Webauthn nits (#18284)
This contains some additional fixes and small nits related to #17957 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
zeripath
GitHub
parent
e239d354c9
commit
d7c2a2951c
10 changed files with 87 additions and 40 deletions
|
|
@ -5,7 +5,7 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/base32"
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
|
|
@ -131,7 +131,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
|
|||
}
|
||||
|
||||
// Success! Get the credential and update the sign count with the new value we received.
|
||||
dbCred, err := auth.GetWebAuthnCredentialByCredID(base64.RawStdEncoding.EncodeToString(cred.ID))
|
||||
dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, base32.HexEncoding.EncodeToString(cred.ID))
|
||||
if err != nil {
|
||||
ctx.ServerError("GetWebAuthnCredentialByCredID", err)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -38,9 +38,9 @@ func WebAuthnRegister(ctx *context.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
_ = ctx.Session.Delete("registration")
|
||||
if err := ctx.Session.Set("WebauthnName", form.Name); err != nil {
|
||||
ctx.ServerError("Unable to set session key for WebauthnName", err)
|
||||
_ = ctx.Session.Delete("webauthnRegistration")
|
||||
if err := ctx.Session.Set("webauthnName", form.Name); err != nil {
|
||||
ctx.ServerError("Unable to set session key for webauthnName", err)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -51,7 +51,7 @@ func WebAuthnRegister(ctx *context.Context) {
|
|||
}
|
||||
|
||||
// Save the session data as marshaled JSON
|
||||
if err = ctx.Session.Set("registration", sessionData); err != nil {
|
||||
if err = ctx.Session.Set("webauthnRegistration", sessionData); err != nil {
|
||||
ctx.ServerError("Unable to set session", err)
|
||||
return
|
||||
}
|
||||
|
|
@ -61,20 +61,20 @@ func WebAuthnRegister(ctx *context.Context) {
|
|||
|
||||
// WebauthnRegisterPost receives the response of the security key
|
||||
func WebauthnRegisterPost(ctx *context.Context) {
|
||||
name, ok := ctx.Session.Get("WebauthnName").(string)
|
||||
name, ok := ctx.Session.Get("webauthnName").(string)
|
||||
if !ok || name == "" {
|
||||
ctx.ServerError("Get WebauthnName", errors.New("no WebauthnName"))
|
||||
ctx.ServerError("Get webauthnName", errors.New("no webauthnName"))
|
||||
return
|
||||
}
|
||||
|
||||
// Load the session data
|
||||
sessionData, ok := ctx.Session.Get("registration").(*webauthn.SessionData)
|
||||
sessionData, ok := ctx.Session.Get("webauthnRegistration").(*webauthn.SessionData)
|
||||
if !ok || sessionData == nil {
|
||||
ctx.ServerError("Get registration", errors.New("no registration"))
|
||||
return
|
||||
}
|
||||
defer func() {
|
||||
_ = ctx.Session.Delete("registration")
|
||||
_ = ctx.Session.Delete("webauthnRegistration")
|
||||
}()
|
||||
|
||||
// Verify that the challenge succeeded
|
||||
|
|
@ -103,6 +103,8 @@ func WebauthnRegisterPost(ctx *context.Context) {
|
|||
ctx.ServerError("CreateCredential", err)
|
||||
return
|
||||
}
|
||||
_ = ctx.Session.Delete("webauthnName")
|
||||
|
||||
ctx.JSON(http.StatusCreated, cred)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue