search

yrccondor / wp-webauthn

🔒 WP-WebAuthn allows you to safely login to your WordPress site without password.
https://wordpress.org/plugins/wp-webauthn
GNU General Public License v3.0
127 stars 15 forks source link

Unable to register yubi keys #31

Open ChrisPrior86 opened 2 years ago

ChrisPrior86 commented 2 years ago

I have ensured gmp and mbstring are enabled on my wordpress hosting site but cannot register yubi keys (including yubi 4) Is there a restriction on which version of key can be used? The general information suggests that webauthn should work with any of the u2f keys The only config item with mbstring that may be an issue that I can see is HTTP input encoding translation is Disabled Does that need to be changed? Client is gentoo linux, browser google chrome 99.0 4844.51

Thanks Chris

yrccondor commented 2 years ago

There is a logging option in the plug-in's settings page. Could you pls provide logs for the failed registration?

ChrisPrior86 commented 2 years ago

Here is the log entry

[2022-03-18 11:56:49][cc880a] PHP Version => 7.4.28, WordPress Version => 5.9.2, WP-WebAuthn Version => 1.2.6 [2022-03-18 11:56:49][cc880a] Current config: first_choice => "true", website_name => "All Saints\\' Church Breadsall", website_domain => "www.breadsallchurch.org.uk", remember_me => "false", user_verification => "false", allow_authenticator_type => "none", usernameless_login => "false" [2022-03-18 11:56:49][cc880a] Logger initialized [2022-03-18 11:56:49][cc880a] website_name: "All Saints\\' Church Breadsall"->"All Saints\\\\' Church Breadsall" [2022-03-18 11:56:49][cc880a] user_verification: "false"->"true" [2022-03-18 11:57:16][051801] ajax_create: Start [2022-03-18 11:57:16][051801] ajax_create: name => "yubi 1", type => "none", usernameless => "false" [2022-03-18 11:57:16][051801] ajax_create: user => "chris" [2022-03-18 11:57:16][051801] ajax_create: excludeCredentials => [] [2022-03-18 11:57:16][051801] ajax_create: user_verification => "true" [2022-03-18 11:57:16][051801] ajax_create: Challenge sent [2022-03-18 11:57:57][24e14e] ajax_create: Start [2022-03-18 11:57:57][24e14e] ajax_create: name => "yubi 4", type => "none", usernameless => "false" [2022-03-18 11:57:57][24e14e] ajax_create: user => "chris" [2022-03-18 11:57:57][24e14e] ajax_create: excludeCredentials => [] [2022-03-18 11:57:57][24e14e] ajax_create: user_verification => "true" [2022-03-18 11:57:57][24e14e] ajax_create: Challenge sent [2022-03-18 12:24:43][c27585] ajax_auth: Start [2022-03-18 12:24:43][c27585] ajax_auth: type => "auth", user => "chris1" [2022-03-18 12:24:43][c27585] ajax_auth: User not initialized, initialize [2022-03-18 12:24:43][c27585] ajax_auth: allowedCredentials => [] [2022-03-18 12:24:43][c27585] ajax_auth: user_verification => "true" [2022-03-18 12:24:43][c27585] ajax_auth: Challenge sent [2022-03-18 13:03:48][00be7f] website_name: "All Saints\\\\' Church Breadsall"->"All Saints Church Breadsall" [2022-03-18 13:03:48][00be7f] website_domain: "www.breadsallchurch.org.uk"->"breadsallchurch.org.uk" [2022-03-18 13:04:11][4ae878] ajax_create: Start [2022-03-18 13:04:11][4ae878] ajax_create: name => "yubi 1", type => "none", usernameless => "false" [2022-03-18 13:04:11][4ae878] ajax_create: user => "chris" [2022-03-18 13:04:11][4ae878] ajax_create: excludeCredentials => [] [2022-03-18 13:04:11][4ae878] ajax_create: user_verification => "true" [2022-03-18 13:04:11][4ae878] ajax_create: Challenge sent

ChrisPrior86 commented 2 years ago

The browser provides a message that I may require a newer or different type of key I have tried several different fido u2f keys from 4 different manufacturers

yrccondor commented 2 years ago

Seems like you have user verification enabled. U2F doesn't support user verification however and the procedure failed on the browser side.

ChrisPrior86 commented 2 years ago

Changing that makes no difference. Seems that sodium is required. Never heard of that.

