Joomla CMS  4.2.2
Documentation des API du CMS Joomla en version 4.2.2
Fonctions membres publiques | Fonctions membres privées | Attributs privés
Référence de la classe CredentialRepository
+ Graphe d'héritage de CredentialRepository:

Fonctions membres publiques

 __construct (int $userId=0)
 
 findOneByCredentialId (string $publicKeyCredentialId)
 
- Fonctions membres publiques hérités de PublicKeyCredentialSourceRepository
 findAllForUserEntity (PublicKeyCredentialUserEntity $publicKeyCredentialUserEntity)
 
 saveCredentialSource (PublicKeyCredentialSource $publicKeyCredentialSource)
 

Fonctions membres privées

 attestedCredentialToPublicKeyCredentialSource (AttestedCredentialData $record, int $userId)
 

Attributs privés

 $userId = 0
 

Description détaillée

Implementation of the credentials repository for the WebAuthn library.

Important assumption: interaction with Webauthn through the library is only performed for the currently logged in user. Therefore all Methods which take a credential ID work by checking the Joomla MFA records of the current user only. This is a necessity. The records are stored encrypted, therefore we cannot do a partial search in the table. We have to load the records, decrypt them and inspect them. We cannot do that for thousands of records but we CAN do that for the few records each user has under their account.

This behavior can be changed by passing a user ID in the constructor of the class.

Depuis
4.2.0

Documentation des constructeurs et destructeur

◆ __construct()

__construct ( int  $userId = 0)

CredentialRepository constructor.

Paramètres
int$userIdThe user ID this repository will be working with.
Exceptions

Références $user, $userId, class, Factory\getApplication(), et Factory\getContainer().

Documentation des fonctions membres

◆ attestedCredentialToPublicKeyCredentialSource()

attestedCredentialToPublicKeyCredentialSource ( AttestedCredentialData  $record,
int  $userId 
)
private

Converts a legacy AttestedCredentialData object stored in the database into a PublicKeyCredentialSource object.

This makes several assumptions which can be problematic and the reason why the WebAuthn library version 2 moved away from attested credentials to public key credential sources:

  • The credential is always of the public key type (that's safe as the only option supported)
  • You can access it with any kind of authenticator transport: USB, NFC, Internal or Bluetooth LE (possibly dangerous)
  • There is no attestations (generally safe since browsers don't seem to support attestation yet)
  • There is no trust path (generally safe since browsers don't seem to provide one)
  • No counter was stored (dangerous since it can lead to replay attacks).
Paramètres
AttestedCredentialData$recordLegacy attested credential data object
int$userIdUser ID we are getting the credential source for
Renvoie
PublicKeyCredentialSource
Depuis
4.2.0

Références $userId, PublicKeyCredentialDescriptor\AUTHENTICATOR_TRANSPORT_BLE, PublicKeyCredentialDescriptor\AUTHENTICATOR_TRANSPORT_INTERNAL, PublicKeyCredentialDescriptor\AUTHENTICATOR_TRANSPORT_NFC, PublicKeyCredentialDescriptor\AUTHENTICATOR_TRANSPORT_USB, PublicKeyCredentialDescriptor\CREDENTIAL_TYPE_PUBLIC_KEY, AttestedCredentialData\getAaguid(), AttestedCredentialData\getCredentialId(), AttestedCredentialData\getCredentialPublicKey(), et AttestationStatement\TYPE_NONE.

◆ findOneByCredentialId()

findOneByCredentialId ( string  $publicKeyCredentialId)

Finds a WebAuthn record given a credential ID

Paramètres
string$publicKeyCredentialIdThe public credential ID to look for
Renvoie
PublicKeyCredentialSource|null
Depuis
4.2.0

Returns a PublicKeyCredentialSource object given the public key credential ID

Paramètres
string$publicKeyCredentialIdThe identified of the public key credential we're searching for
Renvoie
PublicKeyCredentialSource|null
Depuis
4.0.0

Implémente PublicKeyCredentialSourceRepository.

Références null.

Documentation des champs

◆ $userId

$userId = 0
private
La documentation de cette classe a été générée à partir du fichier suivant :