fix possible replay attack with passkey login

2026-04-14 04:20:49 +08:00 · 2026-01-31 15:12:16 +08:00
parent c162fc81be
commit 8207f1ed6f
5 changed files with 62 additions and 51 deletions
--- a/public/ajax.php
+++ b/public/ajax.php
@@ -194,7 +194,7 @@ class AjaxInterface{
    {
        global $CURUSER;
        $rep = new \App\Repositories\UserPasskeyRepository();
-        return $rep->processCreate($CURUSER['id'], $params['clientDataJSON'], $params['attestationObject']);
+        return $rep->processCreate($CURUSER['id'], $params['challengeId'], $params['clientDataJSON'], $params['attestationObject']);
    }

    public static function deletePasskey($params)
@@ -222,7 +222,7 @@ class AjaxInterface{
    {
        global $CURUSER;
        $rep = new \App\Repositories\UserPasskeyRepository();
-        return $rep->processGet($params['challenge'], $params['id'], $params['clientDataJSON'], $params['authenticatorData'], $params['signature'], $params['userHandle']);
+        return $rep->processGet($params['challengeId'], $params['id'], $params['clientDataJSON'], $params['authenticatorData'], $params['signature'], $params['userHandle']);
    }
 }