RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: adjust references of webauthn (#5203) 

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5205/head
James Elliott 2023-04-10 17:01:23 +10:00 committed by GitHub
parent 304467c10f
commit 157675f1f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 245 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/authelia-scripts/cmd/gen.go
View File

@ -7,5 +7,5 @@
package cmd
const (
versionSwaggerUI = "4.18.1"
versionSwaggerUI = "4.18.2"
)

12
docs/content/en/blog/pre-release-notes-4.38/index.md
View File

@ -49,7 +49,7 @@ authelia configuration, and authelia database prior to attempting to do so._
Notable Missing Features from this build:
- OpenID Connect 1.0 PAR
- Multi-Device Webauthn
- Multi-Device WebAuthn
- Device Registration OTP
- Container Images:
@ -144,7 +144,7 @@ Please see the [roadmap](../../roadmap/active/openid-connect.md) for more inform
##### Initial Implementation
_**Important Note:** This feature at the time of this writing, will not work well with Webauthn. Steps are being taken
_**Important Note:** This feature at the time of this writing, will not work well with WebAuthn. Steps are being taken
to address this however it will not specifically delay the release of this feature._
This release see's the initial implementation of multi-domain protection. Users will be able to configure more than a
@ -160,14 +160,14 @@ NGINX/NGINX Proxy Manager/SWAG/HAProxy with the use of the new
[Customizable Authorization Endpoints](#customizable-authorization-endpoints). This is important as it means you only
need to configure a single middleware or helper to perform automatic redirection.
## Webauthn
## WebAuthn
As part of our ongoing effort for comprehensive support for Webauthn we'll be introducing several important
As part of our ongoing effort for comprehensive support for WebAuthn we'll be introducing several important
features. Please see the [roadmap](../../roadmap/active/webauthn.md) for more information.
##### Multiple Webauthn Credentials Per-User
##### Multiple WebAuthn Credentials Per-User
In this release we see full support for multiple Webauthn credentials. This is a fairly basic feature but getting the
In this release we see full support for multiple WebAuthn credentials. This is a fairly basic feature but getting the
frontend experience right is important to us. This is going to be supported via the
[User Control Panel](#user-dashboard--control-panel).

2
docs/content/en/contributing/guidelines/testing.md
View File

@ -2,7 +2,7 @@
title: "Testing"
description: "Authelia Development Testing Guidelines"
lead: "This section covers the testing guidelines."
date: 2022-06-15T17:51:47+10:00
date: 2023-03-20T15:03:52+11:00
draft: false
images: []
menu:

2
docs/content/en/contributors/amir-zarrinkafsh/_index.md
View File

@ -1,6 +1,6 @@
---
title: "Amir Zarrinkafsh"
date: 2022-06-15T17:51:47+10:00
date: 2023-03-19T16:29:12+10:00
draft: false
images: []
---

2
docs/content/en/contributors/clement-michaud/_index.md
View File

@ -1,6 +1,6 @@
---
title: "Clément Michaud"
date: 2022-06-15T17:51:47+10:00
date: 2023-03-19T16:29:12+10:00
draft: false
images: []
---

2
docs/content/en/contributors/manuel-nunez/_index.md
View File

@ -1,6 +1,6 @@
---
title: "Manuel Nuñez"
date: 2022-06-15T17:51:47+10:00
date: 2023-03-19T16:29:12+10:00
draft: false
images: []
---

2
docs/content/en/information/about.md
View File

@ -1,7 +1,7 @@
---
title: "About"
description: "About Authelia and the Authelia Team"
date: 2022-06-15T17:51:47+10:00
date: 2023-03-19T16:29:12+10:00
draft: false
images: []
aliases:

2
docs/content/en/integration/openid-connect/firezone/index.md
View File

@ -2,7 +2,7 @@
title: "Firezone"
description: "Integrating Firezone with the Authelia OpenID Connect Provider."
lead: ""
date: 2023-03-25T13:07:02+10:00
date: 2023-03-28T20:29:13+11:00
draft: false
images: []
menu:

2
docs/content/en/integration/openid-connect/minio/index.md
View File

@ -2,7 +2,7 @@
title: "MinIO"
description: "Integrating MinIO with the Authelia OpenID Connect Provider."
lead: ""
date: 2022-06-15T17:51:47+10:00
date: 2023-03-21T11:21:23+11:00
draft: false
images: []
menu:

2
docs/content/en/integration/openid-connect/misago/index.md
View File

@ -2,7 +2,7 @@
title: "Misago"
description: "Integrating Misago with the Authelia OpenID Connect Provider."
lead: ""
date: 2023-03-04T13:20:00+00:00
date: 2023-03-14T08:51:13+11:00
draft: false
images: []
menu:

4
docs/content/en/integration/proxies/swag.md
View File

@ -73,7 +73,7 @@ serving Authelia at `auth.example.com`.
```nginx
## Set $authelia_backend to route requests to the current domain by default
set $authelia_backend $http_host;
## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
## In order for WebAuthn to work with multiple domains authelia must operate on a separate subdomain
## To use authelia on a separate subdomain:
## * comment the $authelia_backend line above
## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
@ -88,7 +88,7 @@ serving Authelia at `auth.example.com`.
```nginx
## Set $authelia_backend to route requests to the current domain by default
# set $authelia_backend $http_host;
## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
## In order for WebAuthn to work with multiple domains authelia must operate on a separate subdomain
## To use authelia on a separate subdomain:
## * comment the $authelia_backend line above
## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf

2
docs/content/en/reference/cli/authelia/authelia_storage_user.md
View File

@ -63,5 +63,5 @@ authelia storage user --help
* [authelia storage](authelia_storage.md) - Manage the Authelia storage
* [authelia storage user identifiers](authelia_storage_user_identifiers.md) - Manage user opaque identifiers
* [authelia storage user totp](authelia_storage_user_totp.md) - Manage TOTP configurations
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage Webauthn devices
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage WebAuthn devices

14
docs/content/en/reference/cli/authelia/authelia_storage_user_webauthn.md
View File

@ -14,13 +14,13 @@ toc: true
## authelia storage user webauthn
Manage Webauthn devices
Manage WebAuthn devices
### Synopsis
Manage Webauthn devices.
Manage WebAuthn devices.
This subcommand allows interacting with Webauthn devices.
This subcommand allows interacting with WebAuthn devices.
### Examples
@ -61,8 +61,8 @@ authelia storage user webauthn --help
### SEE ALSO
* [authelia storage user](authelia_storage_user.md) - Manages user settings
* [authelia storage user webauthn delete](authelia_storage_user_webauthn_delete.md) - Delete a Webauthn device
* [authelia storage user webauthn export](authelia_storage_user_webauthn_export.md) - Perform exports of the Webauthn devices
* [authelia storage user webauthn import](authelia_storage_user_webauthn_import.md) - Perform imports of the Webauthn devices
* [authelia storage user webauthn list](authelia_storage_user_webauthn_list.md) - List Webauthn devices
* [authelia storage user webauthn delete](authelia_storage_user_webauthn_delete.md) - Delete a WebAuthn device
* [authelia storage user webauthn export](authelia_storage_user_webauthn_export.md) - Perform exports of the WebAuthn devices
* [authelia storage user webauthn import](authelia_storage_user_webauthn_import.md) - Perform imports of the WebAuthn devices
* [authelia storage user webauthn list](authelia_storage_user_webauthn_list.md) - List WebAuthn devices

