fix: encoding

feat-otp-verification
James Elliott 2023-02-19 11:48:35 +11:00
parent e5cdb175b4
commit a13a3c45f2
No known key found for this signature in database
GPG Key ID: 0F1C4A096E857E49
5 changed files with 28 additions and 19 deletions

2
go.mod
View File

@ -15,7 +15,7 @@ require (
github.com/go-ldap/ldap/v3 v3.4.4
github.com/go-rod/rod v0.112.5
github.com/go-sql-driver/mysql v1.7.0
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224
github.com/go-webauthn/webauthn v0.8.0
github.com/golang-jwt/jwt/v4 v4.4.3
github.com/golang/mock v1.6.0
github.com/google/uuid v1.3.0

4
go.sum
View File

@ -192,8 +192,8 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78
github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224 h1:FD36ZZlNO+E1MarHZiWT6KiZpEUc06slIeT1P2suK9k=
github.com/go-webauthn/webauthn v0.7.2-0.20230215030733-184b9e43f224/go.mod h1:22OJd+TV8oHrjjXmPHtcPR82lR/yR5m5ilGiF8yPFrE=
github.com/go-webauthn/webauthn v0.8.0 h1:0MPTC348uPc88XCmn5VZaI+Lp0u2LXawYpPvNayLsio=
github.com/go-webauthn/webauthn v0.8.0/go.mod h1:22OJd+TV8oHrjjXmPHtcPR82lR/yR5m5ilGiF8yPFrE=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=

View File

@ -58,9 +58,11 @@ func WebauthnAssertionGET(ctx *middlewares.AutheliaCtx) {
if len(extensions) != 0 {
opts = append(opts, webauthn.WithAssertionExtensions(extensions))
}
var assertion *protocol.CredentialAssertion
data := session.Webauthn{}
var (
assertion *protocol.CredentialAssertion
data session.Webauthn
)
if assertion, data.SessionData, err = w.BeginLogin(user, opts...); err != nil {
ctx.Logger.Errorf("Unable to create %s authentication challenge for user '%s': %+v", regulation.AuthTypeWebauthn, userSession.Username, err)
@ -207,8 +209,8 @@ func WebauthnAssertionPOST(ctx *middlewares.AutheliaCtx) {
}
userSession.SetTwoFactorWebauthn(ctx.Clock.Now(),
assertionResponse.Response.AuthenticatorData.Flags.UserPresent(),
assertionResponse.Response.AuthenticatorData.Flags.UserVerified())
assertionResponse.Response.AuthenticatorData.Flags.HasUserPresent(),
assertionResponse.Response.AuthenticatorData.Flags.HasUserVerified())
if err = ctx.SaveSession(userSession); err != nil {
ctx.Logger.Errorf(logFmtErrSessionSave, "removal of the authentiation challenge and authentication time", regulation.AuthTypeWebauthn, userSession.Username, err)

View File

@ -51,19 +51,30 @@ func newWebauthn(ctx *middlewares.AutheliaCtx) (w *webauthn.WebAuthn, err error)
}
config := &webauthn.Config{
RPDisplayName: ctx.Configuration.Webauthn.DisplayName,
RPID: origin.Hostname(),
RPDisplayName: ctx.Configuration.Webauthn.DisplayName,
RPOrigins: []string{origin.String()},
RPIcon: "",
AttestationPreference: ctx.Configuration.Webauthn.ConveyancePreference,
AuthenticatorSelection: protocol.AuthenticatorSelection{
AuthenticatorAttachment: protocol.CrossPlatform,
UserVerification: ctx.Configuration.Webauthn.UserVerification,
RequireResidentKey: protocol.ResidentKeyNotRequired(),
ResidentKey: protocol.ResidentKeyRequirementDiscouraged,
UserVerification: ctx.Configuration.Webauthn.UserVerification,
},
Debug: false,
EncodeUserIDAsString: true,
Timeouts: webauthn.TimeoutsConfig{
Login: webauthn.TimeoutConfig{
Enforce: true,
Timeout: ctx.Configuration.Webauthn.Timeout,
TimeoutUVD: ctx.Configuration.Webauthn.Timeout,
},
Registration: webauthn.TimeoutConfig{
Enforce: true,
Timeout: ctx.Configuration.Webauthn.Timeout,
TimeoutUVD: ctx.Configuration.Webauthn.Timeout,
},
},
Timeout: int(ctx.Configuration.Webauthn.Timeout.Milliseconds()),
}
ctx.Logger.Tracef("Creating new Webauthn RP instance with ID %s and Origins %s", config.RPID, strings.Join(config.RPOrigins, ", "))

View File

@ -104,8 +104,6 @@ function getAssertionResultFromDOMException(
}
}
const decode = (str: string): string => window.atob(str.replace("-", "+").replace("_", "/")).toString();
export async function getAttestationCreationOptions(
description: string,
): Promise<PublicKeyCredentialCreationOptionsStatus> {
@ -127,8 +125,6 @@ export async function getAttestationCreationOptions(
};
}
response.data.data.publicKey.user.id = decode(response.data.data.publicKey.user.id);
return {
options: response.data.data.publicKey,
status: response.status,