2022-03-03 11:20:43 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/url"
|
2023-01-07 03:21:27 +00:00
|
|
|
"strings"
|
2022-03-03 11:20:43 +00:00
|
|
|
|
2022-03-03 23:46:38 +00:00
|
|
|
"github.com/go-webauthn/webauthn/protocol"
|
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
2022-03-03 11:20:43 +00:00
|
|
|
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2022-03-06 05:47:40 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
2023-02-16 19:40:40 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/random"
|
2022-03-03 11:20:43 +00:00
|
|
|
)
|
|
|
|
|
2023-02-16 19:40:40 +00:00
|
|
|
func getWebauthnUserByRPID(ctx *middlewares.AutheliaCtx, username, description string, rpid string) (user *model.WebauthnUser, err error) {
|
|
|
|
if user, err = ctx.Providers.StorageProvider.LoadWebauthnUser(ctx, rpid, username); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
|
|
|
user = &model.WebauthnUser{
|
|
|
|
RPID: rpid,
|
|
|
|
Username: username,
|
|
|
|
UserID: ctx.Providers.Random.StringCustom(64, random.CharSetASCII),
|
|
|
|
DisplayName: description,
|
|
|
|
}
|
2023-02-11 15:47:03 +00:00
|
|
|
|
2023-02-16 19:40:40 +00:00
|
|
|
if err = ctx.Providers.StorageProvider.SaveWebauthnUser(ctx, *user); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-03-03 11:20:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if user.DisplayName == "" {
|
|
|
|
user.DisplayName = user.Username
|
|
|
|
}
|
|
|
|
|
2023-02-14 02:53:57 +00:00
|
|
|
if user.Devices, err = ctx.Providers.StorageProvider.LoadWebauthnDevicesByUsername(ctx, rpid, user.Username); err != nil {
|
2022-03-03 11:20:43 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return user, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func newWebauthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error) {
|
|
|
|
var (
|
2023-02-11 15:47:03 +00:00
|
|
|
origin *url.URL
|
2022-03-03 11:20:43 +00:00
|
|
|
)
|
|
|
|
|
2023-02-11 15:47:03 +00:00
|
|
|
if origin, err = ctx.GetOrigin(); err != nil {
|
2022-03-03 11:20:43 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
config := &webauthn.Config{
|
|
|
|
RPDisplayName: ctx.Configuration.Webauthn.DisplayName,
|
2023-02-11 15:47:03 +00:00
|
|
|
RPID: origin.Hostname(),
|
|
|
|
RPOrigins: []string{origin.String()},
|
2022-03-03 11:20:43 +00:00
|
|
|
RPIcon: "",
|
|
|
|
|
|
|
|
AttestationPreference: ctx.Configuration.Webauthn.ConveyancePreference,
|
|
|
|
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
|
|
|
AuthenticatorAttachment: protocol.CrossPlatform,
|
|
|
|
UserVerification: ctx.Configuration.Webauthn.UserVerification,
|
2022-03-03 23:46:38 +00:00
|
|
|
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
2022-03-03 11:20:43 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
Timeout: int(ctx.Configuration.Webauthn.Timeout.Milliseconds()),
|
|
|
|
}
|
|
|
|
|
2023-01-07 03:21:27 +00:00
|
|
|
ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origins %s", config.RPID, strings.Join(config.RPOrigins, ", "))
|
2022-03-03 11:20:43 +00:00
|
|
|
|
|
|
|
return webauthn.New(config)
|
|
|
|
}
|