8
docs/content/en/reference/cli/authelia/authelia_storage_user_webauthn_delete.md
View File

@ -14,13 +14,13 @@ toc: true
## authelia storage user webauthn delete
Delete a Webauthn device
Delete a WebAuthn device
### Synopsis
Delete a Webauthn device.
Delete a WebAuthn device.
This subcommand allows deleting a Webauthn device directly from the database.
This subcommand allows deleting a WebAuthn device directly from the database.
```
authelia storage user webauthn delete [username] [flags]
@ -75,5 +75,5 @@ authelia storage user webauthn delete --kid abc123 --encryption-key b3453fde-ecc
### SEE ALSO
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage Webauthn devices
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage WebAuthn devices

8
docs/content/en/reference/cli/authelia/authelia_storage_user_webauthn_export.md
View File

@ -14,13 +14,13 @@ toc: true
## authelia storage user webauthn export
Perform exports of the Webauthn devices
Perform exports of the WebAuthn devices
### Synopsis
Perform exports of the Webauthn devices.
Perform exports of the WebAuthn devices.
This subcommand allows exporting Webauthn devices to various formats.
This subcommand allows exporting WebAuthn devices to various formats.
```
authelia storage user webauthn export [flags]
@ -68,5 +68,5 @@ authelia storage user webauthn export--encryption-key b3453fde-ecc2-4a1f-9422-27
### SEE ALSO
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage Webauthn devices
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage WebAuthn devices

8
docs/content/en/reference/cli/authelia/authelia_storage_user_webauthn_import.md
View File

@ -14,13 +14,13 @@ toc: true
## authelia storage user webauthn import
Perform imports of the Webauthn devices
Perform imports of the WebAuthn devices
### Synopsis
Perform imports of the Webauthn devices.
Perform imports of the WebAuthn devices.
This subcommand allows importing Webauthn devices from various formats.
This subcommand allows importing WebAuthn devices from various formats.
```
authelia storage user webauthn import <filename> [flags]
@ -67,5 +67,5 @@ authelia storage user webauthn import --file authelia.export.webauthn.yaml --enc
### SEE ALSO
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage Webauthn devices
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage WebAuthn devices

8
docs/content/en/reference/cli/authelia/authelia_storage_user_webauthn_list.md
View File

@ -14,13 +14,13 @@ toc: true
## authelia storage user webauthn list
List Webauthn devices
List WebAuthn devices
### Synopsis
List Webauthn devices.
List WebAuthn devices.
This subcommand allows listing Webauthn devices.
This subcommand allows listing WebAuthn devices.
```
authelia storage user webauthn list [username] [flags]
@ -69,5 +69,5 @@ authelia storage user webauthn list john --encryption-key b3453fde-ecc2-4a1f-942
### SEE ALSO
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage Webauthn devices
* [authelia storage user webauthn](authelia_storage_user_webauthn.md) - Manage WebAuthn devices

40
internal/commands/const.go
View File

@ -177,56 +177,56 @@ This subcommand allows manually adding an opaque identifier for a user to the da
authelia storage user identifiers add john --identifier f0919359-9d15-4e15-bcba-83b41620a073 --config config.yml
authelia storage user identifiers add john --identifier f0919359-9d15-4e15-bcba-83b41620a073 --encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw`
cmdAutheliaStorageUserWebauthnShort = "Manage Webauthn devices"
cmdAutheliaStorageUserWebAuthnShort = "Manage WebAuthn devices"
cmdAutheliaStorageUserWebauthnLong = `Manage Webauthn devices.
cmdAutheliaStorageUserWebAuthnLong = `Manage WebAuthn devices.
This subcommand allows interacting with Webauthn devices.`
This subcommand allows interacting with WebAuthn devices.`
cmdAutheliaStorageUserWebauthnExample = `authelia storage user webauthn --help`
cmdAutheliaStorageUserWebAuthnExample = `authelia storage user webauthn --help`
cmdAutheliaStorageUserWebauthnImportShort = "Perform imports of the Webauthn devices"
cmdAutheliaStorageUserWebAuthnImportShort = "Perform imports of the WebAuthn devices"
cmdAutheliaStorageUserWebauthnImportLong = `Perform imports of the Webauthn devices.
cmdAutheliaStorageUserWebAuthnImportLong = `Perform imports of the WebAuthn devices.
This subcommand allows importing Webauthn devices from various formats.`
This subcommand allows importing WebAuthn devices from various formats.`
cmdAutheliaStorageUserWebauthnImportExample = `authelia storage user webauthn export
cmdAutheliaStorageUserWebAuthnImportExample = `authelia storage user webauthn export
authelia storage user webauthn import --file authelia.export.webauthn.yaml
authelia storage user webauthn import --file authelia.export.webauthn.yaml --config config.yml
authelia storage user webauthn import --file authelia.export.webauthn.yaml --encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw`
cmdAutheliaStorageUserWebauthnExportShort = "Perform exports of the Webauthn devices"
cmdAutheliaStorageUserWebAuthnExportShort = "Perform exports of the WebAuthn devices"
cmdAutheliaStorageUserWebauthnExportLong = `Perform exports of the Webauthn devices.
cmdAutheliaStorageUserWebAuthnExportLong = `Perform exports of the WebAuthn devices.
This subcommand allows exporting Webauthn devices to various formats.`
This subcommand allows exporting WebAuthn devices to various formats.`
cmdAutheliaStorageUserWebauthnExportExample = `authelia storage user webauthn export
cmdAutheliaStorageUserWebAuthnExportExample = `authelia storage user webauthn export
authelia storage user webauthn export --file authelia.export.webauthn.yaml
authelia storage user webauthn export --config config.yml
authelia storage user webauthn export--encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw`
cmdAutheliaStorageUserWebauthnListShort = "List Webauthn devices"
cmdAutheliaStorageUserWebAuthnListShort = "List WebAuthn devices"
cmdAutheliaStorageUserWebauthnListLong = `List Webauthn devices.
cmdAutheliaStorageUserWebAuthnListLong = `List WebAuthn devices.
This subcommand allows listing Webauthn devices.`
This subcommand allows listing WebAuthn devices.`
cmdAutheliaStorageUserWebauthnListExample = `authelia storage user webauthn list
cmdAutheliaStorageUserWebAuthnListExample = `authelia storage user webauthn list
authelia storage user webauthn list john
authelia storage user webauthn list --config config.yml
authelia storage user webauthn list john --config config.yml
authelia storage user webauthn list --encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw
authelia storage user webauthn list john --encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw`
cmdAutheliaStorageUserWebauthnDeleteShort = "Delete a Webauthn device"
cmdAutheliaStorageUserWebAuthnDeleteShort = "Delete a WebAuthn device"
cmdAutheliaStorageUserWebauthnDeleteLong = `Delete a Webauthn device.
cmdAutheliaStorageUserWebAuthnDeleteLong = `Delete a WebAuthn device.
This subcommand allows deleting a Webauthn device directly from the database.`
This subcommand allows deleting a WebAuthn device directly from the database.`
cmdAutheliaStorageUserWebauthnDeleteExample = `authelia storage user webauthn delete john --all
cmdAutheliaStorageUserWebAuthnDeleteExample = `authelia storage user webauthn delete john --all
authelia storage user webauthn delete john --all --config config.yml
authelia storage user webauthn delete john --all --encryption-key b3453fde-ecc2-4a1f-9422-2707ddbed495 --postgres.host postgres --postgres.password autheliapw
authelia storage user webauthn delete john --description Primary

