diff --git a/internal/storage/migrations/V0008.WebauthnMultiCookieDomain.postgres.up.sql b/internal/storage/migrations/V0008.WebauthnMultiCookieDomain.postgres.up.sql index 8528e8eb6..9e966c8b2 100644 --- a/internal/storage/migrations/V0008.WebauthnMultiCookieDomain.postgres.up.sql +++ b/internal/storage/migrations/V0008.WebauthnMultiCookieDomain.postgres.up.sql @@ -1,3 +1,10 @@ +ALTER TABLE webauthn_devices + DROP CONSTRAINT IF EXISTS webauthn_devices_pkey; + +DROP INDEX IF EXISTS webauthn_devices_pkey; +DROP INDEX IF EXISTS webauthn_devices_kid_key; +DROP INDEX IF EXISTS webauthn_devices_lookup_key; + ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0008_webauthn_devices; @@ -34,7 +41,7 @@ FROM _bkp_UP_V0008_webauthn_devices; DROP TABLE IF EXISTS _bkp_UP_V0008_webauthn_devices; CREATE TABLE IF NOT EXISTS webauthn_users ( - id SERIAL CONSTRAINT webauthn_devices_pkey PRIMARY KEY, + id SERIAL CONSTRAINT webauthn_users_pkey PRIMARY KEY, rpid VARCHAR(512) NOT NULL, username VARCHAR(100) NOT NULL, userid CHAR(64) NOT NULL diff --git a/internal/suites/scenario_backend_protection_test.go b/internal/suites/scenario_backend_protection_test.go index dc89b3cb8..7ac142835 100644 --- a/internal/suites/scenario_backend_protection_test.go +++ b/internal/suites/scenario_backend_protection_test.go @@ -43,7 +43,7 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() { s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), 403) s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/secondfactor/webauthn/credentials", AutheliaBaseURL), 403) s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/webauthn", AutheliaBaseURL), 403) - s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/secondfactor/webauthn/credential/register", AutheliaBaseURL), 403) + s.AssertRequestStatusCode("PUT", fmt.Sprintf("%s/api/secondfactor/webauthn/credential/register", AutheliaBaseURL), 403) s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/webauthn/credential/register", AutheliaBaseURL), 403) s.AssertRequestStatusCode("DELETE", fmt.Sprintf("%s/api/secondfactor/webauthn/credential/1", AutheliaBaseURL), 403) s.AssertRequestStatusCode("PUT", fmt.Sprintf("%s/api/secondfactor/webauthn/credential/1", AutheliaBaseURL), 403)