Permit any ChallengeProviderInterface in new registration flow (#35)

Firehed · Oct 27, 2021 · bbe2e40 · bbe2e40
1 parent 990be79
commit bbe2e40
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - ChallengeProviderInterface (will replace ChallengeProvider)
 - Server::generateChallenge(): ChallengeProviderInterface (now public; signature changed from previous private implementation)
 - Server::validateLogin(ChallengeProviderInterface, LoginResponseInterface, RegistrationInterface[]): RegistrationInterface (will replace Server::setRegistrations + Server::setSignRequests + Server::authenticate)
-- Server::validateRegistration(RegisterRequest, RegistrationResponseInterface): RegistrationInterface (will replace Server::setRegisterRequest + Server::register)
+- Server::validateRegistration(ChallengeProviderInterface, RegistrationResponseInterface): RegistrationInterface (will replace Server::setRegisterRequest + Server::register)
 
 ### Changed
 - Server's constructor now can take `string $appId` as a parameter

diff --git a/README.md b/README.md
@@ -85,11 +85,11 @@ Start by generating a challenge.
 You will need to store this temporarily (e.g. in a session), then send it to the user:
 
 ```php
-$request = $server->generateRegisterRequest();
-$_SESSION['registration_request'] = $request;
+$challenge = $server->generateChallenge();
+$_SESSION['registration_challenge'] = $challenge;
 
 header('Content-type: application/json');
-echo json_encode($request->getChallenge());
+echo json_encode($challenge);
 ```
 
 #### Client-side registration
@@ -149,8 +149,8 @@ $rawPostBody = trim(file_get_contents('php:https://input'));
 $data = json_decode($rawPostBody, true);
 $response = \Firehed\U2F\WebAuthn\RegistrationResponse::fromDecodedJson($data);
 
-$request = $_SESSION['registration_request'];
-$registration = $server->validateRegistration($request, $response);
+$challenge = $_SESSION['registration_challenge'];
+$registration = $server->validateRegistration($challenge, $response);
 ```
 
 #### Persist the `$registration`
@@ -217,7 +217,7 @@ After doing so, send them to the user:
 $registrations = $user->getU2FRegistrations(); // this must be an array of Registration objects
 
 $challenge = $server->generateChallenge();
-$_SESSION['challenge'] = $challenge;
+$_SESSION['login_challenge'] = $challenge;
 
 // WebAuthn expects a single challenge for all key handles, and the Server generates the requests accordingly.
 header('Content-type: application/json');
@@ -280,7 +280,7 @@ $response = \Firehed\U2F\WebAuthn\LoginResponse::fromDecodedJson($data);
 
 $registrations = $user->getU2FRegistrations(); // Registration[]
 $registration = $server->validateLogin(
- $_SESSION['challenge'],
+ $_SESSION['login_challenge'],
  $response,
  $registrations
 );

diff --git a/src/Server.php b/src/Server.php
@@ -227,7 +227,7 @@ public function authenticate(LoginResponseInterface $response): RegistrationInte
  * @throws BadMethodCallException if a precondition is not met
  */
  public function validateRegistration(
- RegisterRequest $request,
+ ChallengeProviderInterface $request,
  RegistrationResponseInterface $response
  ): RegistrationInterface {
  $this->validateChallenge($request, $response);