2
internal/commands/helpers.go
View File

@ -68,7 +68,7 @@ func storageTOTPGenerateRunEOptsFromFlags(flags *pflag.FlagSet) (force bool, fil
return force, filename, secret, nil
}
func storageWebauthnDeleteRunEOptsFromFlags(flags *pflag.FlagSet, args []string) (all, byKID bool, description, kid, user string, err error) {
func storageWebAuthnDeleteRunEOptsFromFlags(flags *pflag.FlagSet, args []string) (all, byKID bool, description, kid, user string, err error) {
if len(args) != 0 {
user = args[0]
}

58
internal/commands/storage.go
View File

@ -124,7 +124,7 @@ func newStorageUserCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd.AddCommand(
newStorageUserIdentifiersCmd(ctx),
newStorageUserTOTPCmd(ctx),
newStorageUserWebauthnCmd(ctx),
newStorageUserWebAuthnCmd(ctx),
)
return cmd
@ -221,34 +221,34 @@ func newStorageUserIdentifiersAddCmd(ctx *CmdCtx) (cmd *cobra.Command) {
return cmd
}
func newStorageUserWebauthnCmd(ctx *CmdCtx) (cmd *cobra.Command) {
func newStorageUserWebAuthnCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd = &cobra.Command{
Use: "webauthn",
Short: cmdAutheliaStorageUserWebauthnShort,
Long: cmdAutheliaStorageUserWebauthnLong,
Example: cmdAutheliaStorageUserWebauthnExample,
Short: cmdAutheliaStorageUserWebAuthnShort,
Long: cmdAutheliaStorageUserWebAuthnLong,
Example: cmdAutheliaStorageUserWebAuthnExample,
Args: cobra.NoArgs,
DisableAutoGenTag: true,
}
cmd.AddCommand(
newStorageUserWebauthnListCmd(ctx),
newStorageUserWebauthnDeleteCmd(ctx),
newStorageUserWebauthnExportCmd(ctx),
newStorageUserWebauthnImportCmd(ctx),
newStorageUserWebAuthnListCmd(ctx),
newStorageUserWebAuthnDeleteCmd(ctx),
newStorageUserWebAuthnExportCmd(ctx),
newStorageUserWebAuthnImportCmd(ctx),
)
return cmd
}
func newStorageUserWebauthnImportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
func newStorageUserWebAuthnImportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd = &cobra.Command{
Use: cmdUseImportFileName,
Short: cmdAutheliaStorageUserWebauthnImportShort,
Long: cmdAutheliaStorageUserWebauthnImportLong,
Example: cmdAutheliaStorageUserWebauthnImportExample,
RunE: ctx.StorageUserWebauthnImportRunE,
Short: cmdAutheliaStorageUserWebAuthnImportShort,
Long: cmdAutheliaStorageUserWebAuthnImportLong,
Example: cmdAutheliaStorageUserWebAuthnImportExample,
RunE: ctx.StorageUserWebAuthnImportRunE,
Args: cobra.ExactArgs(1),
DisableAutoGenTag: true,
@ -257,13 +257,13 @@ func newStorageUserWebauthnImportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
return cmd
}
func newStorageUserWebauthnExportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
func newStorageUserWebAuthnExportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd = &cobra.Command{
Use: cmdUseExport,
Short: cmdAutheliaStorageUserWebauthnExportShort,
Long: cmdAutheliaStorageUserWebauthnExportLong,
Example: cmdAutheliaStorageUserWebauthnExportExample,
RunE: ctx.StorageUserWebauthnExportRunE,
Short: cmdAutheliaStorageUserWebAuthnExportShort,
Long: cmdAutheliaStorageUserWebAuthnExportLong,
Example: cmdAutheliaStorageUserWebAuthnExportExample,
RunE: ctx.StorageUserWebAuthnExportRunE,
Args: cobra.NoArgs,
DisableAutoGenTag: true,
@ -274,13 +274,13 @@ func newStorageUserWebauthnExportCmd(ctx *CmdCtx) (cmd *cobra.Command) {
return cmd
}
func newStorageUserWebauthnListCmd(ctx *CmdCtx) (cmd *cobra.Command) {
func newStorageUserWebAuthnListCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd = &cobra.Command{
Use: "list [username]",
Short: cmdAutheliaStorageUserWebauthnListShort,
Long: cmdAutheliaStorageUserWebauthnListLong,
Example: cmdAutheliaStorageUserWebauthnListExample,
RunE: ctx.StorageUserWebauthnListRunE,
Short: cmdAutheliaStorageUserWebAuthnListShort,
Long: cmdAutheliaStorageUserWebAuthnListLong,
Example: cmdAutheliaStorageUserWebAuthnListExample,
RunE: ctx.StorageUserWebAuthnListRunE,
Args: cobra.MaximumNArgs(1),
DisableAutoGenTag: true,
@ -289,13 +289,13 @@ func newStorageUserWebauthnListCmd(ctx *CmdCtx) (cmd *cobra.Command) {
return cmd
}
func newStorageUserWebauthnDeleteCmd(ctx *CmdCtx) (cmd *cobra.Command) {
func newStorageUserWebAuthnDeleteCmd(ctx *CmdCtx) (cmd *cobra.Command) {
cmd = &cobra.Command{
Use: "delete [username]",
Short: cmdAutheliaStorageUserWebauthnDeleteShort,
Long: cmdAutheliaStorageUserWebauthnDeleteLong,
Example: cmdAutheliaStorageUserWebauthnDeleteExample,
RunE: ctx.StorageUserWebauthnDeleteRunE,
Short: cmdAutheliaStorageUserWebAuthnDeleteShort,
Long: cmdAutheliaStorageUserWebAuthnDeleteLong,
Example: cmdAutheliaStorageUserWebAuthnDeleteExample,
RunE: ctx.StorageUserWebAuthnDeleteRunE,
Args: cobra.MaximumNArgs(1),
DisableAutoGenTag: true,

