From 3d6c67fa331c338c043ab0165fc0dd0bb08b1fee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Jan 2023 14:21:27 +1100 Subject: [PATCH] build(deps): update module github.com/go-webauthn/webauthn to v0.6.0 (#4646) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: James Elliott --- go.mod | 4 ++-- go.sum | 8 ++++---- internal/handlers/handler_sign_webauthn.go | 2 +- internal/handlers/webauthn.go | 5 +++-- internal/model/webauthn.go | 2 +- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 390edcd5b..7cfab3737 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/go-ldap/ldap/v3 v3.4.4 github.com/go-rod/rod v0.112.2 github.com/go-sql-driver/mysql v1.7.0 - github.com/go-webauthn/webauthn v0.5.0 + github.com/go-webauthn/webauthn v0.6.0 github.com/golang-jwt/jwt/v4 v4.4.3 github.com/golang/mock v1.6.0 github.com/google/uuid v1.3.0 @@ -107,7 +107,7 @@ require ( github.com/ysmood/goob v0.4.0 // indirect github.com/ysmood/gson v0.7.3 // indirect github.com/ysmood/leakless v0.8.0 // indirect - golang.org/x/crypto v0.1.0 // indirect + golang.org/x/crypto v0.4.0 // indirect golang.org/x/mod v0.6.0 // indirect golang.org/x/net v0.5.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect diff --git a/go.sum b/go.sum index 42f9deb28..c2909bc13 100644 --- a/go.sum +++ b/go.sum @@ -192,8 +192,8 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU= github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8= -github.com/go-webauthn/webauthn v0.5.0 h1:Tbmp37AGIhYbQmcy2hEffo3U3cgPClqvxJ7cLUnF7Rc= -github.com/go-webauthn/webauthn v0.5.0/go.mod h1:0CBq/jNfPS9l033j4AxMk8K8MluiMsde9uGNSPFLEVE= +github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU= +github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -661,8 +661,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/internal/handlers/handler_sign_webauthn.go b/internal/handlers/handler_sign_webauthn.go index 89a980626..7f6f3f649 100644 --- a/internal/handlers/handler_sign_webauthn.go +++ b/internal/handlers/handler_sign_webauthn.go @@ -44,7 +44,7 @@ func WebauthnAssertionGET(ctx *middlewares.AutheliaCtx) { extensions := map[string]any{} if user.HasFIDOU2F() { - extensions["appid"] = w.Config.RPOrigin + extensions["appid"] = w.Config.RPOrigins[0] } if len(extensions) != 0 { diff --git a/internal/handlers/webauthn.go b/internal/handlers/webauthn.go index bb7b872fd..81624e92e 100644 --- a/internal/handlers/webauthn.go +++ b/internal/handlers/webauthn.go @@ -3,6 +3,7 @@ package handlers import ( "fmt" "net/url" + "strings" "github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/webauthn" @@ -44,7 +45,7 @@ func newWebauthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error) config := &webauthn.Config{ RPDisplayName: ctx.Configuration.Webauthn.DisplayName, RPID: rpID, - RPOrigin: origin, + RPOrigins: []string{origin}, RPIcon: "", AttestationPreference: ctx.Configuration.Webauthn.ConveyancePreference, @@ -57,7 +58,7 @@ func newWebauthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error) Timeout: int(ctx.Configuration.Webauthn.Timeout.Milliseconds()), } - ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origin %s", config.RPID, config.RPOrigin) + ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origins %s", config.RPID, strings.Join(config.RPOrigins, ", ")) return webauthn.New(config) } diff --git a/internal/model/webauthn.go b/internal/model/webauthn.go index a3a19c62e..3fd9589fa 100644 --- a/internal/model/webauthn.go +++ b/internal/model/webauthn.go @@ -166,7 +166,7 @@ func (d *WebauthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time switch d.AttestationType { case attestationTypeFIDOU2F: - d.RPID = config.RPOrigin + d.RPID = config.RPOrigins[0] default: d.RPID = config.RPID }