mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2025-11-04 01:24:04 +00:00
Update webauthn
This commit is contained in:
56
Cargo.lock
generated
56
Cargo.lock
generated
@@ -808,6 +808,7 @@ dependencies = [
|
||||
"serde_json",
|
||||
"sha1",
|
||||
"tokio 0.2.25",
|
||||
"url",
|
||||
"webauthn-rs",
|
||||
"webpage",
|
||||
"webrtc-sdp",
|
||||
@@ -1909,6 +1910,12 @@ dependencies = [
|
||||
"unicase",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "minimal-lexical"
|
||||
version = "0.2.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
|
||||
|
||||
[[package]]
|
||||
name = "miniz_oxide"
|
||||
version = "0.3.7"
|
||||
@@ -2136,6 +2143,17 @@ dependencies = [
|
||||
"version_check 0.1.5",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "nom"
|
||||
version = "7.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109"
|
||||
dependencies = [
|
||||
"memchr",
|
||||
"minimal-lexical",
|
||||
"version_check 0.9.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ntapi"
|
||||
version = "0.3.7"
|
||||
@@ -2858,15 +2876,6 @@ dependencies = [
|
||||
"serde_derive",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde_bytes"
|
||||
version = "0.11.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
|
||||
dependencies = [
|
||||
"serde",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde_cbor"
|
||||
version = "0.11.2"
|
||||
@@ -3393,9 +3402,21 @@ dependencies = [
|
||||
"cfg-if 1.0.0",
|
||||
"log",
|
||||
"pin-project-lite 0.2.8",
|
||||
"tracing-attributes",
|
||||
"tracing-core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "tracing-attributes"
|
||||
version = "0.1.19"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8276d9a4a3a558d7b7ad5303ad50b53d58264641b82914b7ada36bd762e7a716"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "tracing-core"
|
||||
version = "0.1.22"
|
||||
@@ -3539,6 +3560,7 @@ dependencies = [
|
||||
"idna",
|
||||
"matches",
|
||||
"percent-encoding",
|
||||
"serde",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -3569,7 +3591,7 @@ version = "0.8.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f29769400af8b264944b851c961a4a6930e76604f59b1fcd51246bab6a296c8c"
|
||||
dependencies = [
|
||||
"nom",
|
||||
"nom 4.2.3",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
@@ -3703,21 +3725,21 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "webauthn-rs"
|
||||
version = "0.2.5"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dca232368e409a186d2cc0a83380398429a5b6c39608143c2a9bcc16e96b08d0"
|
||||
checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1"
|
||||
dependencies = [
|
||||
"base64 0.12.3",
|
||||
"log",
|
||||
"nom",
|
||||
"base64 0.13.0",
|
||||
"nom 7.1.0",
|
||||
"openssl",
|
||||
"rand 0.7.3",
|
||||
"rand 0.8.5",
|
||||
"serde",
|
||||
"serde_bytes",
|
||||
"serde_cbor",
|
||||
"serde_derive",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
"tracing",
|
||||
"url",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
||||
@@ -42,4 +42,5 @@ zip = "0.5.10"
|
||||
webpage = "1.2.0"
|
||||
gouth = "0.2.0"
|
||||
tokio = { version = "0.2" }
|
||||
webauthn-rs = "0.2.5"
|
||||
webauthn-rs = "0.3.2"
|
||||
url = "2.2.2"
|
||||
@@ -53,9 +53,9 @@ pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
|
||||
/// Generate a challenge to register a new key
|
||||
pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
let mut wan = get_wan();
|
||||
let wan = get_wan();
|
||||
|
||||
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
|
||||
let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), false)?;
|
||||
|
||||
admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
|
||||
|
||||
@@ -74,9 +74,9 @@ pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
)?;
|
||||
|
||||
let wan = get_wan();
|
||||
let key = wan.register_credential(creds, state, |_| Ok(false))?;
|
||||
let key = wan.register_credential(&creds, &state, |_| Ok(false))?;
|
||||
|
||||
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key, key_password)?;
|
||||
let key_id = admin_account_key_helper::add_key(r.admin_id()?, &key_name, key.0, key_password)?;
|
||||
|
||||
log_admin_action(r.admin_id()?, &r.remote_ip(),
|
||||
AdminAction::RegisteredAdminKey {
|
||||
@@ -120,7 +120,7 @@ pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
let key = r.post_admin_auth_key("mail", "key_id")?;
|
||||
|
||||
let (challenge_response, auth_state) =
|
||||
get_wan().generate_challenge_authenticate(vec![key.key], None)?;
|
||||
get_wan().generate_challenge_authenticate(vec![key.key])?;
|
||||
|
||||
admin_key_authentication_challenges_helper::set(key.id, auth_state)?;
|
||||
|
||||
@@ -138,8 +138,10 @@ pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult {
|
||||
)?;
|
||||
|
||||
// Perform authentication
|
||||
let state = get_wan().authenticate_credential(credentials, state)?;
|
||||
r.some_or_bad_request(state, "Invalid key!")?;
|
||||
let state = get_wan().authenticate_credential(&credentials, &state)?;
|
||||
if !state.1.user_present {
|
||||
r.forbidden("Invalid key!".to_string())?;
|
||||
}
|
||||
|
||||
// Check key password (if any)
|
||||
if let Some(pass_hash) = key.password {
|
||||
|
||||
@@ -6,19 +6,29 @@ use webauthn_rs::{Webauthn, WebauthnConfig};
|
||||
|
||||
use crate::data::config::conf;
|
||||
|
||||
pub struct ComunicAdminWebauthnConfig {}
|
||||
pub struct ComunicAdminWebauthnConfig {
|
||||
origin: url::Url,
|
||||
relying_party_id: String,
|
||||
}
|
||||
|
||||
impl WebauthnConfig for ComunicAdminWebauthnConfig {
|
||||
fn get_relying_party_name(&self) -> String {
|
||||
"ComunicAdmin".to_string()
|
||||
fn get_relying_party_name(&self) -> &str {
|
||||
"ComunicAdmin"
|
||||
}
|
||||
|
||||
fn get_origin(&self) -> &String {
|
||||
&conf().admin_url
|
||||
fn get_origin(&self) -> &url::Url {
|
||||
&self.origin
|
||||
}
|
||||
|
||||
fn get_relying_party_id(&self) -> String {
|
||||
self.get_origin()
|
||||
fn get_relying_party_id(&self) -> &str {
|
||||
&self.relying_party_id
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
|
||||
Webauthn::new(ComunicAdminWebauthnConfig {
|
||||
origin: url::Url::parse(&conf().admin_url).unwrap(),
|
||||
relying_party_id: conf().admin_url
|
||||
.replace("https://", "")
|
||||
.replace("http://", "")
|
||||
.split(":")
|
||||
@@ -27,10 +37,6 @@ impl WebauthnConfig for ComunicAdminWebauthnConfig {
|
||||
.split("/")
|
||||
.next()
|
||||
.unwrap()
|
||||
.to_string()
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
|
||||
Webauthn::new(ComunicAdminWebauthnConfig {})
|
||||
.to_string(),
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user