generated from Firehed/php-library-template
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve support for more complex challenge management (#75)
Splits the retrieval and management of challenges. From a good vibes perspective, this a) aligns the main interface name with the functionality it's intended to provide, and b) improves the interface segregation (hi, SOLID). In terms of practical needs, this helps solve the (fairly rare) need of challenges that are managed as part of a broader external system. This could be a data model, microservice, or whatever. By splitting the interfaces and only requiring that the newer `ChallengeLoaderInterface` make it to the verification processes, this becomes both easier and more testable.
- Loading branch information
Showing
15 changed files
with
140 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Firehed\WebAuthn; | ||
|
||
/** | ||
* In most cases, you will want to interact with ChallengeManagerInterface, | ||
* which extends this. That will let you generate challenges, manage (store) | ||
* them, and subsequently verify them if they're found in storage. This is | ||
* intended as the primary data flow, and is the recommended path. | ||
* | ||
* In rare circumstances, you may need to verify externally-managed challenges. | ||
* If so, the loading component may opt to only implement this interface. Doing | ||
* so is NOT RECOMMENDED at this time. | ||
* | ||
* @api (with the above caveats) | ||
*/ | ||
interface ChallengeLoaderInterface | ||
{ | ||
/** | ||
* Consumes the challenge associated with the ClientDataJSON value from the | ||
* underlying storage mechanism, and returns that challenge if found. | ||
* | ||
* Implementations MUST ensure that subsequent calls to this method with | ||
* the same value return `null`, regardless of whether the initial call | ||
* returned a value or null. Failure to do so will compromise the security | ||
* of the webauthn protocol. | ||
* | ||
* Implementations MUST NOT use the ClientDataJSON value to construct | ||
* a challenge. They MUST return a previously-stored value if one is found, | ||
* and MAY use $base64Url to search the storage mechanism. | ||
* | ||
* @internal | ||
*/ | ||
public function useFromClientDataJSON(string $base64Url): ?ChallengeInterface; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Firehed\WebAuthn; | ||
|
||
/** | ||
* Trait for adding PHPUnit test cases to both packaged and custom | ||
* ChallengeLoaderInterface implementations. | ||
* | ||
* @api | ||
*/ | ||
trait ChallengeLoaderTestTrait | ||
{ | ||
public function testChallengeCannotBeRetrievedTwice(): void | ||
{ | ||
$c = Challenge::random(); | ||
$cl = $this->getChallengeLoaderManagingChallenge($c); | ||
|
||
$result = $cl->useFromClientDataJSON($c->getBase64Url()); | ||
$result2 = $cl->useFromClientDataJSON($c->getBase64Url()); | ||
|
||
self::assertNotNull($result); | ||
self::assertSame($c->getBase64Url(), $result->getBase64Url()); | ||
self::assertNull($result2); | ||
} | ||
|
||
public function testManagerDoesNotReturnUnmanagedChallenge(): void | ||
{ | ||
$c = Challenge::random(); | ||
$cl = $this->getChallengeLoaderManagingChallenge($c); | ||
|
||
$c2 = Challenge::random(); | ||
assert($c->getBase64Url() !== $c2->getBase64Url()); | ||
self::assertNull($cl->useFromClientDataJSON($c2->getBase64Url())); | ||
} | ||
|
||
abstract protected function getChallengeLoaderManagingChallenge( | ||
ChallengeInterface $challenge, | ||
): ChallengeLoaderInterface; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters