[ Index ]

PHP Cross Reference of Joomla 4.2.2 documentation

title

Body

[close]

/plugins/multifactorauth/webauthn/src/ -> CredentialRepository.php (summary)

[Source view] [Print] [Project Stats]

(no description)

Copyright: (C) 2022 Open Source Matters, Inc.
License: GNU General Public License version 2 or later; see LICENSE.txt
File Size: 257 lines (10 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

CredentialRepository:: (5 methods):
  __construct()
  findOneByCredentialId()
  findAllForUserEntity()
  attestedCredentialToPublicKeyCredentialSource()
  saveCredentialSource()


Class: CredentialRepository  - X-Ref

Implementation of the credentials repository for the WebAuthn library.

Important assumption: interaction with Webauthn through the library is only performed for the currently logged in
user. Therefore all Methods which take a credential ID work by checking the Joomla MFA records of the current
user only. This is a necessity. The records are stored encrypted, therefore we cannot do a partial search in the
table. We have to load the records, decrypt them and inspect them. We cannot do that for thousands of records but
we CAN do that for the few records each user has under their account.

This behavior can be changed by passing a user ID in the constructor of the class.

__construct(int $userId = 0)   X-Ref
CredentialRepository constructor.

param: int  $userId  The user ID this repository will be working with.

findOneByCredentialId(string $publicKeyCredentialId)   X-Ref
Finds a WebAuthn record given a credential ID

param: string  $publicKeyCredentialId  The public credential ID to look for
return: PublicKeyCredentialSource|null

findAllForUserEntity(PublicKeyCredentialUserEntity $publicKeyCredentialUserEntity)   X-Ref
Find all WebAuthn entries given a user entity

param: PublicKeyCredentialUserEntity  $publicKeyCredentialUserEntity The user entity to search by
return: array|PublicKeyCredentialSource[]

attestedCredentialToPublicKeyCredentialSource(AttestedCredentialData $record, int $userId)   X-Ref
Converts a legacy AttestedCredentialData object stored in the database into a PublicKeyCredentialSource object.

This makes several assumptions which can be problematic and the reason why the WebAuthn library version 2 moved
away from attested credentials to public key credential sources:

- The credential is always of the public key type (that's safe as the only option supported)
- You can access it with any kind of authenticator transport: USB, NFC, Internal or Bluetooth LE (possibly
dangerous)
- There is no attestations (generally safe since browsers don't seem to support attestation yet)
- There is no trust path (generally safe since browsers don't seem to provide one)
- No counter was stored (dangerous since it can lead to replay attacks).

param: AttestedCredentialData  $record  Legacy attested credential data object
param: int                     $userId  User ID we are getting the credential source for
return: PublicKeyCredentialSource

saveCredentialSource(PublicKeyCredentialSource $publicKeyCredentialSource)   X-Ref
Save a WebAuthn record

param: PublicKeyCredentialSource  $publicKeyCredentialSource  The record to save
return: void


Generated: Wed Sep 7 05:41:13 2022 Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer