Update webauthn

2025-07-06 15:52:48 +00:00 · 2022-03-09 18:45:34 +01:00
parent f143cd2aff
commit ee27c7026a
4 changed files with 69 additions and 38 deletions
--- a/src/controllers/admin/admin_keys_controller.rs
+++ b/src/controllers/admin/admin_keys_controller.rs
@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult {

 /// Generate a challenge to register a new key
 pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
-    let mut wan = get_wan();
+    let wan = get_wan();

-    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
+    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?;

    admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;

@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
    )?;

    let wan = get_wan();
-    let key = wan.register_credential(creds, state, |_| Ok(false))?;
+    let key = wan.register_credential(&creds, &state, |_| Ok(false))?;

-    let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?;
+    let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?;

    log_admin_action(r.admin_id()?, &r.remote_ip(),
                     AdminAction::RegisteredAdminKey {
@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
    let key = r.post_admin_auth_key("mail", "key_id")?;

    let (challenge_response, auth_state) =
-        get_wan().generate_challenge_authenticate(vec![key.key], None)?;
+        get_wan().generate_challenge_authenticate(vec![key.key])?;

    admin_key_authentication_challenges_helper::set(key.id, auth_state)?;

@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
    )?;

    // Perform authentication
-    let state = get_wan().authenticate_credential(credentials, state)?;
-    r.some_or_bad_request(state, "Invalid key!")?;
+    let state = get_wan().authenticate_credential(&credentials, &state)?;
+    if !state.1.user_present {
+        r.forbidden("Invalid key!".to_string())?;
+    }

    // Check key password (if any)
    if let Some(pass_hash) = key.password {