54
internal/commands/storage_run.go
View File

@ -415,7 +415,7 @@ func (ctx *CmdCtx) StorageSchemaInfoRunE(_ *cobra.Command, _ []string) (err erro
return nil
}
func (ctx *CmdCtx) StorageUserWebauthnExportRunE(cmd *cobra.Command, args []string) (err error) {
func (ctx *CmdCtx) StorageUserWebAuthnExportRunE(cmd *cobra.Command, args []string) (err error) {
defer func() {
_ = ctx.providers.StorageProvider.Close()
}()
@ -443,11 +443,11 @@ func (ctx *CmdCtx) StorageUserWebauthnExportRunE(cmd *cobra.Command, args []stri
count := 0
var (
devices []model.WebauthnDevice
devices []model.WebAuthnDevice
)
export := &model.WebauthnDeviceExport{
WebauthnDevices: nil,
export := &model.WebAuthnDeviceExport{
WebAuthnDevices: nil,
}
for page := 0; true; page++ {
@ -455,7 +455,7 @@ func (ctx *CmdCtx) StorageUserWebauthnExportRunE(cmd *cobra.Command, args []stri
return err
}
export.WebauthnDevices = append(export.WebauthnDevices, devices...)
export.WebAuthnDevices = append(export.WebAuthnDevices, devices...)
l := len(devices)
@ -476,12 +476,12 @@ func (ctx *CmdCtx) StorageUserWebauthnExportRunE(cmd *cobra.Command, args []stri
return fmt.Errorf("error occurred writing to file '%s': %w", filename, err)
}
fmt.Printf(cliOutputFmtSuccessfulUserExportFile, count, "Webauthn devices", "YAML", filename)
fmt.Printf(cliOutputFmtSuccessfulUserExportFile, count, "WebAuthn devices", "YAML", filename)
return nil
}
func (ctx *CmdCtx) StorageUserWebauthnImportRunE(cmd *cobra.Command, args []string) (err error) {
func (ctx *CmdCtx) StorageUserWebAuthnImportRunE(cmd *cobra.Command, args []string) (err error) {
defer func() {
_ = ctx.providers.StorageProvider.Close()
}()
@ -507,46 +507,46 @@ func (ctx *CmdCtx) StorageUserWebauthnImportRunE(cmd *cobra.Command, args []stri
return err
}
export := &model.WebauthnDeviceExport{}
export := &model.WebAuthnDeviceExport{}
if err = yaml.Unmarshal(data, export); err != nil {
return err
}
if len(export.WebauthnDevices) == 0 {
return fmt.Errorf("can't import a YAML file without Webauthn devices data")
if len(export.WebAuthnDevices) == 0 {
return fmt.Errorf("can't import a YAML file without WebAuthn devices data")
}
if err = ctx.CheckSchema(); err != nil {
return storageWrapCheckSchemaErr(err)
}
for _, device := range export.WebauthnDevices {
for _, device := range export.WebAuthnDevices {
if err = ctx.providers.StorageProvider.SaveWebauthnDevice(ctx, device); err != nil {
return err
}
}
fmt.Printf(cliOutputFmtSuccessfulUserImportFile, len(export.WebauthnDevices), "Webauthn devices", "YAML", filename)
fmt.Printf(cliOutputFmtSuccessfulUserImportFile, len(export.WebAuthnDevices), "WebAuthn devices", "YAML", filename)
return nil
}
// StorageUserWebauthnListRunE is the RunE for the authelia storage user webauthn list command.
func (ctx *CmdCtx) StorageUserWebauthnListRunE(cmd *cobra.Command, args []string) (err error) {
// StorageUserWebAuthnListRunE is the RunE for the authelia storage user webauthn list command.
func (ctx *CmdCtx) StorageUserWebAuthnListRunE(cmd *cobra.Command, args []string) (err error) {
defer func() {
_ = ctx.providers.StorageProvider.Close()
}()
if len(args) == 0 || args[0] == "" {
return ctx.StorageUserWebauthnListAllRunE(cmd, args)
return ctx.StorageUserWebAuthnListAllRunE(cmd, args)
}
if err = ctx.CheckSchema(); err != nil {
return storageWrapCheckSchemaErr(err)
}
var devices []model.WebauthnDevice
var devices []model.WebAuthnDevice
user := args[0]
@ -558,7 +558,7 @@ func (ctx *CmdCtx) StorageUserWebauthnListRunE(cmd *cobra.Command, args []string
case err != nil:
return fmt.Errorf("can't list devices for user '%s': %w", user, err)
default:
fmt.Printf("Webauthn Devices for user '%s':\n\n", user)
fmt.Printf("WebAuthn Devices for user '%s':\n\n", user)
fmt.Printf("ID\tKID\tDescription\n")
for _, device := range devices {
@ -569,8 +569,8 @@ func (ctx *CmdCtx) StorageUserWebauthnListRunE(cmd *cobra.Command, args []string
return nil
}
// StorageUserWebauthnListAllRunE is the RunE for the authelia storage user webauthn list command when no args are specified.
func (ctx *CmdCtx) StorageUserWebauthnListAllRunE(_ *cobra.Command, _ []string) (err error) {
// StorageUserWebAuthnListAllRunE is the RunE for the authelia storage user webauthn list command when no args are specified.
func (ctx *CmdCtx) StorageUserWebAuthnListAllRunE(_ *cobra.Command, _ []string) (err error) {
defer func() {
_ = ctx.providers.StorageProvider.Close()
}()
@ -579,7 +579,7 @@ func (ctx *CmdCtx) StorageUserWebauthnListAllRunE(_ *cobra.Command, _ []string)
return storageWrapCheckSchemaErr(err)
}
var devices []model.WebauthnDevice
var devices []model.WebAuthnDevice
limit := 10
@ -603,14 +603,14 @@ func (ctx *CmdCtx) StorageUserWebauthnListAllRunE(_ *cobra.Command, _ []string)
}
}
fmt.Printf("Webauthn Devices:\n\nID\tKID\tDescription\tUsername\n")
fmt.Printf("WebAuthn Devices:\n\nID\tKID\tDescription\tUsername\n")
fmt.Println(output.String())
return nil
}
// StorageUserWebauthnDeleteRunE is the RunE for the authelia storage user webauthn delete command.
func (ctx *CmdCtx) StorageUserWebauthnDeleteRunE(cmd *cobra.Command, args []string) (err error) {
// StorageUserWebAuthnDeleteRunE is the RunE for the authelia storage user webauthn delete command.
func (ctx *CmdCtx) StorageUserWebAuthnDeleteRunE(cmd *cobra.Command, args []string) (err error) {
defer func() {
_ = ctx.providers.StorageProvider.Close()
}()
@ -624,7 +624,7 @@ func (ctx *CmdCtx) StorageUserWebauthnDeleteRunE(cmd *cobra.Command, args []stri
description, kid, user string
)
if all, byKID, description, kid, user, err = storageWebauthnDeleteRunEOptsFromFlags(cmd.Flags(), args); err != nil {
if all, byKID, description, kid, user, err = storageWebAuthnDeleteRunEOptsFromFlags(cmd.Flags(), args); err != nil {
return err
}
@ -633,7 +633,7 @@ func (ctx *CmdCtx) StorageUserWebauthnDeleteRunE(cmd *cobra.Command, args []stri
return fmt.Errorf("failed to delete webauthn device with kid '%s': %w", kid, err)
}
fmt.Printf("Successfully deleted Webauthn device with key id '%s'\n", kid)
fmt.Printf("Successfully deleted WebAuthn device with key id '%s'\n", kid)
} else {
err = ctx.providers.StorageProvider.DeleteWebauthnDeviceByUsername(ctx, user, description)
@ -642,13 +642,13 @@ func (ctx *CmdCtx) StorageUserWebauthnDeleteRunE(cmd *cobra.Command, args []stri
return fmt.Errorf("failed to delete all webauthn devices with username '%s': %w", user, err)
}
fmt.Printf("Successfully deleted all Webauthn devices for user '%s'\n", user)
fmt.Printf("Successfully deleted all WebAuthn devices for user '%s'\n", user)
} else {
if err != nil {
return fmt.Errorf("failed to delete webauthn device with username '%s' and description '%s': %w", user, description, err)
}
fmt.Printf("Successfully deleted Webauthn device with description '%s' for user '%s'\n", description, user)
fmt.Printf("Successfully deleted WebAuthn device with description '%s' for user '%s'\n", description, user)
}
}

6
internal/handlers/handler_register_webauthn.go
View File

@ -33,7 +33,7 @@ var WebauthnIdentityFinish = middlewares.IdentityVerificationFinish(
func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string) {
var (
w *webauthn.WebAuthn
user *model.WebauthnUser
user *model.WebAuthnUser
userSession session.UserSession
err error
)
@ -94,7 +94,7 @@ func WebauthnAttestationPOST(ctx *middlewares.AutheliaCtx) {
var (
err error
w *webauthn.WebAuthn
user *model.WebauthnUser
user *model.WebAuthnUser
userSession session.UserSession
@ -150,7 +150,7 @@ func WebauthnAttestationPOST(ctx *middlewares.AutheliaCtx) {
return
}
device := model.NewWebauthnDeviceFromCredential(w.Config.RPID, userSession.Username, "Primary", credential)
device := model.NewWebAuthnDeviceFromCredential(w.Config.RPID, userSession.Username, "Primary", credential)
if err = ctx.Providers.StorageProvider.SaveWebauthnDevice(ctx, device); err != nil {
ctx.Logger.Errorf("Unable to load %s devices for assertion challenge for user '%s': %+v", regulation.AuthTypeWebauthn, userSession.Username, err)

4
internal/handlers/handler_sign_webauthn.go
View File

@ -16,7 +16,7 @@ import (
func WebauthnAssertionGET(ctx *middlewares.AutheliaCtx) {
var (
w *webauthn.WebAuthn
user *model.WebauthnUser
user *model.WebAuthnUser
userSession session.UserSession
err error
)
@ -134,7 +134,7 @@ func WebauthnAssertionPOST(ctx *middlewares.AutheliaCtx) {
var (
assertionResponse *protocol.ParsedCredentialAssertionData
credential *webauthn.Credential
user *model.WebauthnUser
user *model.WebAuthnUser
)
if assertionResponse, err = protocol.ParseCredentialRequestResponseBody(bytes.NewReader(ctx.PostBody())); err != nil {

30
internal/handlers/handler_user_info_test.go
View File

@ -62,7 +62,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
{
db: model.UserInfo{
Method: "webauthn",
HasWebauthn: true,
HasWebAuthn: true,
HasTOTP: true,
},
err: nil,
@ -70,7 +70,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
{
db: model.UserInfo{
Method: "webauthn",
HasWebauthn: true,
HasWebAuthn: true,
HasTOTP: false,
},
err: nil,
@ -78,7 +78,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
{
db: model.UserInfo{
Method: "mobile_push",
HasWebauthn: false,
HasWebAuthn: false,
HasTOTP: false,
},
err: nil,
@ -128,7 +128,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
})
t.Run("registered webauthn", func(t *testing.T) {
assert.Equal(t, resp.api.HasWebauthn, actualPreferences.HasWebauthn)
assert.Equal(t, resp.api.HasWebAuthn, actualPreferences.HasWebAuthn)
})
t.Run("registered totp", func(t *testing.T) {
@ -160,13 +160,13 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
db: model.UserInfo{
Method: "",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: false,
},
api: &model.UserInfo{
Method: "totp",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: false,
},
config: &schema.Configuration{},
@ -178,13 +178,13 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
db: model.UserInfo{
Method: "",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: true,
},
api: &model.UserInfo{
Method: "mobile_push",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: true,
},
config: &schema.Configuration{},
@ -196,13 +196,13 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
db: model.UserInfo{
Method: "",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: true,
},
api: &model.UserInfo{
Method: "totp",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: true,
},
config: &schema.Configuration{DuoAPI: schema.DuoAPIConfiguration{Disable: true}},
@ -214,13 +214,13 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
db: model.UserInfo{
Method: "",
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
HasDuo: true,
},
api: &model.UserInfo{
Method: "webauthn",
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
HasDuo: true,
},
config: &schema.Configuration{
@ -236,13 +236,13 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
db: model.UserInfo{
Method: "",
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
HasDuo: false,
},
api: &model.UserInfo{
Method: "totp",
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
HasDuo: true,
},
config: &schema.Configuration{},
@ -322,7 +322,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
})
t.Run("registered webauthn", func(t *testing.T) {
assert.Equal(t, resp.api.HasWebauthn, actualPreferences.HasWebauthn)
assert.Equal(t, resp.api.HasWebAuthn, actualPreferences.HasWebAuthn)
})
t.Run("registered totp", func(t *testing.T) {

4
internal/handlers/webauthn.go
View File

@ -12,8 +12,8 @@ import (
"github.com/authelia/authelia/v4/internal/session"
)
func getWebAuthnUser(ctx *middlewares.AutheliaCtx, userSession session.UserSession) (user *model.WebauthnUser, err error) {
user = &model.WebauthnUser{
func getWebAuthnUser(ctx *middlewares.AutheliaCtx, userSession session.UserSession) (user *model.WebAuthnUser, err error) {
user = &model.WebAuthnUser{
Username: userSession.Username,
DisplayName: userSession.DisplayName,
}

4
internal/handlers/webauthn_test.go
View File

@ -21,7 +21,7 @@ func TestWebauthnGetUser(t *testing.T) {
DisplayName: "John Smith",
}
ctx.StorageMock.EXPECT().LoadWebauthnDevicesByUsername(ctx.Ctx, "john").Return([]model.WebauthnDevice{
ctx.StorageMock.EXPECT().LoadWebauthnDevicesByUsername(ctx.Ctx, "john").Return([]model.WebAuthnDevice{
{
ID: 1,
RPID: "https://example.com",
@ -106,7 +106,7 @@ func TestWebauthnGetUserWithoutDisplayName(t *testing.T) {
Username: "john",
}
ctx.StorageMock.EXPECT().LoadWebauthnDevicesByUsername(ctx.Ctx, "john").Return([]model.WebauthnDevice{
ctx.StorageMock.EXPECT().LoadWebauthnDevicesByUsername(ctx.Ctx, "john").Return([]model.WebAuthnDevice{
{
ID: 1,
RPID: "https://example.com",

2
internal/middlewares/authelia_context.go
View File

@ -50,7 +50,7 @@ func (ctx *AutheliaCtx) AvailableSecondFactorMethods() (methods []string) {
}
if !ctx.Configuration.Webauthn.Disable {
methods = append(methods, model.SecondFactorMethodWebauthn)
methods = append(methods, model.SecondFactorMethodWebAuthn)
}
if !ctx.Configuration.DuoAPI.Disable {

6
internal/middlewares/authelia_context_test.go
View File

@ -235,15 +235,15 @@ func TestShouldReturnCorrectSecondFactorMethods(t *testing.T) {
mock.Ctx.Configuration.DuoAPI.Disable = true
assert.Equal(t, []string{model.SecondFactorMethodTOTP, model.SecondFactorMethodWebauthn}, mock.Ctx.AvailableSecondFactorMethods())
assert.Equal(t, []string{model.SecondFactorMethodTOTP, model.SecondFactorMethodWebAuthn}, mock.Ctx.AvailableSecondFactorMethods())
mock.Ctx.Configuration.DuoAPI.Disable = false
assert.Equal(t, []string{model.SecondFactorMethodTOTP, model.SecondFactorMethodWebauthn, model.SecondFactorMethodDuo}, mock.Ctx.AvailableSecondFactorMethods())
assert.Equal(t, []string{model.SecondFactorMethodTOTP, model.SecondFactorMethodWebAuthn, model.SecondFactorMethodDuo}, mock.Ctx.AvailableSecondFactorMethods())
mock.Ctx.Configuration.TOTP.Disable = true
assert.Equal(t, []string{model.SecondFactorMethodWebauthn, model.SecondFactorMethodDuo}, mock.Ctx.AvailableSecondFactorMethods())
assert.Equal(t, []string{model.SecondFactorMethodWebAuthn, model.SecondFactorMethodDuo}, mock.Ctx.AvailableSecondFactorMethods())
mock.Ctx.Configuration.Webauthn.Disable = true

10
internal/mocks/storage.go
View File

@ -421,10 +421,10 @@ func (mr *MockStorageMockRecorder) LoadUserOpaqueIdentifiers(arg0 interface{}) *
}
// LoadWebauthnDevices mocks base method.
func (m *MockStorage) LoadWebauthnDevices(arg0 context.Context, arg1, arg2 int) ([]model.WebauthnDevice, error) {
func (m *MockStorage) LoadWebauthnDevices(arg0 context.Context, arg1, arg2 int) ([]model.WebAuthnDevice, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "LoadWebauthnDevices", arg0, arg1, arg2)
ret0, _ := ret[0].([]model.WebauthnDevice)
ret0, _ := ret[0].([]model.WebAuthnDevice)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -436,10 +436,10 @@ func (mr *MockStorageMockRecorder) LoadWebauthnDevices(arg0, arg1, arg2 interfac
}
// LoadWebauthnDevicesByUsername mocks base method.
func (m *MockStorage) LoadWebauthnDevicesByUsername(arg0 context.Context, arg1 string) ([]model.WebauthnDevice, error) {
func (m *MockStorage) LoadWebauthnDevicesByUsername(arg0 context.Context, arg1 string) ([]model.WebAuthnDevice, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "LoadWebauthnDevicesByUsername", arg0, arg1)
ret0, _ := ret[0].([]model.WebauthnDevice)
ret0, _ := ret[0].([]model.WebAuthnDevice)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -690,7 +690,7 @@ func (mr *MockStorageMockRecorder) SaveUserOpaqueIdentifier(arg0, arg1 interface
}
// SaveWebauthnDevice mocks base method.
func (m *MockStorage) SaveWebauthnDevice(arg0 context.Context, arg1 model.WebauthnDevice) error {
func (m *MockStorage) SaveWebauthnDevice(arg0 context.Context, arg1 model.WebAuthnDevice) error {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "SaveWebauthnDevice", arg0, arg1)
ret0, _ := ret[0].(error)

4
internal/model/const.go
View File

@ -15,8 +15,8 @@ const (
// SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator.
SecondFactorMethodTOTP = "totp"
// SecondFactorMethodWebauthn method using Webauthn devices like YubiKey's.
SecondFactorMethodWebauthn = "webauthn"
// SecondFactorMethodWebAuthn method using WebAuthn devices like YubiKey's.
SecondFactorMethodWebAuthn = "webauthn"
// SecondFactorMethodDuo method using Duo application to receive push notifications.
SecondFactorMethodDuo = "mobile_push"

12
internal/model/user_info.go
View File

@ -15,8 +15,8 @@ type UserInfo struct {
// True if a TOTP device has been registered.
HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"`
// True if a Webauthn device has been registered.
HasWebauthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"`
// True if a WebAuthn device has been registered.
HasWebAuthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"`
// True if a duo device has been configured as the preferred.
HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"`
@ -31,7 +31,7 @@ func (i *UserInfo) SetDefaultPreferred2FAMethod(methods []string, fallback strin
before := i.Method
totp, webauthn, duo := utils.IsStringInSlice(SecondFactorMethodTOTP, methods), utils.IsStringInSlice(SecondFactorMethodWebauthn, methods), utils.IsStringInSlice(SecondFactorMethodDuo, methods)
totp, webauthn, duo := utils.IsStringInSlice(SecondFactorMethodTOTP, methods), utils.IsStringInSlice(SecondFactorMethodWebAuthn, methods), utils.IsStringInSlice(SecondFactorMethodDuo, methods)
if i.Method == "" && utils.IsStringInSlice(fallback, methods) {
i.Method = fallback
@ -50,8 +50,8 @@ func (i *UserInfo) setMethod(totp, webauthn, duo bool, methods []string, fallbac
switch {
case i.HasTOTP && totp:
i.Method = SecondFactorMethodTOTP
case i.HasWebauthn && webauthn:
i.Method = SecondFactorMethodWebauthn
case i.HasWebAuthn && webauthn:
i.Method = SecondFactorMethodWebAuthn
case i.HasDuo && duo:
i.Method = SecondFactorMethodDuo
case fallback != "" && utils.IsStringInSlice(fallback, methods):
@ -59,7 +59,7 @@ func (i *UserInfo) setMethod(totp, webauthn, duo bool, methods []string, fallbac
case totp:
i.Method = SecondFactorMethodTOTP
case webauthn:
i.Method = SecondFactorMethodWebauthn
i.Method = SecondFactorMethodWebAuthn
case duo:
i.Method = SecondFactorMethodDuo
}

104
internal/model/user_info_test.go
View File

@ -20,7 +20,7 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
has := ""
if have.HasTOTP || have.HasDuo || have.HasWebauthn {
if have.HasTOTP || have.HasDuo || have.HasWebAuthn {
has += " has"
if have.HasTOTP {
@ -31,8 +31,8 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
has += " " + SecondFactorMethodDuo
}
if have.HasWebauthn {
has += " " + SecondFactorMethodWebauthn
if have.HasWebAuthn {
has += " " + SecondFactorMethodWebAuthn
}
}
@ -62,60 +62,60 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: SecondFactorMethodTOTP,
HasDuo: true,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: true,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: []string{SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
changed: true,
},
{
have: UserInfo{
HasDuo: true,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: SecondFactorMethodTOTP,
HasDuo: true,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
changed: true,
},
{
have: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: true,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodTOTP,
HasDuo: true,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodTOTP},
changed: true,
},
{
have: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodTOTP,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodTOTP},
changed: true,
@ -125,15 +125,15 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: SecondFactorMethodTOTP,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodWebauthn},
methods: []string{SecondFactorMethodWebAuthn},
changed: true,
},
{
@ -141,31 +141,31 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: SecondFactorMethodTOTP,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodDuo,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodDuo},
changed: true,
},
{
have: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
changed: false,
},
{
@ -173,15 +173,15 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: "",
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: []string{SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
changed: true,
},
{
@ -189,13 +189,13 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: "",
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: SecondFactorMethodDuo,
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: []string{SecondFactorMethodDuo},
changed: true,
@ -205,13 +205,13 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: "",
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
want: UserInfo{
Method: "",
HasDuo: false,
HasTOTP: true,
HasWebauthn: true,
HasWebAuthn: true,
},
methods: nil,
changed: false,
@ -221,15 +221,15 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: "",
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodDuo,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
fallback: SecondFactorMethodDuo,
changed: true,
},
@ -238,15 +238,15 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: "",
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodTOTP,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebauthn},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodWebAuthn},
fallback: SecondFactorMethodDuo,
changed: true,
},
@ -255,15 +255,15 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: SecondFactorMethodTOTP,
HasDuo: true,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodDuo,
HasDuo: true,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodWebauthn, SecondFactorMethodDuo},
methods: []string{SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
changed: true,
},
{
@ -271,30 +271,30 @@ func TestUserInfo_SetDefaultMethod(t *testing.T) {
Method: SecondFactorMethodTOTP,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodWebauthn, SecondFactorMethodDuo},
fallback: SecondFactorMethodWebauthn,
methods: []string{SecondFactorMethodWebAuthn, SecondFactorMethodDuo},
fallback: SecondFactorMethodWebAuthn,
changed: true,
},
{
have: UserInfo{
Method: SecondFactorMethodWebauthn,
Method: SecondFactorMethodWebAuthn,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
want: UserInfo{
Method: SecondFactorMethodDuo,
HasDuo: false,
HasTOTP: false,
HasWebauthn: false,
HasWebAuthn: false,
},
methods: []string{SecondFactorMethodTOTP, SecondFactorMethodDuo},
fallback: SecondFactorMethodDuo,

