Update webauthn

src/controllers/admin/admin_keys_controller.rs

@@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult {
 
 /// Generate a challenge to register a new key
 pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
-    let mut wan = get_wan();
+    let wan = get_wan();
 
-    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
+    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?;
 
     admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
 
@@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
     )?;
 
     let wan = get_wan();
-    let key = wan.register_credential(creds, state, |_| Ok(false))?;
+    let key = wan.register_credential(&creds, &state, |_| Ok(false))?;
 
-    let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?;
+    let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?;
 
     log_admin_action(r.admin_id()?, &r.remote_ip(),
                      AdminAction::RegisteredAdminKey {
@@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
     let key = r.post_admin_auth_key("mail", "key_id")?;
 
     let (challenge_response, auth_state) =
-        get_wan().generate_challenge_authenticate(vec![key.key], None)?;
+        get_wan().generate_challenge_authenticate(vec![key.key])?;
 
     admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
 
@@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
     )?;
 
     // Perform authentication
-    let state = get_wan().authenticate_credential(credentials, state)?;
-    r.some_or_bad_request(state, "Invalid key!")?;
+    let state = get_wan().authenticate_credential(&credentials, &state)?;
+    if !state.1.user_present {
+        r.forbidden("Invalid key!".to_string())?;
+    }
 
     // Check key password (if any)
     if let Some(pass_hash) = key.password {

src/data/webauthn_config.rs

@@ -6,19 +6,29 @@ use webauthn_rs::{Webauthn, WebauthnConfig};
 
 use crate::data::config::conf;
 
-pub struct ComunicAdminWebauthnConfig {}
+pub struct ComunicAdminWebauthnConfig {
+    origin: url::Url,
+    relying_party_id: String,
+}
 
 impl WebauthnConfig for ComunicAdminWebauthnConfig {
-    fn get_relying_party_name(&self) -> String {
-        "ComunicAdmin".to_string()
+    fn get_relying_party_name(&self) -> &str {
+        "ComunicAdmin"
     }
 
-    fn get_origin(&self) -> &String {
-        &conf().admin_url
+    fn get_origin(&self) -> &url::Url {
+        &self.origin
     }
 
-    fn get_relying_party_id(&self) -> String {
-        self.get_origin()
+    fn get_relying_party_id(&self) -> &str {
+        &self.relying_party_id
+    }
+}
+
+pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
+    Webauthn::new(ComunicAdminWebauthnConfig {
+        origin: url::Url::parse(&conf().admin_url).unwrap(),
+        relying_party_id: conf().admin_url
             .replace("https://", "")
             .replace("http://", "")
             .split(":")
@@ -27,10 +37,6 @@ impl WebauthnConfig for ComunicAdminWebauthnConfig {
             .split("/")
             .next()
             .unwrap()
-            .to_string()
-    }
-}
-
-pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
-    Webauthn::new(ComunicAdminWebauthnConfig {})
+            .to_string(),
+    })
 }