RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/handlers/handler_sign_u2f_step1.go

65 lines
2.0 KiB
Go
Raw Normal View History

Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
package handlers
import (
Provide commands to migrate database from v3 to v4.
2019-11-17 01:05:46 +00:00
"crypto/elliptic"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
"fmt"
Move source code into internal directory to follow standard project layout. https://github.com/golang-standards/project-layout
2019-11-17 10:47:07 +00:00
"github.com/clems4ever/authelia/internal/middlewares"
"github.com/clems4ever/authelia/internal/session"
"github.com/clems4ever/authelia/internal/storage"
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
"github.com/tstranex/u2f"
)
// SecondFactorU2FSignGet handler for initiating a signing request.
func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx) {
userSession := ctx.GetSession()
appID := fmt.Sprintf("%s://%s", ctx.XForwardedProto(), ctx.XForwardedHost())
var trustedFacets = []string{appID}
challenge, err := u2f.NewChallenge(appID, trustedFacets)
if err != nil {
ctx.Error(fmt.Errorf("Unable to create U2F challenge: %s", err), mfaValidationFailedMessage)
return
}
Provide commands to migrate database from v3 to v4.
2019-11-17 01:05:46 +00:00
keyHandleBytes, publicKeyBytes, err := ctx.Providers.StorageProvider.LoadU2FDeviceHandle(userSession.Username)
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
if err != nil {
if err == storage.ErrNoU2FDeviceHandle {
ctx.Error(fmt.Errorf("No device handle found for user %s", userSession.Username), mfaValidationFailedMessage)
return
}
ctx.Error(fmt.Errorf("Unable to retrieve U2F device handle: %s", err), mfaValidationFailedMessage)
return
}
var registration u2f.Registration
Provide commands to migrate database from v3 to v4.
2019-11-17 01:05:46 +00:00
registration.KeyHandle = keyHandleBytes
x, y := elliptic.Unmarshal(elliptic.P256(), publicKeyBytes)
registration.PubKey.Curve = elliptic.P256()
registration.PubKey.X = x
registration.PubKey.Y = y
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
// Save the challenge and registration for use in next request
Provide commands to migrate database from v3 to v4.
2019-11-17 01:05:46 +00:00
userSession.U2FRegistration = &session.U2FRegistration{
KeyHandle: keyHandleBytes,
PublicKey: publicKeyBytes,
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture.
2019-04-24 21:52:08 +00:00
userSession.U2FChallenge = challenge
err = ctx.SaveSession(userSession)
if err != nil {
ctx.Error(fmt.Errorf("Unable to save U2F challenge and registration in session: %s", err), mfaValidationFailedMessage)
return
}
signRequest := challenge.SignRequest([]u2f.Registration{registration})
err = ctx.SetJSONBody(signRequest)
if err != nil {
ctx.Error(fmt.Errorf("Unable to set sign request in body: %s", err), mfaValidationFailedMessage)
return
}
}