54
internal/model/webauthn.go
View File

@ -17,15 +17,15 @@ const (
attestationTypeFIDOU2F = "fido-u2f"
)
// WebauthnUser is an object to represent a user for the Webauthn lib.
type WebauthnUser struct {
// WebAuthnUser is an object to represent a user for the WebAuthn lib.
type WebAuthnUser struct {
Username string
DisplayName string
Devices []WebauthnDevice
Devices []WebAuthnDevice
}
// HasFIDOU2F returns true if the user has any attestation type `fido-u2f` devices.
func (w WebauthnUser) HasFIDOU2F() bool {
func (w WebAuthnUser) HasFIDOU2F() bool {
for _, c := range w.Devices {
if c.AttestationType == attestationTypeFIDOU2F {
return true
@ -36,27 +36,27 @@ func (w WebauthnUser) HasFIDOU2F() bool {
}
// WebAuthnID implements the webauthn.User interface.
func (w WebauthnUser) WebAuthnID() []byte {
func (w WebAuthnUser) WebAuthnID() []byte {
return []byte(w.Username)
}
// WebAuthnName implements the webauthn.User interface.
func (w WebauthnUser) WebAuthnName() string {
func (w WebAuthnUser) WebAuthnName() string {
return w.Username
}
// WebAuthnDisplayName implements the webauthn.User interface.
func (w WebauthnUser) WebAuthnDisplayName() string {
func (w WebAuthnUser) WebAuthnDisplayName() string {
return w.DisplayName
}
// WebAuthnIcon implements the webauthn.User interface.
func (w WebauthnUser) WebAuthnIcon() string {
func (w WebAuthnUser) WebAuthnIcon() string {
return ""
}
// WebAuthnCredentials implements the webauthn.User interface.
func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential) {
func (w WebAuthnUser) WebAuthnCredentials() (credentials []webauthn.Credential) {
credentials = make([]webauthn.Credential, len(w.Devices))
var credential webauthn.Credential
@ -96,7 +96,7 @@ func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)
}
// WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.
func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor) {
func (w WebAuthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor) {
credentials := w.WebAuthnCredentials()
descriptors = make([]protocol.CredentialDescriptor, len(credentials))
@ -108,15 +108,15 @@ func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.Cr
return descriptors
}
// NewWebauthnDeviceFromCredential creates a WebauthnDevice from a webauthn.Credential.
func NewWebauthnDeviceFromCredential(rpid, username, description string, credential *webauthn.Credential) (device WebauthnDevice) {
// NewWebAuthnDeviceFromCredential creates a WebAuthnDevice from a webauthn.Credential.
func NewWebAuthnDeviceFromCredential(rpid, username, description string, credential *webauthn.Credential) (device WebAuthnDevice) {
transport := make([]string, len(credential.Transport))
for i, t := range credential.Transport {
transport[i] = string(t)
}
device = WebauthnDevice{
device = WebAuthnDevice{
RPID: rpid,
Username: username,
CreatedAt: time.Now(),
@ -137,8 +137,8 @@ func NewWebauthnDeviceFromCredential(rpid, username, description string, credent
return device
}
// WebauthnDevice represents a Webauthn Device in the database storage.
type WebauthnDevice struct {
// WebAuthnDevice represents a WebAuthn Device in the database storage.
type WebAuthnDevice struct {
ID int `db:"id"`
CreatedAt time.Time `db:"created_at"`
LastUsedAt sql.NullTime `db:"last_used_at"`
@ -154,8 +154,8 @@ type WebauthnDevice struct {
CloneWarning bool `db:"clone_warning"`
}
// UpdateSignInInfo adjusts the values of the WebauthnDevice after a sign in.
func (d *WebauthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time, signCount uint32) {
// UpdateSignInInfo adjusts the values of the WebAuthnDevice after a sign in.
func (d *WebAuthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time, signCount uint32) {
d.LastUsedAt = sql.NullTime{Time: now, Valid: true}
d.SignCount = signCount
@ -172,7 +172,7 @@ func (d *WebauthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time
}
}
func (d *WebauthnDevice) LastUsed() *time.Time {
func (d *WebAuthnDevice) LastUsed() *time.Time {
if d.LastUsedAt.Valid {
return &d.LastUsedAt.Time
}
@ -181,8 +181,8 @@ func (d *WebauthnDevice) LastUsed() *time.Time {
}
// MarshalYAML marshals this model into YAML.
func (d *WebauthnDevice) MarshalYAML() (any, error) {
o := WebauthnDeviceData{
func (d *WebAuthnDevice) MarshalYAML() (any, error) {
o := WebAuthnDeviceData{
CreatedAt: d.CreatedAt,
LastUsedAt: d.LastUsed(),
RPID: d.RPID,
@ -201,8 +201,8 @@ func (d *WebauthnDevice) MarshalYAML() (any, error) {
}
// UnmarshalYAML unmarshalls YAML into this model.
func (d *WebauthnDevice) UnmarshalYAML(value *yaml.Node) (err error) {
o := &WebauthnDeviceData{}
func (d *WebAuthnDevice) UnmarshalYAML(value *yaml.Node) (err error) {
o := &WebAuthnDeviceData{}
if err = value.Decode(o); err != nil {
return err
@ -246,8 +246,8 @@ func (d *WebauthnDevice) UnmarshalYAML(value *yaml.Node) (err error) {
return nil
}
// WebauthnDeviceData represents a Webauthn Device in the database storage.
type WebauthnDeviceData struct {
// WebAuthnDeviceData represents a WebAuthn Device in the database storage.
type WebAuthnDeviceData struct {
CreatedAt time.Time `yaml:"created_at"`
LastUsedAt *time.Time `yaml:"last_used_at"`
RPID string `yaml:"rpid"`
@ -262,7 +262,7 @@ type WebauthnDeviceData struct {
CloneWarning bool `yaml:"clone_warning"`
}
// WebauthnDeviceExport represents a WebauthnDevice export file.
type WebauthnDeviceExport struct {
WebauthnDevices []WebauthnDevice `yaml:"webauthn_devices"`
// WebAuthnDeviceExport represents a WebAuthnDevice export file.
type WebAuthnDeviceExport struct {
WebAuthnDevices []WebAuthnDevice `yaml:"webauthn_devices"`
}

6
internal/storage/provider.go
View File

@ -38,12 +38,12 @@ type Provider interface {
LoadTOTPConfiguration(ctx context.Context, username string) (config *model.TOTPConfiguration, err error)
LoadTOTPConfigurations(ctx context.Context, limit, page int) (configs []model.TOTPConfiguration, err error)
SaveWebauthnDevice(ctx context.Context, device model.WebauthnDevice) (err error)
SaveWebauthnDevice(ctx context.Context, device model.WebAuthnDevice) (err error)
UpdateWebauthnDeviceSignIn(ctx context.Context, id int, rpid string, lastUsedAt sql.NullTime, signCount uint32, cloneWarning bool) (err error)
DeleteWebauthnDevice(ctx context.Context, kid string) (err error)
DeleteWebauthnDeviceByUsername(ctx context.Context, username, description string) (err error)
LoadWebauthnDevices(ctx context.Context, limit, page int) (devices []model.WebauthnDevice, err error)
LoadWebauthnDevicesByUsername(ctx context.Context, username string) (devices []model.WebauthnDevice, err error)
LoadWebauthnDevices(ctx context.Context, limit, page int) (devices []model.WebAuthnDevice, err error)
LoadWebauthnDevicesByUsername(ctx context.Context, username string) (devices []model.WebAuthnDevice, err error)
SavePreferredDuoDevice(ctx context.Context, device model.DuoDevice) (err error)
DeletePreferredDuoDevice(ctx context.Context, username string) (err error)

8
internal/storage/sql_provider.go
View File

@ -882,7 +882,7 @@ func (p *SQLProvider) LoadTOTPConfigurations(ctx context.Context, limit, page in
}
// SaveWebauthnDevice saves a registered Webauthn device.
func (p *SQLProvider) SaveWebauthnDevice(ctx context.Context, device model.WebauthnDevice) (err error) {
func (p *SQLProvider) SaveWebauthnDevice(ctx context.Context, device model.WebAuthnDevice) (err error) {
if device.PublicKey, err = p.encrypt(device.PublicKey); err != nil {
return fmt.Errorf("error encrypting Webauthn device public key for user '%s' kid '%x': %w", device.Username, device.KID, err)
}
@ -937,8 +937,8 @@ func (p *SQLProvider) DeleteWebauthnDeviceByUsername(ctx context.Context, userna
}
// LoadWebauthnDevices loads Webauthn device registrations.
func (p *SQLProvider) LoadWebauthnDevices(ctx context.Context, limit, page int) (devices []model.WebauthnDevice, err error) {
devices = make([]model.WebauthnDevice, 0, limit)
func (p *SQLProvider) LoadWebauthnDevices(ctx context.Context, limit, page int) (devices []model.WebAuthnDevice, err error) {
devices = make([]model.WebAuthnDevice, 0, limit)
if err = p.db.SelectContext(ctx, &devices, p.sqlSelectWebauthnDevices, limit, limit*page); err != nil {
if errors.Is(err, sql.ErrNoRows) {
@ -958,7 +958,7 @@ func (p *SQLProvider) LoadWebauthnDevices(ctx context.Context, limit, page int)
}
// LoadWebauthnDevicesByUsername loads all webauthn devices registration for a given username.
func (p *SQLProvider) LoadWebauthnDevicesByUsername(ctx context.Context, username string) (devices []model.WebauthnDevice, err error) {
func (p *SQLProvider) LoadWebauthnDevicesByUsername(ctx context.Context, username string) (devices []model.WebAuthnDevice, err error) {
if err = p.db.SelectContext(ctx, &devices, p.sqlSelectWebauthnDevicesByUsername, username); err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, ErrNoWebauthnDevice