhJi8q2C3tgZQQL2aEi-nK3I54J6ILj70pJzR_6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd-ShQZ95eHoc8SA_-8vzCyfmy-wI_K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A';
-    public const CREDENTIAL_ID_RAW = '+VOLFKPY+/FuMI/sJ7gMllK76L3VoRUINj6lL/Z3qDg=';
+    public const CREDENTIAL_ID_RAW = 'owBYu/waGLhAOCg4EFzi6Lr55x51G2dR5yhJi8q2C3tgZQQL2aEi+nK3I54J6ILj70pJzR/6QxvA5XER17d7NA9EFe2QH3VoJYQGpO8G5yDoFQvsdkxNhioyMyhyQHNrAgTMGyfigIMCfhjk9te7LNYl9K5GbWRc4TGeQl1vROjBtTNm3GdpEOqp9RijWd+ShQZ95eHoc8SA/+8vzCyfmy+wI/K4ZqlQNNl85Fzg2GIBcC2zvcJhLYy1A2kw6JoBTAmz1ZCCgkTKWhzUvAJQpMpu40M67FqE0WkGZfSJ9A=';
 
     public const ATTESTATION_USER = [
         'id' => 'e8af6f703f8042aa91c30cf72289aa07',

tests/ServiceProviderTest.php

@@ -3,6 +3,7 @@
 namespace Tests;
 
 use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\File;
 use Illuminate\Support\Fluent;
 use Illuminate\Support\ServiceProvider;
@@ -28,19 +29,25 @@ class ServiceProviderTest extends TestCase
         );
     }
 
+    /**
+     * @define-env usesCustomTestTime
+     */
     public function test_publishes_migrations(): void
     {
-        $format = now()->format('Y_m_d_His');
-
         static::assertSame(
             [
                 realpath(WebAuthnServiceProvider::MIGRATIONS . '/2022_07_01_000000_create_webauthn_credentials.php') =>
-                    $this->app->databasePath("migrations/{$format}_create_webauthn_credentials.php"),
+                    $this->app->databasePath("migrations/2020_01_01_163025_create_webauthn_credentials.php"),
             ],
             ServiceProvider::pathsToPublish(WebAuthnServiceProvider::class, 'migrations')
         );
     }
 
+    protected function usesCustomTestTime()
+    {
+        $this->travelTo(Carbon::create(2020, 01, 01, 16, 30, 25));
+    }
+
     public function test_bounds_user(): void
     {
         static::assertNull($this->app->make(WebAuthnAuthenticatable::class));