2022-03-03 11:20:43 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/url"
|
|
|
|
|
2022-03-03 23:46:38 +00:00
|
|
|
"github.com/go-webauthn/webauthn/protocol"
|
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
2022-03-03 11:20:43 +00:00
|
|
|
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2022-03-06 05:47:40 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
2022-03-03 11:20:43 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/session"
|
|
|
|
)
|
|
|
|
|
2023-04-10 07:01:23 +00:00
|
|
|
func getWebAuthnUser(ctx *middlewares.AutheliaCtx, userSession session.UserSession) (user *model.WebAuthnUser, err error) {
|
|
|
|
user = &model.WebAuthnUser{
|
2022-03-03 11:20:43 +00:00
|
|
|
Username: userSession.Username,
|
|
|
|
DisplayName: userSession.DisplayName,
|
|
|
|
}
|
|
|
|
|
|
|
|
if user.DisplayName == "" {
|
|
|
|
user.DisplayName = user.Username
|
|
|
|
}
|
|
|
|
|
2023-04-14 16:04:42 +00:00
|
|
|
if user.Devices, err = ctx.Providers.StorageProvider.LoadWebAuthnDevicesByUsername(ctx, userSession.Username); err != nil {
|
2022-03-03 11:20:43 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return user, nil
|
|
|
|
}
|
|
|
|
|
2023-04-14 16:04:42 +00:00
|
|
|
func newWebAuthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error) {
|
2022-03-03 11:20:43 +00:00
|
|
|
var (
|
|
|
|
u *url.URL
|
|
|
|
)
|
|
|
|
|
2023-01-25 09:36:40 +00:00
|
|
|
if u, err = ctx.GetXOriginalURLOrXForwardedURL(); err != nil {
|
2022-03-03 11:20:43 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
rpID := u.Hostname()
|
|
|
|
origin := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
|
|
|
|
|
|
|
|
config := &webauthn.Config{
|
2023-04-14 16:04:42 +00:00
|
|
|
RPDisplayName: ctx.Configuration.WebAuthn.DisplayName,
|
2022-03-03 11:20:43 +00:00
|
|
|
RPID: rpID,
|
2023-04-02 06:09:18 +00:00
|
|
|
RPOrigin: origin,
|
2022-03-03 11:20:43 +00:00
|
|
|
RPIcon: "",
|
|
|
|
|
2023-04-14 16:04:42 +00:00
|
|
|
AttestationPreference: ctx.Configuration.WebAuthn.ConveyancePreference,
|
2022-03-03 11:20:43 +00:00
|
|
|
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
|
|
|
AuthenticatorAttachment: protocol.CrossPlatform,
|
2023-04-14 16:04:42 +00:00
|
|
|
UserVerification: ctx.Configuration.WebAuthn.UserVerification,
|
2022-03-03 23:46:38 +00:00
|
|
|
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
2022-03-03 11:20:43 +00:00
|
|
|
},
|
|
|
|
|
2023-04-14 16:04:42 +00:00
|
|
|
Timeout: int(ctx.Configuration.WebAuthn.Timeout.Milliseconds()),
|
2022-03-03 11:20:43 +00:00
|
|
|
}
|
|
|
|
|
2023-04-14 16:04:42 +00:00
|
|
|
ctx.Logger.Tracef("Creating new WebAuthn RP instance with ID %s and Origins %s", config.RPID, config.RPOrigin)
|
2022-03-03 11:20:43 +00:00
|
|
|
|
|
|
|
return webauthn.New(config)
|
|
|
|
}
|