generated from Firehed/php-library-template
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add class for automatically-expiring challenges (#15)
This adds a utility class to make best practices around short-lived challenges easier to follow.
- Loading branch information
Showing
14 changed files
with
370 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Firehed\WebAuthn; | ||
|
||
interface ChallengeInterface | ||
{ | ||
/** | ||
* @api | ||
*/ | ||
public function getBase64(): string; | ||
|
||
/** | ||
* @internal | ||
*/ | ||
public function getBinary(): BinaryString; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Firehed\WebAuthn\Errors; | ||
|
||
use RuntimeException; | ||
|
||
class ExpiredChallengeError extends RuntimeException implements WebAuthnErrorInterface | ||
{ | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Firehed\WebAuthn; | ||
|
||
use DateTimeInterface; | ||
use DateInterval; | ||
use DateTimeImmutable; | ||
use InvalidArgumentException; | ||
|
||
/** | ||
* This class provides a straightforward way to have short-lived challenges | ||
* without manual management. If the challenge is used after expiration, it | ||
* will throw an exception preventing additional progress. | ||
* | ||
* @api | ||
* | ||
* @phpstan-type SerializationFormat array{ | ||
* c: string, | ||
* e: int, | ||
* } | ||
*/ | ||
class ExpiringChallenge implements ChallengeInterface | ||
{ | ||
private ChallengeInterface $wrapped; | ||
private DateTimeInterface $expiration; | ||
|
||
/** | ||
* @internal | ||
*/ | ||
public function __construct(DateInterval $duration) | ||
{ | ||
// TODO: If duration->invert && not in unit tests, throw? | ||
$this->wrapped = Challenge::random(); | ||
$this->expiration = (new DateTimeImmutable())->add($duration); | ||
} | ||
|
||
/** | ||
* @param positive-int $seconds | ||
* | ||
* @api | ||
*/ | ||
public static function withLifetime(int $seconds): ChallengeInterface | ||
{ | ||
if ($seconds <= 0) { // @phpstan-ignore-line Still need the runtime check here | ||
throw new InvalidArgumentException('Lifetime must be a postive integer'); | ||
} | ||
$duration = sprintf('PT%dS', $seconds); | ||
return new ExpiringChallenge(new DateInterval($duration)); | ||
} | ||
|
||
public function getBase64(): string | ||
{ | ||
if ($this->isExpired()) { | ||
throw new Errors\ExpiredChallengeError(); | ||
} | ||
return $this->wrapped->getBase64(); | ||
} | ||
|
||
public function getBinary(): BinaryString | ||
{ | ||
if ($this->isExpired()) { | ||
throw new Errors\ExpiredChallengeError(); | ||
} | ||
return $this->wrapped->getBinary(); | ||
} | ||
|
||
private function isExpired(): bool | ||
{ | ||
$diff = $this->expiration->diff(new DateTimeImmutable()); | ||
|
||
return $diff->invert === 0; | ||
} | ||
|
||
/** | ||
* @return SerializationFormat | ||
*/ | ||
public function __serialize(): array | ||
{ | ||
return [ | ||
'c' => $this->wrapped->getBase64(), | ||
'e' => $this->expiration->getTimestamp(), | ||
]; | ||
} | ||
|
||
/** | ||
* @param SerializationFormat $serialized | ||
*/ | ||
public function __unserialize(array $serialized): void | ||
{ | ||
$bin = base64_decode($serialized['c'], true); | ||
assert($bin !== false); | ||
$this->wrapped = new Challenge(new BinaryString($bin)); | ||
$this->expiration = new DateTimeImmutable('@' . $serialized['e']); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.