diff --git a/api/openapi.yml b/api/openapi.yml index 95490d1a3..d1e8b76fa 100644 --- a/api/openapi.yml +++ b/api/openapi.yml @@ -29,9 +29,9 @@ tags: - name: User Information description: User configuration endpoints {{- end }} - {{- if (or .TOTP .Webauthn .Duo) }} + {{- if (or .TOTP .WebAuthn .Duo) }} - name: Second Factor - description: TOTP, Webauthn and Duo endpoints + description: TOTP, WebAuthn and Duo endpoints externalDocs: url: https://www.authelia.com/configuration/second-factor/introduction/ {{- end }} @@ -721,13 +721,13 @@ paths: security: - authelia_auth: [] {{- end }} - {{- if .Webauthn }} + {{- if .WebAuthn }} /api/secondfactor/webauthn/assertion: get: tags: - Second Factor - summary: Second Factor Authentication - Webauthn (Request) - description: This endpoint starts the second factor authentication process with the FIDO2 Webauthn credential. + summary: Second Factor Authentication - WebAuthn (Request) + description: This endpoint starts the second factor authentication process with the FIDO2 WebAuthn credential. responses: "200": description: Successful Operation @@ -742,8 +742,8 @@ paths: post: tags: - Second Factor - summary: Second Factor Authentication - Webauthn - description: This endpoint completes the second factor authentication process with the FIDO2 Webauthn credential. + summary: Second Factor Authentication - WebAuthn + description: This endpoint completes the second factor authentication process with the FIDO2 WebAuthn credential. requestBody: required: true content: @@ -765,9 +765,9 @@ paths: post: tags: - Second Factor - summary: Identity Verification Webauthn Credential Creation + summary: Identity Verification WebAuthn Credential Creation description: > - This endpoint performs identity verification to begin the FIDO2 Webauthn credential attestation process + This endpoint performs identity verification to begin the FIDO2 WebAuthn credential attestation process (registration). The session generated from this endpoint must be utilised for the subsequent steps in the @@ -785,9 +785,9 @@ paths: post: tags: - Second Factor - summary: Identity Verification FIDO2 Webauthn Credential Validation + summary: Identity Verification FIDO2 WebAuthn Credential Validation description: > - This endpoint performs identity and token verification, upon success generates a FIDO2 Webauthn device + This endpoint performs identity and token verification, upon success generates a FIDO2 WebAuthn device attestation challenge (registration). The session cookie generated from the `/api/secondfactor/webauthn/identity/start` endpoint must be utilised @@ -811,8 +811,8 @@ paths: post: tags: - Second Factor - summary: Webauthn Credential Attestation - description: This endpoint performs Webauthn credential attestation (registration). + summary: WebAuthn Credential Attestation + description: This endpoint performs WebAuthn credential attestation (registration). requestBody: required: true content: @@ -832,8 +832,8 @@ paths: delete: tags: - Second Factor - summary: Webauthn Device Deletion - description: This endpoint deletes the specified Webauthn credential. + summary: WebAuthn Device Deletion + description: This endpoint deletes the specified WebAuthn credential. responses: "200": description: Successful Operation @@ -848,8 +848,8 @@ paths: put: tags: - Second Factor - summary: Webauthn Device Update - description: This endpoint updates the description of the specified Webauthn credential. + summary: WebAuthn Device Update + description: This endpoint updates the description of the specified WebAuthn credential. requestBody: required: true content: @@ -1457,7 +1457,7 @@ components: schema: type: integer required: true - description: Numeric Webauthn Device ID + description: Numeric WebAuthn Device ID originalMethodParam: name: X-Original-Method in: header @@ -1924,7 +1924,7 @@ components: type: string example: 'otpauth://totp/{{ .Domain | default "example.com" }}:john?algorithm=SHA1&digits=6&issuer=auth.