Comunic/comunicapiv3
1
0
Fork 0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-11-22 13:29:21 +00:00
Code Issues Projects Releases Wiki Activity

Update webauthn

Browse Source
This commit is contained in:
Pierre HUBERT 2022-03-09 18:45:34 +01:00
parent f143cd2aff
commit ee27c7026a
4 changed files with 69 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
Cargo.lock generated
View File

@ -808,6 +808,7 @@ dependencies = [
"serde_json", "serde_json",
"sha1", "sha1",
"tokio 0.2.25", "tokio 0.2.25",
"url",
"webauthn-rs", "webauthn-rs",
"webpage", "webpage",
"webrtc-sdp", "webrtc-sdp",
@ -1909,6 +1910,12 @@ dependencies = [
"unicase", "unicase",
] ]
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]] [[package]]
name = "miniz_oxide" name = "miniz_oxide"
version = "0.3.7" version = "0.3.7"
@ -2136,6 +2143,17 @@ dependencies = [
"version_check 0.1.5", "version_check 0.1.5",
] ]
[[package]]
name = "nom"
version = "7.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109"
dependencies = [
"memchr",
"minimal-lexical",
"version_check 0.9.4",
]
[[package]] [[package]]
name = "ntapi" name = "ntapi"
version = "0.3.7" version = "0.3.7"
@ -2858,15 +2876,6 @@ dependencies = [
"serde_derive", "serde_derive",
] ]
[[package]]
name = "serde_bytes"
version = "0.11.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
dependencies = [
"serde",
]
[[package]] [[package]]
name = "serde_cbor" name = "serde_cbor"
version = "0.11.2" version = "0.11.2"
@ -3393,9 +3402,21 @@ dependencies = [
"cfg-if 1.0.0", "cfg-if 1.0.0",
"log", "log",
"pin-project-lite 0.2.8", "pin-project-lite 0.2.8",
"tracing-attributes",
"tracing-core", "tracing-core",
] ]
[[package]]
name = "tracing-attributes"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8276d9a4a3a558d7b7ad5303ad50b53d58264641b82914b7ada36bd762e7a716"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "tracing-core" name = "tracing-core"
version = "0.1.22" version = "0.1.22"
@ -3539,6 +3560,7 @@ dependencies = [
"idna", "idna",
"matches", "matches",
"percent-encoding", "percent-encoding",
"serde",
] ]
[[package]] [[package]]
@ -3569,7 +3591,7 @@ version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f29769400af8b264944b851c961a4a6930e76604f59b1fcd51246bab6a296c8c" checksum = "f29769400af8b264944b851c961a4a6930e76604f59b1fcd51246bab6a296c8c"
dependencies = [ dependencies = [
"nom", "nom 4.2.3",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn",
@ -3703,21 +3725,21 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-rs" name = "webauthn-rs"
version = "0.2.5" version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dca232368e409a186d2cc0a83380398429a5b6c39608143c2a9bcc16e96b08d0" checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1"
dependencies = [ dependencies = [
"base64 0.12.3", "base64 0.13.0",
"log", "nom 7.1.0",
"nom",
"openssl", "openssl",
"rand 0.7.3", "rand 0.8.5",
"serde", "serde",
"serde_bytes",
"serde_cbor", "serde_cbor",
"serde_derive", "serde_derive",
"serde_json", "serde_json",
"thiserror", "thiserror",
"tracing",
"url",
] ]
[[package]] [[package]]

3
Cargo.toml
View File

@ -42,4 +42,5 @@ zip = "0.5.10"
webpage = "1.2.0" webpage = "1.2.0"
gouth = "0.2.0" gouth = "0.2.0"
tokio = { version = "0.2" } tokio = { version = "0.2" }
webauthn-rs = "0.2.5" webauthn-rs = "0.3.2"
url = "2.2.2"

16
src/controllers/admin/admin_keys_controller.rs
View File

@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult {
/// Generate a challenge to register a new key /// Generate a challenge to register a new key
pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult { pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
let mut wan = get_wan(); let wan = get_wan();
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?; let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?;
admin_key_registration_challenges_helper::set(r.admin_id()?, state)?; admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
)?; )?;
let wan = get_wan(); let wan = get_wan();
let key = wan.register_credential(creds, state, |_| Ok(false))?; let key = wan.register_credential(&creds, &state, |_| Ok(false))?;
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?; let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?;
log_admin_action(r.admin_id()?, &r.remote_ip(), log_admin_action(r.admin_id()?, &r.remote_ip(),
AdminAction::RegisteredAdminKey { AdminAction::RegisteredAdminKey {
@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
let key = r.post_admin_auth_key("mail", "key_id")?; let key = r.post_admin_auth_key("mail", "key_id")?;
let (challenge_response, auth_state) = let (challenge_response, auth_state) =
get_wan().generate_challenge_authenticate(vec![key.key], None)?; get_wan().generate_challenge_authenticate(vec![key.key])?;
admin_key_authentication_challenges_helper::set(key.id, auth_state)?; admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
)?; )?;
// Perform authentication // Perform authentication
let state = get_wan().authenticate_credential(credentials, state)?; let state = get_wan().authenticate_credential(&credentials, &state)?;
r.some_or_bad_request(state, "Invalid key!")?; if !state.1.user_present {
r.forbidden("Invalid key!".to_string())?;
}
// Check key password (if any) // Check key password (if any)
if let Some(pass_hash) = key.password { if let Some(pass_hash) = key.password {

32
src/data/webauthn_config.rs
View File

@ -6,19 +6,29 @@ use webauthn_rs::{Webauthn, WebauthnConfig};
use crate::data::config::conf; use crate::data::config::conf;
pub struct ComunicAdminWebauthnConfig {} pub struct ComunicAdminWebauthnConfig {
origin: url::Url,
relying_party_id: String,
}
impl WebauthnConfig for ComunicAdminWebauthnConfig { impl WebauthnConfig for ComunicAdminWebauthnConfig {
fn get_relying_party_name(&self) -> String { fn get_relying_party_name(&self) -> &str {
"ComunicAdmin".to_string() "ComunicAdmin"
} }
fn get_origin(&self) -> &String { fn get_origin(&self) -> &url::Url {
&conf().admin_url &self.origin
} }
fn get_relying_party_id(&self) -> String { fn get_relying_party_id(&self) -> &str {
self.get_origin() &self.relying_party_id
}
}
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
Webauthn::new(ComunicAdminWebauthnConfig {
origin: url::Url::parse(&conf().admin_url).unwrap(),
relying_party_id: conf().admin_url
.replace("https://", "") .replace("https://", "")
.replace("http://", "") .replace("http://", "")
.split(":") .split(":")
@ -27,10 +37,6 @@ impl WebauthnConfig for ComunicAdminWebauthnConfig {
.split("/") .split("/")
.next() .next()
.unwrap() .unwrap()
.to_string() .to_string(),
} })
}
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
Webauthn::new(ComunicAdminWebauthnConfig {})
} }