-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow WebAuthn on localhost as well #27537
Conversation
MorrisJobke
commented
Jun 17, 2021
- browsers typically whiteliste this as well - https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
- for developing purposes see https://developer.chrome.com/docs/devtools/webauthn/
Additionally I needed to comment the assertions in the 3rdparty module, but then I could use it to locally test login with the Chrome fake device: diff --git a/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php b/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php
index 8400ba9c..49279cc7 100644
--- a/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php
+++ b/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php
@@ -152,7 +152,7 @@ class AuthenticatorAssertionResponseValidator
Assertion::isArray($parsedRelyingPartyId, 'Invalid origin');
if (!in_array($facetId, $securedRelyingPartyId, true)) {
$scheme = $parsedRelyingPartyId['scheme'] ?? '';
- Assertion::eq('https', $scheme, 'Invalid scheme. HTTPS required.');
+ #Assertion::eq('https', $scheme, 'Invalid scheme. HTTPS required.');
}
$clientDataRpId = $parsedRelyingPartyId['host'] ?? '';
Assertion::notEmpty($clientDataRpId, 'Invalid origin rpId.');
diff --git a/web-auth/webauthn-lib/src/AuthenticatorAttestationResponseValidator.php b/web-auth/webauthn-lib/src/AuthenticatorAttestationResponseValidator.php
index f3e5a15d..3927bf23 100644
--- a/web-auth/webauthn-lib/src/AuthenticatorAttestationResponseValidator.php
+++ b/web-auth/webauthn-lib/src/AuthenticatorAttestationResponseValidator.php
@@ -150,7 +150,7 @@ class AuthenticatorAttestationResponseValidator
if (!in_array($facetId, $securedRelyingPartyId, true)) {
$scheme = $parsedRelyingPartyId['scheme'] ?? '';
- Assertion::eq('https', $scheme, 'Invalid scheme. HTTPS required.');
+ #Assertion::eq('https', $scheme, 'Invalid scheme. HTTPS required.');
}
/* @see 7.1.6 */ |
90e9cd8
to
2e93664
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer two props isHttps
and isLocalhost
to make the code more explicit
@artonge Do you mind to adjust it, because it then needs to pass this down all the layers? |
a2db46e
to
e6806ac
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made the changes but did not test. But the changes are only for testing purposes (right ?), so 🙈, lets go !
Yes - only for testing. I will give it a try. |
e6806ac
to
7f11c6b
Compare
There were some properties missing in some intermediate views. And also some handovers of properties to nested views. I added them. And it works here now 👍 |
Arf, sorry, went too fast... |
b9fcff3
to
2e13e1a
Compare
2e13e1a
to
42d20b8
Compare
* browsers typically whiteliste this as well - https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API * for developing purposes see https://developer.chrome.com/docs/devtools/webauthn/ Signed-off-by: Morris Jobke <hey@morrisjobke.de> Signed-off-by: Louis Chemineau <louis@chmn.me>
42d20b8
to
86080e6
Compare
CI is happy 🎉 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good :)