Skip to content
This repository has been archived by the owner on Apr 19, 2022. It is now read-only.

Session Issue with Laravel 6.8 #33

Open
matalaweb opened this issue Dec 20, 2019 · 0 comments
Open

Session Issue with Laravel 6.8 #33

matalaweb opened this issue Dec 20, 2019 · 0 comments

Comments

@matalaweb
Copy link

There is an issue in Laravel 6.8 where a user attempts to authenticate with a key and, once successful, they are redirected to the page they requested, except the session data isn't set, so they the middleware redirects them to the U2f auth page over and over.

I modified the U2f.php file to add some extra logging:

public function doAuthenticate(User $user, $authData, $keyData)
    {

        Log::debug("Attempting U2F Auth...");

        Log::debug("Auth Data:");
        Log::debug($authData);

        $reg = $this->u2f->doAuthenticate(
            $authData,
            U2fKey::where('user_id', $user->getAuthIdentifier())->get()->all(),
            $keyData
        );

        $U2fKey = U2fKey::where([
            'user_id' => $user->getAuthIdentifier(),
            'publicKey' => $reg->publicKey
        ])->first();



        Log::debug("Auth ID:");
        Log::debug($user->getAuthIdentifier());

        Log::debug("Pub Key:");
        Log::debug($reg->publicKey);

        Log::debug("U2F Object:");
        Log::debug($U2fKey);



        if (is_null($U2fKey)) {
            Log::debug("U2f is null... Deny Access...");
            return false;
        }

        $U2fKey->counter = $reg->counter;
        $U2fKey->save();

        session([$this->config->get('u2f.sessionU2fName') => true]);

        return $U2fKey;
    }

with the resultant logs:

Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Attempting U2F Auth...   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Auth Data:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: array (
Dec 20 14:25:24 macpro.local php   0 => 
Dec 20 14:25:24 macpro.local php   u2flib_server\SignRequest::__set_state(array(
Dec 20 14:25:24 macpro.local php      'version' => 'U2F_V2',
Dec 20 14:25:24 macpro.local php      'challenge' => 'eTKTBH<TRUNCATED FOR SECURITY>',
Dec 20 14:25:24 macpro.local php      'keyHandle' => 'SLwzZF<TRUNCATED FOR SECURITY>',
Dec 20 14:25:24 macpro.local php      'appId' => 'https://cobalt.lab',
Dec 20 14:25:24 macpro.local php   )),
Dec 20 14:25:24 macpro.local php )   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Auth ID:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: 3   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: Pub Key:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG:    
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: U2F Object:   
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG:    
Dec 20 14:25:24 macpro.local php [2019-12-20 20:25:24] local.DEBUG: U2f is null... Deny Access...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matalaweb