1
0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-12-26 13:38:51 +00:00

Update webauthn

This commit is contained in:
Pierre HUBERT 2022-03-09 18:45:34 +01:00
parent f143cd2aff
commit ee27c7026a
4 changed files with 69 additions and 38 deletions

56
Cargo.lock generated
View File

@ -808,6 +808,7 @@ dependencies = [
"serde_json",
"sha1",
"tokio 0.2.25",
"url",
"webauthn-rs",
"webpage",
"webrtc-sdp",
@ -1909,6 +1910,12 @@ dependencies = [
"unicase",
]
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "miniz_oxide"
version = "0.3.7"
@ -2136,6 +2143,17 @@ dependencies = [
"version_check 0.1.5",
]
[[package]]
name = "nom"
version = "7.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109"
dependencies = [
"memchr",
"minimal-lexical",
"version_check 0.9.4",
]
[[package]]
name = "ntapi"
version = "0.3.7"
@ -2858,15 +2876,6 @@ dependencies = [
"serde_derive",
]
[[package]]
name = "serde_bytes"
version = "0.11.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
dependencies = [
"serde",
]
[[package]]
name = "serde_cbor"
version = "0.11.2"
@ -3393,9 +3402,21 @@ dependencies = [
"cfg-if 1.0.0",
"log",
"pin-project-lite 0.2.8",
"tracing-attributes",
"tracing-core",
]
[[package]]
name = "tracing-attributes"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8276d9a4a3a558d7b7ad5303ad50b53d58264641b82914b7ada36bd762e7a716"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tracing-core"
version = "0.1.22"
@ -3539,6 +3560,7 @@ dependencies = [
"idna",
"matches",
"percent-encoding",
"serde",
]
[[package]]
@ -3569,7 +3591,7 @@ version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f29769400af8b264944b851c961a4a6930e76604f59b1fcd51246bab6a296c8c"
dependencies = [
"nom",
"nom 4.2.3",
"proc-macro2",
"quote",
"syn",
@ -3703,21 +3725,21 @@ dependencies = [
[[package]]
name = "webauthn-rs"
version = "0.2.5"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dca232368e409a186d2cc0a83380398429a5b6c39608143c2a9bcc16e96b08d0"
checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1"
dependencies = [
"base64 0.12.3",
"log",
"nom",
"base64 0.13.0",
"nom 7.1.0",
"openssl",
"rand 0.7.3",
"rand 0.8.5",
"serde",
"serde_bytes",
"serde_cbor",
"serde_derive",
"serde_json",
"thiserror",
"tracing",
"url",
]
[[package]]

View File

@ -42,4 +42,5 @@ zip = "0.5.10"
webpage = "1.2.0"
gouth = "0.2.0"
tokio = { version = "0.2" }
webauthn-rs = "0.2.5"
webauthn-rs = "0.3.2"
url = "2.2.2"

View File

@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult {
/// Generate a challenge to register a new key
pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
let mut wan = get_wan();
let wan = get_wan();
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?;
admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
)?;
let wan = get_wan();
let key = wan.register_credential(creds, state, |_| Ok(false))?;
let key = wan.register_credential(&creds, &state, |_| Ok(false))?;
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?;
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?;
log_admin_action(r.admin_id()?, &r.remote_ip(),
AdminAction::RegisteredAdminKey {
@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
let key = r.post_admin_auth_key("mail", "key_id")?;
let (challenge_response, auth_state) =
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
get_wan().generate_challenge_authenticate(vec![key.key])?;
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
)?;
// Perform authentication
let state = get_wan().authenticate_credential(credentials, state)?;
r.some_or_bad_request(state, "Invalid key!")?;
let state = get_wan().authenticate_credential(&credentials, &state)?;
if !state.1.user_present {
r.forbidden("Invalid key!".to_string())?;
}
// Check key password (if any)
if let Some(pass_hash) = key.password {

View File

@ -6,19 +6,29 @@ use webauthn_rs::{Webauthn, WebauthnConfig};
use crate::data::config::conf;
pub struct ComunicAdminWebauthnConfig {}
pub struct ComunicAdminWebauthnConfig {
origin: url::Url,
relying_party_id: String,
}
impl WebauthnConfig for ComunicAdminWebauthnConfig {
fn get_relying_party_name(&self) -> String {
"ComunicAdmin".to_string()
fn get_relying_party_name(&self) -> &str {
"ComunicAdmin"
}
fn get_origin(&self) -> &String {
&conf().admin_url
fn get_origin(&self) -> &url::Url {
&self.origin
}
fn get_relying_party_id(&self) -> String {
self.get_origin()
fn get_relying_party_id(&self) -> &str {
&self.relying_party_id
}
}
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
Webauthn::new(ComunicAdminWebauthnConfig {
origin: url::Url::parse(&conf().admin_url).unwrap(),
relying_party_id: conf().admin_url
.replace("https://", "")
.replace("http://", "")
.split(":")
@ -27,10 +37,6 @@ impl WebauthnConfig for ComunicAdminWebauthnConfig {
.split("/")
.next()
.unwrap()
.to_string()
}
}
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
Webauthn::new(ComunicAdminWebauthnConfig {})
.to_string(),
})
}