Use new webauthn library for 2FA

2025-08-29 06:18:26 +02:00 · 2025-08-14 18:46:10 +02:00 · 2025-08-14 18:46:10 +02:00 · 0eee161630
commit 0eee161630
parent 7a1b9b8ce1
6 changed files with 158 additions and 172 deletions
--- a/src/Entity/UserSystem/WebauthnKey.php
+++ b/src/Entity/UserSystem/WebauthnKey.php
@ -100,16 +100,19 @@ class WebauthnKey extends BasePublicKeyCredentialSource implements TimeStampable
    public static function fromRegistration(BasePublicKeyCredentialSource $registration): self
    {
        return new self(
-            $registration->getPublicKeyCredentialId(),
-            $registration->getType(),
-            $registration->getTransports(),
-            $registration->getAttestationType(),
-            $registration->getTrustPath(),
-            $registration->getAaguid(),
-            $registration->getCredentialPublicKey(),
-            $registration->getUserHandle(),
-            $registration->getCounter(),
-            $registration->getOtherUI()
+            publicKeyCredentialId:  $registration->publicKeyCredentialId,
+            type:  $registration->type,
+            transports: $registration->transports,
+            attestationType:  $registration->attestationType,
+            trustPath:  $registration->trustPath,
+            aaguid:  $registration->aaguid,
+            credentialPublicKey:  $registration->credentialPublicKey,
+            userHandle:  $registration->userHandle,
+            counter:  $registration->counter,
+            otherUI:  $registration->otherUI,
+            backupEligible:  $registration->backupEligible,
+            backupStatus:  $registration->backupStatus,
+            uvInitialized:  $registration->uvInitialized,
        );
    }
 }
--- a/src/Security/TwoFactor/WebauthnKeyLastUseTwoFactorProvider.php
+++ b/src/Security/TwoFactor/WebauthnKeyLastUseTwoFactorProvider.php
@ -33,6 +33,7 @@ use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\TwoFactorProviderInterface
 use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\DependencyInjection\Attribute\AutowireDecorated;
+use Webauthn\PublicKeyCredential;

 /**
 * This class decorates the Webauthn TwoFactorProvider and adds additional logic which allows us to set a last used date
@ -88,10 +89,12 @@ class WebauthnKeyLastUseTwoFactorProvider implements TwoFactorProviderInterface

    private function getWebauthnKeyFromCode(string $authenticationCode): ?WebauthnKey
    {
-        $publicKeyCredentialLoader = $this->webauthnProvider->getPublicKeyCredentialLoader();
+        $serializer = $this->webauthnProvider->getWebauthnSerializer();

        //Try to load the public key credential from the code
-        $publicKeyCredential = $publicKeyCredentialLoader->load($authenticationCode);
+        $publicKeyCredential = $serializer->deserialize($authenticationCode, PublicKeyCredential::class, 'json', [
+            'json_decode_options' => JSON_THROW_ON_ERROR
+        ]);

        //Find the credential source for the given credential id
        $publicKeyCredentialSource = $this->publicKeyCredentialSourceRepository->findOneByCredentialId($publicKeyCredential->rawId);
@ -103,4 +106,4 @@ class WebauthnKeyLastUseTwoFactorProvider implements TwoFactorProviderInterface

        return $publicKeyCredentialSource;
    }
-}
+}