fix: encoding
James Elliott
parent
e5cdb175b4
commit
a13a3c45f2
2
go.mod
2
go.mod
|
|
@ -15,7 +15,7 @@ require (
|
||||||
github.com/go-ldap/ldap/v3 v3.4.4
|
github.com/go-ldap/ldap/v3 v3.4.4
|
||||||
github.com/go-rod/rod v0.112.5
|
github.com/go-rod/rod v0.112.5
|
||||||
github.com/go-sql-driver/mysql v1.7.0
|
github.com/go-sql-driver/mysql v1.7.0
|
||||||
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224
|
github.com/go-webauthn/webauthn v0.8.0
|
||||||
github.com/golang-jwt/jwt/v4 v4.4.3
|
github.com/golang-jwt/jwt/v4 v4.4.3
|
||||||
github.com/golang/mock v1.6.0
|
github.com/golang/mock v1.6.0
|
||||||
github.com/google/uuid v1.3.0
|
github.com/google/uuid v1.3.0
|
||||||
|
|
|
||||||
4
go.sum
4
go.sum
|
|
@ -192,8 +192,8 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78
|
||||||
github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
||||||
github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
|
github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
|
||||||
github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
|
github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
|
||||||
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224 h1:FD36ZZlNO+E1MarHZiWT6KiZpEUc06slIeT1P2suK9k=
|
github.com/go-webauthn/webauthn v0.8.0 h1:0MPTC348uPc88XCmn5VZaI+Lp0u2LXawYpPvNayLsio=
|
||||||
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224/go.mod h1:22OJd+TV8oHrjjXmPHtcPR82lR/yR5m5ilGiF8yPFrE=
|
github.com/go-webauthn/webauthn v0.8.0/go.mod h1:22OJd+TV8oHrjjXmPHtcPR82lR/yR5m5ilGiF8yPFrE=
|
||||||
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||||
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
||||||
|
|
|
||||||
|
|
@ -58,9 +58,11 @@ func WebauthnAssertionGET(ctx *middlewares.AutheliaCtx) {
|
||||||
if len(extensions) != 0 {
|
if len(extensions) != 0 {
|
||||||
opts = append(opts, webauthn.WithAssertionExtensions(extensions))
|
opts = append(opts, webauthn.WithAssertionExtensions(extensions))
|
||||||
}
|
}
|
||||||
var assertion *protocol.CredentialAssertion
|
|
||||||
|
|
||||||
data := session.Webauthn{}
|
var (
|
||||||
|
assertion *protocol.CredentialAssertion
|
||||||
|
data session.Webauthn
|
||||||
|
)
|
||||||
|
|
||||||
if assertion, data.SessionData, err = w.BeginLogin(user, opts...); err != nil {
|
if assertion, data.SessionData, err = w.BeginLogin(user, opts...); err != nil {
|
||||||
ctx.Logger.Errorf("Unable to create %s authentication challenge for user '%s': %+v", regulation.AuthTypeWebauthn, userSession.Username, err)
|
ctx.Logger.Errorf("Unable to create %s authentication challenge for user '%s': %+v", regulation.AuthTypeWebauthn, userSession.Username, err)
|
||||||
|
|
@ -207,8 +209,8 @@ func WebauthnAssertionPOST(ctx *middlewares.AutheliaCtx) {
|
||||||
}
|
}
|
||||||
|
|
||||||
userSession.SetTwoFactorWebauthn(ctx.Clock.Now(),
|
userSession.SetTwoFactorWebauthn(ctx.Clock.Now(),
|
||||||
assertionResponse.Response.AuthenticatorData.Flags.UserPresent(),
|
assertionResponse.Response.AuthenticatorData.Flags.HasUserPresent(),
|
||||||
assertionResponse.Response.AuthenticatorData.Flags.UserVerified())
|
assertionResponse.Response.AuthenticatorData.Flags.HasUserVerified())
|
||||||
|
|
||||||
if err = ctx.SaveSession(userSession); err != nil {
|
if err = ctx.SaveSession(userSession); err != nil {
|
||||||
ctx.Logger.Errorf(logFmtErrSessionSave, "removal of the authentiation challenge and authentication time", regulation.AuthTypeWebauthn, userSession.Username, err)
|
ctx.Logger.Errorf(logFmtErrSessionSave, "removal of the authentiation challenge and authentication time", regulation.AuthTypeWebauthn, userSession.Username, err)
|
||||||
|
|
|
||||||
|
|
@ -51,19 +51,30 @@ func newWebauthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error)
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &webauthn.Config{
|
config := &webauthn.Config{
|
||||||
RPDisplayName: ctx.Configuration.Webauthn.DisplayName,
|
RPID: origin.Hostname(),
|
||||||
RPID: origin.Hostname(),
|
RPDisplayName: ctx.Configuration.Webauthn.DisplayName,
|
||||||
RPOrigins: []string{origin.String()},
|
RPOrigins: []string{origin.String()},
|
||||||
RPIcon: "",
|
|
||||||
|
|
||||||
AttestationPreference: ctx.Configuration.Webauthn.ConveyancePreference,
|
AttestationPreference: ctx.Configuration.Webauthn.ConveyancePreference,
|
||||||
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
||||||
AuthenticatorAttachment: protocol.CrossPlatform,
|
AuthenticatorAttachment: protocol.CrossPlatform,
|
||||||
UserVerification: ctx.Configuration.Webauthn.UserVerification,
|
|
||||||
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
||||||
|
ResidentKey: protocol.ResidentKeyRequirementDiscouraged,
|
||||||
|
UserVerification: ctx.Configuration.Webauthn.UserVerification,
|
||||||
|
},
|
||||||
|
Debug: false,
|
||||||
|
EncodeUserIDAsString: true,
|
||||||
|
Timeouts: webauthn.TimeoutsConfig{
|
||||||
|
Login: webauthn.TimeoutConfig{
|
||||||
|
Enforce: true,
|
||||||
|
Timeout: ctx.Configuration.Webauthn.Timeout,
|
||||||
|
TimeoutUVD: ctx.Configuration.Webauthn.Timeout,
|
||||||
|
},
|
||||||
|
Registration: webauthn.TimeoutConfig{
|
||||||
|
Enforce: true,
|
||||||
|
Timeout: ctx.Configuration.Webauthn.Timeout,
|
||||||
|
TimeoutUVD: ctx.Configuration.Webauthn.Timeout,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
Timeout: int(ctx.Configuration.Webauthn.Timeout.Milliseconds()),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origins %s", config.RPID, strings.Join(config.RPOrigins, ", "))
|
ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origins %s", config.RPID, strings.Join(config.RPOrigins, ", "))
|
||||||
|
|
|
||||||
|
|
@ -104,8 +104,6 @@ function getAssertionResultFromDOMException(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const decode = (str: string): string => window.atob(str.replace("-", "+").replace("_", "/")).toString();
|
|
||||||
|
|
||||||
export async function getAttestationCreationOptions(
|
export async function getAttestationCreationOptions(
|
||||||
description: string,
|
description: string,
|
||||||
): Promise<PublicKeyCredentialCreationOptionsStatus> {
|
): Promise<PublicKeyCredentialCreationOptionsStatus> {
|
||||||
|
|
@ -127,8 +125,6 @@ export async function getAttestationCreationOptions(
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
response.data.data.publicKey.user.id = decode(response.data.data.publicKey.user.id);
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
options: response.data.data.publicKey,
|
options: response.data.data.publicKey,
|
||||||
status: response.status,
|
status: response.status,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue