From ee27c7026a1257b3cb8b5d3ab990bbd33dd64b3a Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Wed, 9 Mar 2022 18:45:34 +0100 Subject: [PATCH] Update webauthn --- Cargo.lock | 56 +++++++++++++------ Cargo.toml | 3 +- .../admin/admin_keys_controller.rs | 16 +++--- src/data/webauthn_config.rs | 32 ++++++----- 4 files changed, 69 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5dbacef..23deeb3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -808,6 +808,7 @@ dependencies = [ "serde_json", "sha1", "tokio 0.2.25", + "url", "webauthn-rs", "webpage", "webrtc-sdp", @@ -1909,6 +1910,12 @@ dependencies = [ "unicase", ] +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + [[package]] name = "miniz_oxide" version = "0.3.7" @@ -2136,6 +2143,17 @@ dependencies = [ "version_check 0.1.5", ] +[[package]] +name = "nom" +version = "7.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109" +dependencies = [ + "memchr", + "minimal-lexical", + "version_check 0.9.4", +] + [[package]] name = "ntapi" version = "0.3.7" @@ -2858,15 +2876,6 @@ dependencies = [ "serde_derive", ] -[[package]] -name = "serde_bytes" -version = "0.11.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9" -dependencies = [ - "serde", -] - [[package]] name = "serde_cbor" version = "0.11.2" @@ -3393,9 +3402,21 @@ dependencies = [ "cfg-if 1.0.0", "log", "pin-project-lite 0.2.8", + "tracing-attributes", "tracing-core", ] +[[package]] +name = "tracing-attributes" +version = "0.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8276d9a4a3a558d7b7ad5303ad50b53d58264641b82914b7ada36bd762e7a716" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tracing-core" version = "0.1.22" @@ -3539,6 +3560,7 @@ dependencies = [ "idna", "matches", "percent-encoding", + "serde", ] [[package]] @@ -3569,7 +3591,7 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f29769400af8b264944b851c961a4a6930e76604f59b1fcd51246bab6a296c8c" dependencies = [ - "nom", + "nom 4.2.3", "proc-macro2", "quote", "syn", @@ -3703,21 +3725,21 @@ dependencies = [ [[package]] name = "webauthn-rs" -version = "0.2.5" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dca232368e409a186d2cc0a83380398429a5b6c39608143c2a9bcc16e96b08d0" +checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1" dependencies = [ - "base64 0.12.3", - "log", - "nom", + "base64 0.13.0", + "nom 7.1.0", "openssl", - "rand 0.7.3", + "rand 0.8.5", "serde", - "serde_bytes", "serde_cbor", "serde_derive", "serde_json", "thiserror", + "tracing", + "url", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index d0f605b..fa74d8d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,4 +42,5 @@ zip = "0.5.10" webpage = "1.2.0" gouth = "0.2.0" tokio = { version = "0.2" } -webauthn-rs = "0.2.5" \ No newline at end of file +webauthn-rs = "0.3.2" +url = "2.2.2" \ No newline at end of file diff --git a/src/controllers/admin/admin_keys_controller.rs b/src/controllers/admin/admin_keys_controller.rs index 610ded0..3fed636 100644 --- a/src/controllers/admin/admin_keys_controller.rs +++ b/src/controllers/admin/admin_keys_controller.rs @@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult { /// Generate a challenge to register a new key pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult { - let mut wan = get_wan(); + let wan = get_wan(); - let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?; + let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?; admin_key_registration_challenges_helper::set(r.admin_id()?, state)?; @@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult { )?; let wan = get_wan(); - let key = wan.register_credential(creds, state, |_| Ok(false))?; + let key = wan.register_credential(&creds, &state, |_| Ok(false))?; - let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?; + let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?; log_admin_action(r.admin_id()?, &r.remote_ip(), AdminAction::RegisteredAdminKey { @@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult { let key = r.post_admin_auth_key("mail", "key_id")?; let (challenge_response, auth_state) = - get_wan().generate_challenge_authenticate(vec![key.key], None)?; + get_wan().generate_challenge_authenticate(vec![key.key])?; admin_key_authentication_challenges_helper::set(key.id, auth_state)?; @@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult { )?; // Perform authentication - let state = get_wan().authenticate_credential(credentials, state)?; - r.some_or_bad_request(state, "Invalid key!")?; + let state = get_wan().authenticate_credential(&credentials, &state)?; + if !state.1.user_present { + r.forbidden("Invalid key!".to_string())?; + } // Check key password (if any) if let Some(pass_hash) = key.password { diff --git a/src/data/webauthn_config.rs b/src/data/webauthn_config.rs index 7f1a7f9..840b9fc 100644 --- a/src/data/webauthn_config.rs +++ b/src/data/webauthn_config.rs @@ -6,19 +6,29 @@ use webauthn_rs::{Webauthn, WebauthnConfig}; use crate::data::config::conf; -pub struct ComunicAdminWebauthnConfig {} +pub struct ComunicAdminWebauthnConfig { + origin: url::Url, + relying_party_id: String, +} impl WebauthnConfig for ComunicAdminWebauthnConfig { - fn get_relying_party_name(&self) -> String { - "ComunicAdmin".to_string() + fn get_relying_party_name(&self) -> &str { + "ComunicAdmin" } - fn get_origin(&self) -> &String { - &conf().admin_url + fn get_origin(&self) -> &url::Url { + &self.origin } - fn get_relying_party_id(&self) -> String { - self.get_origin() + fn get_relying_party_id(&self) -> &str { + &self.relying_party_id + } +} + +pub fn get_wan() -> Webauthn { + Webauthn::new(ComunicAdminWebauthnConfig { + origin: url::Url::parse(&conf().admin_url).unwrap(), + relying_party_id: conf().admin_url .replace("https://", "") .replace("http://", "") .split(":") @@ -27,10 +37,6 @@ impl WebauthnConfig for ComunicAdminWebauthnConfig { .split("/") .next() .unwrap() - .to_string() - } -} - -pub fn get_wan() -> Webauthn { - Webauthn::new(ComunicAdminWebauthnConfig {}) + .to_string(), + }) } \ No newline at end of file