[2022-03-18 19:36:53][423770] ajax_create: Start [2022-03-18 19:36:53][423770] ajax_create: name => "Yubi", type => "none", usernameless => "false" [2022-03-18 19:36:53][423770] ajax_create: user => "chris" [2022-03-18 19:36:53][423770] ajax_create: excludeCredentials => [] [2022-03-18 19:36:53][423770] ajax_create: user_verification => "true" [2022-03-18 19:36:53][423770] ajax_create: Challenge sent [2022-03-18 19:37:54][1c27e4] ajax_create: Start [2022-03-18 19:37:54][1c27e4] ajax_create: name => "Yubi", type => "none", usernameless => "false" [2022-03-18 19:37:54][1c27e4] ajax_create: user => "chris" [2022-03-18 19:37:54][1c27e4] ajax_create: excludeCredentials => [] [2022-03-18 19:37:54][1c27e4] ajax_create: user_verification => "true" [2022-03-18 19:37:54][1c27e4] ajax_create: Challenge sent [2022-03-18 22:05:27][0d6e07] user_verification: "true"->"false" [2022-03-18 22:05:53][e99606] ajax_create: Start [2022-03-18 22:05:53][e99606] ajax_create: name => "yubi", type => "none", usernameless => "false" [2022-03-18 22:05:53][e99606] ajax_create: user => "chris" [2022-03-18 22:05:53][e99606] ajax_create: excludeCredentials => [] [2022-03-18 22:05:53][e99606] ajax_create: user_verification => "false" [2022-03-18 22:05:53][e99606] ajax_create: Challenge sent [2022-03-18 22:05:58][46269d] ajax_create_response: Client response received [2022-03-18 22:05:58][46269d] ajax_create_response: name => "yubi", type => "none", usernameless => "false" [2022-03-18 22:05:58][46269d] ajax_create_response: data => {"id":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ","type":"public-key","rawId":"5PFlQoJAQkpt9tBtoSH3jcWu4b2F7tfvLSIsirqp12rN0dcGD5LGiAcTEQpa9leOnMYTFioxBoqPlNwc0hFwYQ==","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiNTlQV1FTUjhkN1FOZlNxSFV5TWZ4clB2emw0RFZQc3lSX3F5WjR6S2xmayIsIm9yaWdpbiI6Imh0dHBzOi8vd3d3LmJyZWFkc2FsbGNodXJjaC5vcmcudWsiLCJjcm9zc09yaWdpbiI6ZmFsc2V9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEIzhm+TPpHQCUHMFs7oxwe2j7cKCrJscX4VHFQY+R0BZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOTxZUKCQEJKbfbQbaEh943FruG9he7X7y0iLIq6qddqzdHXBg+SxogHExEKWvZXjpzGExYqMQaKj5TcHNIRcGGlAQIDJiABIVggAAuoRwb5bhhxLpKN0IgIoAfkwbOZeGS6ZLuj0zDOXCsiWCCUOHwUOEgfVtRRQINB7mNFc6qJJSgZfCTH7C8CltsuqQ=="}} [2022-03-18 22:05:58][46269d] ajax_create_response: Credential ID unique check passed [2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)The extension "sodium" is not available. Please install it to use this method [2022-03-18 22:05:58][46269d] Traceback: 1) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-admin/admin-ajax.php(187): do_action('wp_ajax_wwa_cre...') 2) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/plugin.php(474): WP_Hook->do_action(Array) 3) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array) 4) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-includes/class-wp-hook.php(307): wwa_ajax_create_response('') 5) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/wwa-ajax.php(476): Webauthn\Server->loadAndCheckAttestationResponse('{"id":"5PFlQoJA...', Object(Webauthn\PublicKeyCredentialCreationOptions), Object(Nyholm\Psr7\ServerRequest)) 6) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(250): Webauthn\Server->getAttestationStatementSupportManager() 7) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/Server.php(336): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->__construct() 8) /var/www/vip9/sites/vip6704728/httpd/htdocs/wordpress/wp-content/plugins/wp-webauthn/vendor/web-auth/webauthn-lib/src/AttestationStatement/AndroidSafetyNetAttestationStatementSupport.php(97): Webauthn\AttestationStatement\AndroidSafetyNetAttestationStatementSupport->initJwsVerifier() [2022-03-18 22:05:58][46269d] ajax_create_response: (ERROR)Challenge not verified, exit

yrccondor commented 2 years ago

sodium is a built-in PHP extension for encryption since PHP 7.2. Please check your php.ini (extension=sodium) or contact your sever manager.

we'll add a warning in the settings page if sodium is not installed since next version.

Trapulo commented 2 years ago

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

yrccondor commented 2 years ago

What is sodium?

It's a built-in PHP extension but not enabled by default on some PHP instance. You need to check whether you have enabled it.

(ERROR)Out of range. Expected: 45963, read: 126.

Have never seen this error before. I'll try to figure it out.

Sorry for the late response.

My1 commented 9 months ago

I have same problem. PHP 8.0, Yubikey

What is sodium? :) This one? https://www.php.net/manual/en/sodium.installation.php that seems embedded in PHP?

[2022-03-23 18:02:44][3375b5] ajax_create_response: Credential ID unique check passed [2022-03-23 18:02:44][3375b5] ajax_create_response: (ERROR)Out of range. Expected: 45963, read: 126.

what model of yubikey do you have, also are either Require user verification or Allow to login without username active?