search

davidearl / webauthn

An implementation of webauthn in PHP on the server side (e.g Yubico 2 and Google Titan keys)
https://webauthn.davidearl.uk
MIT License
129 stars 24 forks source link

Couldn't initiate registration: SyntaxError: Unexpected token < in JSON at position 1 #7

Closed remivern closed 5 years ago

remivern commented 5 years ago

Hello,

Thanks for this very good job! I'am trying to understand the code but when I try to implement it on my server I have the following message: Couldn't initiate registration: SyntaxError: Unexpected token < in JSON at position 1 The /.users is created with 777chmod. No json file is present in the /.users directory

URL: http://35.190.191.90/webauthn/example/index.php

Thanks for you time and your help... Rémi

davidearl commented 5 years ago

It looks like if the users directory is empty and you try to "log in" before registering, the example code gets this error. I'll fix this shortly by producing a more meaningful error message, but you would normally want to register before trying to "log in" - if there are no registrations, attempts to log in will inevitably fail.

remivern commented 5 years ago

Thanks for your quick answer!

I have already tried using User Registration before. Sadly, the error message is couldn't initiate registration: SyntaxError: Unexpected token < in JSON at position 1

When i try to log in before regristering i have: couldn't initiate login: SyntaxError: Unexpected token < in JSON at position 1

I feel like I can not register :-(

davidearl commented 5 years ago

Ok, I’ll look further at this this afternoon

On Tue, 12 Mar 2019 at 12:39, remivern notifications@github.com wrote:

Thanks for your quick answer!

I have already tried using User Registration before. Sadly, the error message is couldn't initiate registration: SyntaxError: Unexpected token < in JSON at position 1

When i try to log in before regristering i have: couldn't initiate login: SyntaxError: Unexpected token < in JSON at position 1

I feel like I can not register :-(

— You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub https://github.com/davidearl/webauthn/issues/7#issuecomment-471983132, or mute the thread https://github.com/notifications/unsubscribe-auth/ABAIGyBkAoge4LCKyYQfFpDsrAjtcJt7ks5vV5_0gaJpZM4bqls8 .

davidearl commented 5 years ago

Sorry, I didn't look closely enough at the error previously. So the problem is index.php is not in your document root, so when the Ajax callback happens it returns the default Apache server page rather than the JSON.

The example assumes this is on a dedicated (virtual) host so you should be able to find index.php in http://35.190.191.90/ along with the whole webauthn directory as checked out from github, and CBOREncode as checked out from github. Rather than copy webauthn/example/index.php up two levels, I suggest you link to it if your Apache setup allows links, or if not put an index.php in the top level which includes the one in example.

If http://35.190.191.90/ can't be dedicated to webauthn, you'll need to change the includes at the top of example, to be where you put the files, as $_SERVER['DOCUMENT_ROOT'] assumes it is at the top level.

So if, for example, you put it in "mywebauthn" and your document root is /var/www, then you'd have

   /var/www/mywebauthn
      index.php [link to index.php below]
      webauthn
             src
                   ...
             example
                    index.php
      CBOREncode
        ...

and change the four includes in index.php to add the mywebauthn directory after $_SERVER['DOCUMENT_ROOT'].'

I have checked that an install from scratch still works, and it does. I also just checked in a change to index.php to be clearer about where .users is if it can't be created, though this is not your initial problem.

davidearl commented 5 years ago

By the way, I know this is just as an example, but it is really rather pointless if you don't use https (you can get free certificates from LetsEncrypt), and you have left Indexes on on your Apache setup so all the files are readable externally including the .users directory. .users would ideally be elsewhere anyway. You certainly don't want a live version to do this!

remivern commented 5 years ago

Hello! Sorry, I really forgot to answer you. It's work fine !!! I really enjoyed your help !!!

Rémi

geraldkrug commented 5 years ago

I got the webauthn result written into each fingerprint images exif copyright tag... CopyrightNotice Copyright /a-finger/img/6865f27ef75723939f37d9da83cc6c55 The GDK Group

davidearl commented 5 years ago

Sorry @geraldkrug, I have no idea what you mean, and I don't see what it has to do with this issue. Please can you elucidate, in a new issue if that's what it is.

davidearl commented 5 years ago

Thank you @remivern . Closing this now.