{{ .Domain | default "example.com" }}&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q' {{- end }} - {{- if .Webauthn }} + {{- if .WebAuthn }} webauthn.PublicKeyCredential: type: object properties: diff --git a/config.template.yml b/config.template.yml index 077237358..3bc54dbc5 100644 --- a/config.template.yml +++ b/config.template.yml @@ -214,13 +214,13 @@ totp: ## ## Parameters used for WebAuthn. webauthn: - ## Disable Webauthn. + ## Disable WebAuthn. disable: false - ## Adjust the interaction timeout for Webauthn dialogues. + ## Adjust the interaction timeout for WebAuthn dialogues. timeout: 60s - ## The display name the browser should show the user for when using Webauthn to login/register. + ## The display name the browser should show the user for when using WebAuthn to login/register. display_name: Authelia ## Conveyance preference controls if we collect the attestation statement including the AAGUID from the device. @@ -1167,7 +1167,7 @@ regulation: ## ## Notification Provider ## -## Notifications are sent to users when they require a password reset, a Webauthn registration or a TOTP registration. +## Notifications are sent to users when they require a password reset, a WebAuthn registration or a TOTP registration. ## The available providers are: filesystem, smtp. You must use only one of these providers. notifier: ## You can disable the notifier startup check by setting this to true. diff --git a/go.mod b/go.mod index 0755ac7db..318dda44d 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/ory/fosite v0.44.0 github.com/ory/herodot v0.10.2 - github.com/ory/x v0.0.552 + github.com/ory/x v0.0.553 github.com/otiai10/copy v1.10.0 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.4.0 diff --git a/go.sum b/go.sum index f7f87f0c3..97c1049aa 100644 --- a/go.sum +++ b/go.sum @@ -327,8 +327,8 @@ github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTs github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= github.com/ory/herodot v0.10.2 h1:gGvNMHgAwWzdP/eo+roSiT5CGssygHSjDU7MSQNlJ4E= github.com/ory/herodot v0.10.2/go.mod h1:MMNmY6MG1uB6fnXYFaHoqdV23DTWctlPsmRCeq/2+wc= -github.com/ory/x v0.0.552 h1:vgDw7FFQ7Ama3iyDLbjElY2Um1/ub82iIubK0pUj81M= -github.com/ory/x v0.0.552/go.mod h1:oRVemI3SQQOLvOCJWIRinHQKlgmay/NbwSyRUIsS/Yk= +github.com/ory/x v0.0.553 h1:dRSEcbfpJYOl+yk55LTiLUXq2JslaeVaTp6CzHQW5Kw= +github.com/ory/x v0.0.553/go.mod h1:oRVemI3SQQOLvOCJWIRinHQKlgmay/NbwSyRUIsS/Yk= github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= diff --git a/internal/configuration/config.template.yml b/internal/configuration/config.template.yml index 077237358..3bc54dbc5 100644 --- a/internal/configuration/config.template.yml +++ b/internal/configuration/config.template.yml @@ -214,13 +214,13 @@ totp: ## ## Parameters used for WebAuthn. webauthn: - ## Disable Webauthn. + ## Disable WebAuthn. disable: false - ## Adjust the interaction timeout for Webauthn dialogues. + ## Adjust the interaction timeout for WebAuthn dialogues. timeout: 60s - ## The display name the browser should show the user for when using Webauthn to login/register. + ## The display name the browser should show the user for when using WebAuthn to login/register. display_name: Authelia ## Conveyance preference controls if we collect the attestation statement including the AAGUID from the device. @@ -1167,7 +1167,7 @@ regulation: ## ## Notification Provider ## -## Notifications are sent