search

lahaxearnaud / laravel-u2f

Laravel U2F support
MIT License
52 stars 22 forks source link

How to use this? #7

Closed simplenotezy closed 6 years ago

simplenotezy commented 7 years ago

I have now installed the library. How do I add my yubi key?

I assume I need to go to a route? Which? I have tried /u2f/auth and /u2f/register but both URLS redirect me to home.

lahaxearnaud commented 7 years ago

Yes in fact /u2f/register route need en u2f authentication to access. Perhaps it's not the best idea...

If you want to allow an user to register a yubi key you need:

  1. Create a new route in your application where the user is logged in (no u2f required)
  2. Register 2 new routes in your apps
            $router->get('/auth/u2f/whatever/register', [
                'uses' => 'U2fController@registerData',
                'as' => 'u2f.register.data',
               'middleware' => 'auth' // <- not u2f
            ]);
            $router->post('/auth/u2f/whatever/register', [
                'uses' => 'U2fController@register',
                'as' => 'u2f.register',
               'middleware' => 'auth' // <- not u2f
            ]);
simplenotezy commented 7 years ago

Correct method:

Route::get('/auth/u2f/register', [ 'uses' => '\Lahaxearnaud\U2f\Http\Controllers\U2fController@registerData', 'as' => 'u2f.register.data', 'middleware' => 'auth']); 
Route::post('/auth/u2f/register', [ 'uses' => '\Lahaxearnaud\U2f\Http\Controllers\U2fController@register', 'as' => 'u2f.register', 'middleware' => 'auth']);
simplenotezy commented 7 years ago

It does not seem to work though. When I add my key (by pressing the button) nothing happens). See video:

no keys added to database

bo0dah commented 6 years ago

Before plugging in (and confirming) go to your network tab, enable preserve log, enable all types and then clear the logs out of your way... now plugin and confirm your device.

Laravel is probably returning 419 because there is no CSRF token in your form that is being submitted.

multiwebinc commented 6 years ago

I had the same issue. The problem is that u2fController::register() catches the root \Exception and the app was throwing a QueryException. Instead, it should only catch the particular exceptions that it would expect and let any other exceptions continue. Like this:

public function register(Request $request)
    {
        try {
            $key = $this->u2f->doRegister(\Auth::user(), session('u2f.registerData'), json_decode($request->get('register')));
            \Event::fire('u2f.register', [ 'u2fKey' => $key, 'user' => \Auth::user() ]);
            session()->forget('u2f.registerData');

            if ($this->config->get('u2f.register.postSuccessRedirectRoute')) {
                return \Redirect::route($this->config->get('u2f.register.postSuccessRedirectRoute'));
            } else {
                return redirect('/');
            }
        } catch (\InvalidArgumentException $e) {
            return \Redirect::route('u2f.register.data');
        } catch (\u2flib_server\Error $e) {
            return \Redirect::route('u2f.register.data');
        }
    }