to users when they require a password reset, a Webauthn registration or a TOTP registration. +## Notifications are sent to users when they require a password reset, a WebAuthn registration or a TOTP registration. ## The available providers are: filesystem, smtp. You must use only one of these providers. notifier: ## You can disable the notifier startup check by setting this to true. diff --git a/internal/server/template.go b/internal/server/template.go index 7b8c33236..91fcd2a80 100644 --- a/internal/server/template.go +++ b/internal/server/template.go @@ -272,7 +272,7 @@ func NewTemplatedFileOptions(config *schema.Configuration) (opts *TemplatedFileO Theme: config.Theme, EndpointsPasswordReset: !(config.AuthenticationBackend.PasswordReset.Disable || config.AuthenticationBackend.PasswordReset.CustomURL.String() != ""), - EndpointsWebauthn: !config.WebAuthn.Disable, + EndpointsWebAuthn: !config.WebAuthn.Disable, EndpointsTOTP: !config.TOTP.Disable, EndpointsDuo: !config.DuoAPI.Disable, EndpointsOpenIDConnect: !(config.IdentityProviders.OIDC == nil), @@ -304,7 +304,7 @@ type TemplatedFileOptions struct { Theme string EndpointsPasswordReset bool - EndpointsWebauthn bool + EndpointsWebAuthn bool EndpointsTOTP bool EndpointsDuo bool EndpointsOpenIDConnect bool @@ -362,7 +362,7 @@ func (options *TemplatedFileOptions) OpenAPIData(base, baseURL, domain, nonce st Session: options.Session, PasswordReset: options.EndpointsPasswordReset, - Webauthn: options.EndpointsWebauthn, + WebAuthn: options.EndpointsWebAuthn, TOTP: options.EndpointsTOTP, Duo: options.EndpointsDuo, OpenIDConnect: options.EndpointsOpenIDConnect, @@ -395,7 +395,7 @@ type TemplatedFileOpenAPIData struct { CSPNonce string Session string PasswordReset bool - Webauthn bool + WebAuthn bool TOTP bool Duo bool OpenIDConnect bool diff --git a/web/package.json b/web/package.json index c6235393f..1e1688796 100644 --- a/web/package.json +++ b/web/package.json @@ -72,8 +72,8 @@ ] }, "devDependencies": { - "@commitlint/cli": "17.6.0", - "@commitlint/config-conventional": "17.6.0", + "@commitlint/cli": "17.6.1", + "@commitlint/config-conventional": "17.6.1", "@limegrass/eslint-plugin-import-alias": "1.0.6", "@testing-library/jest-dom": "5.16.5", "@testing-library/react": "14.0.0", @@ -97,7 +97,7 @@ "eslint-plugin-prettier": "4.2.1", "eslint-plugin-react": "7.32.2", "eslint-plugin-react-hooks": "4.6.0", - "happy-dom": "9.5.0", + "happy-dom": "9.6.1", "husky": "8.0.3", "prettier": "2.8.7", "react-test-renderer": "18.2.0", diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml index 1ced3cda0..8b8ffbd75 100644 --- a/web/pnpm-lock.yaml +++ b/web/pnpm-lock.yaml @@ -82,11 +82,11 @@ dependencies: devDependencies: '@commitlint/cli': - specifier: 17.6.0 - version: 17.6.0 + specifier: 17.6.1 + version: 17.6.1 '@commitlint/config-conventional': - specifier: 17.6.0 - version: 17.6.0 + specifier: 17.6.1 + version: 17.6.1 '@limegrass/eslint-plugin-import-alias': specifier: 1.0.6 version: 1.0.6(eslint@8.38.0) @@ -157,8 +157,8 @@ devDependencies: specifier: 4.6.0 version: 4.6.0(eslint@8.38.0) happy-dom: - specifier: 9.5.0 - version: 9.5.0 + specifier: 9.6.1 + version: 9.6.1 husky: specifier: 8.0.3 version: 8.0.3 @@ -188,7 +188,7 @@ devDependencies: version: 4.2.0(typescript@5.0.4)(vite@4.2.1) vitest: specifier: 0.30.1 - version: 0.30.1(happy-dom@9.5.0) + version: 0.30.1(happy-dom@9.6.1) vitest-preview: specifier: 0.0.1 version: 0.0.1 @@ -1554,12 +1554,12 @@ packages: '@babel/helper-validator-identifier': 7.19.1 to-fast-properties: 2.0.0 - /@commitlint/cli@17.6.0: - resolution: {integrity: sha512-JaZeZ1p6kfkSiZlDoQjK09AuiI9zYQMiIUJzTOM8qNRHFOXOPmiTM56nI67yzeUSNTFu6M/DRqjmdjtA5q3hEg==} + /@commitlint/cli@17.6.1: + resolution: {integrity: sha512-kCnDD9LE2ySiTnj/VPaxy4/oRayRcdv4aCuVxtoum8SxIU7OADHc0nJPQfheE8bHcs3zZdWzDMWltRosuT13bg==} engines: {node: '>=v14'} dependencies: '@commitlint/format': 17.4.4 - '@commitlint/lint': 17.6.0 + '@commitlint/lint': 17.6.1 '@commitlint/load': 17.5.0 '@commitlint/read': 17.5.1 '@commitlint/types': 17.4.4 @@ -1573,8 +1573,8 @@ packages: - '@swc/wasm' dev: true - /@commitlint/config-conventional@17.6.0: - resolution: {integrity: sha512-2Y9M7MN942bTK5h70fJGknhXA02+OtWCkKeIzTSwsdwz1V7y6bxYv24x052E9XHKtZHJfvM3iLuTOsjRvLqWtA==} + /@commitlint/config-conventional@17.6.1: + resolution: {integrity: sha512-ng/ybaSLuTCH9F+7uavSOnEQ9EFMl7lHEjfAEgRh1hwmEe8SpLKpQeMo2aT1IWvHaGMuTb+gjfbzoRf2IR23NQ==} engines: {node: '>=v14'} dependencies: conventional-changelog-conventionalcommits: 5.0.0 @@ -1621,13 +1621,13 @@ packages: semver: 7.3.8 dev: true - /@commitlint/lint@17.6.0: - resolution: {integrity: sha512-6cEXxpxZd7fbtYMxeosOum/Nnwu3VdSuZcrFSqP9lWNsrHRv4ijVsnLeomvo6WHPchGOeEWAazAI7Q6Ap22fJw==} + /@commitlint/lint@17.6.1: + resolution: {integrity: sha512-VARJ9kxH64isgwVnC+ABPafCYzqxpsWJIpDaTuI0gh8aX4GQ0i7cn9tvxtFNfJj4ER2BAJeWJ0vURdNYjK2RQQ==} engines: {node: '>=v14'} dependencies: '@commitlint/is-ignored': 17.4.4 '@commitlint/parse': 17.4.4 - '@commitlint/rules': 17.6.0 + '@commitlint/rules': 17.6.1 '@commitlint/types': 17.4.4 dev: true @@ -1691,8 +1691,8 @@ packages: resolve-global: 1.0.0 dev: true - /@commitlint/rules@17.6.0: - resolution: {integrity: sha512-Ka7AsRFvkKMYYE7itgo7hddRGCiV+0BgbTIAq4PWmnkHAECxYpdqMVzW5jaATmXZfwfRRTB57e7KZWj6EPmK1A==} + /@commitlint/rules@17.6.1: + resolution: {integrity: sha512-lUdHw6lYQ1RywExXDdLOKxhpp6857/4c95Dc/1BikrHgdysVUXz26yV0vp1GL7Gv+avx9WqZWTIVB7pNouxlfw==} engines: {node: '>=v14'} dependencies: '@commitlint/ensure': 17.4.4 @@ -3092,7 +3092,7 @@ packages: istanbul-lib-source-maps: 4.0.1 istanbul-reports: 3.1.5 test-exclude: 6.0.0 - vitest: 0.30.1(happy-dom@9.5.0) + vitest: 0.30.1(happy-dom@9.6.1) transitivePeerDependencies: - supports-color dev: true @@ -5095,8 +5095,8 @@ packages: resolution: {integrity: sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==} dev: true - /happy-dom@9.5.0: - resolution: {integrity: sha512-pNdHSZRWIckzg8aDQRbBgaivr2Ef+uSTpCCRGnxIETyewHA6841T8EPE+cmfhPjGi5jQN6c+oloXGGYB5SrpcA==} + /happy-dom@9.6.1: + resolution: {integrity: sha512-lbRsmw8toqKUCwMIZQtoTW/F3XGOovazC+sdTf+gire4ITx9mPUx2TrdCr/JbB1CF4QplCwdn3+p1/2O5slWDw==} dependencies: css.escape: 1.5.1 he: 1.2.0 @@ -7482,7 +7482,7 @@ packages: - terser dev: true - /vitest@0.30.1(happy-dom@9.5.0): + /vitest@0.30.1(happy-dom@9.6.1): resolution: {integrity: sha512-y35WTrSTlTxfMLttgQk4rHcaDkbHQwDP++SNwPb+7H8yb13Q3cu2EixrtHzF27iZ8v0XCciSsLg00RkPAzB/aA==} engines: {node: '>=v14.18.0'} peerDependencies: @@ -7526,7 +7526,7 @@ packages: chai: 4.3.7 concordance: 5.0.4 debug: 4.3.4 - happy-dom: 9.5.0 + happy-dom: 9.6.1 local-pkg: 0.4.3 magic-string: 0.30.0 pathe: 1.1.0 diff --git a/web/src/services/Api.ts b/web/src/services/Api.ts index 1e0d660df..745c5a326 100644 --- a/web/src/services/Api.ts +++ b/web/src/services/Api.ts @@ -11,12 +11,12 @@ export const FirstFactorPath = basePath + "/api/firstfactor"; export const InitiateTOTPRegistrationPath = basePath + "/api/secondfactor/totp/identity/start"; export const CompleteTOTPRegistrationPath = basePath + "/api/secondfactor/totp/identity/finish"; -export const WebauthnRegistrationPath = basePath + "/api/secondfactor/webauthn/credential/register"; +export const WebAuthnRegistrationPath = basePath + "/api/secondfactor/webauthn/credential/register"; -export const WebauthnAssertionPath = basePath + "/api/secondfactor/webauthn"; +export const WebAuthnAssertionPath = basePath + "/api/secondfactor/webauthn"; -export const WebauthnDevicesPath = basePath + "/api/secondfactor/webauthn/credentials"; -export const WebauthnDevicePath = basePath + "/api/secondfactor/webauthn/credential"; +export const WebAuthnDevicesPath = basePath + "/api/secondfactor/webauthn/credentials"; +export const WebAuthnDevicePath = basePath + "/api/secondfactor/webauthn/credential"; export const InitiateDuoDeviceSelectionPath = basePath + "/api/secondfactor/duo_devices"; export const CompleteDuoDeviceSelectionPath = basePath + "/api/secondfactor/duo_device"; diff --git a/web/src/services/UserWebauthnDevices.ts b/web/src/services/UserWebauthnDevices.ts index 2075ee995..39cbcadc5 100644 --- a/web/src/services/UserWebauthnDevices.ts +++ b/web/src/services/UserWebauthnDevices.ts @@ -1,8 +1,8 @@ import { WebauthnDevice } from "@models/Webauthn"; -import { WebauthnDevicesPath } from "@services/Api"; +import { WebAuthnDevicesPath } from "@services/Api"; import { GetWithOptionalData } from "@services/Client"; // getWebauthnDevices returns the list of webauthn devices for the authenticated user. export async function getWebauthnDevices(): Promise { - return GetWithOptionalData(WebauthnDevicesPath); + return GetWithOptionalData(WebAuthnDevicesPath); } diff --git a/web/src/services/Webauthn.ts b/web/src/services/Webauthn.ts index 64dc266ae..aaaf47b9f 100644 --- a/web/src/services/Webauthn.ts +++ b/web/src/services/Webauthn.ts @@ -21,9 +21,9 @@ import { AuthenticationOKResponse, OptionalDataServiceResponse, ServiceResponse, - WebauthnAssertionPath, - WebauthnDevicePath, - WebauthnRegistrationPath, + WebAuthnAssertionPath, + WebAuthnDevicePath, + WebAuthnRegistrationPath, validateStatusAuthentication, } from "@services/Api"; import { SignInResponse } from "@services/SignIn"; @@ -108,7 +108,7 @@ export async function getAttestationCreationOptions( description: string, ): Promise { const response = await axios.put>( - WebauthnRegistrationPath, + WebAuthnRegistrationPath, { description: description, }, @@ -134,7 +134,7 @@ export async function getAttestationCreationOptions( export async function getAuthenticationOptions(): Promise { let response: AxiosResponse>; - response = await axios.get>(WebauthnAssertionPath); + response = await axios.get>(WebAuthnAssertionPath); if (response.data.status !== "OK" || response.data.data == null) { return { @@ -205,7 +205,7 @@ export async function getAuthenticationResult(options: PublicKeyCredentialReques async function postRegistrationResponse( response: RegistrationResponseJSON, ): Promise>> { - return axios.post>(WebauthnRegistrationPath, response); + return axios.post>(WebAuthnRegistrationPath, response); } export async function postAuthenticationResponse( @@ -214,7 +214,7 @@ export async function postAuthenticationResponse( workflow?: string, workflowID?: string, ) { - return axios.post>(WebauthnAssertionPath, { + return axios.post>(WebAuthnAssertionPath, { response: response, targetURL: targetURL, workflow: workflow, @@ -248,7 +248,7 @@ export async function finishRegistration(response: RegistrationResponseJSON) { export async function deleteDevice(deviceID: string) { return await axios({ method: "DELETE", - url: `${WebauthnDevicePath}/${deviceID}`, + url: `${WebAuthnDevicePath}/${deviceID}`, validateStatus: validateStatusAuthentication, }); } @@ -256,7 +256,7 @@ export async function deleteDevice(deviceID: string) { export async function updateDevice(deviceID: string, description: string) { return await axios({ method: "PUT", - url: `${WebauthnDevicePath}/${deviceID}`, + url: `${WebAuthnDevicePath}/${deviceID}`, data: { description: description }, validateStatus: validateStatusAuthentication, });