Update webauthn-rs
dependency
This commit is contained in:
parent
35b9bfc8bb
commit
4450a21225
182
Cargo.lock
generated
182
Cargo.lock
generated
@ -420,6 +420,45 @@ dependencies = [
|
||||
"toml",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "asn1-rs"
|
||||
version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33"
|
||||
dependencies = [
|
||||
"asn1-rs-derive",
|
||||
"asn1-rs-impl",
|
||||
"displaydoc",
|
||||
"nom",
|
||||
"num-traits",
|
||||
"rusticata-macros",
|
||||
"thiserror",
|
||||
"time",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "asn1-rs-derive"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
"synstructure",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "asn1-rs-impl"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "async-trait"
|
||||
version = "0.1.57"
|
||||
@ -481,6 +520,17 @@ version = "1.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c"
|
||||
|
||||
[[package]]
|
||||
name = "base64urlsafedata"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d02340c3f25c8422ba85d481123406dd7506505485bac1c694b26eb538da8daf"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"serde",
|
||||
"serde_json",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "basic-oidc"
|
||||
version = "0.1.1"
|
||||
@ -722,6 +772,22 @@ version = "1.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"
|
||||
|
||||
[[package]]
|
||||
name = "compact_jwt"
|
||||
version = "0.2.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f9417bb4f581b7a5e08fabb4398b910064363bbfd7b75a10d1da3bfff3ef9b36"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"base64urlsafedata",
|
||||
"openssl",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"tracing",
|
||||
"url",
|
||||
"uuid",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "const-oid"
|
||||
version = "0.6.2"
|
||||
@ -889,6 +955,12 @@ dependencies = [
|
||||
"cipher 0.4.3",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "data-encoding"
|
||||
version = "2.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
|
||||
|
||||
[[package]]
|
||||
name = "deflate"
|
||||
version = "1.0.0"
|
||||
@ -918,6 +990,20 @@ dependencies = [
|
||||
"pem-rfc7468 0.3.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "der-parser"
|
||||
version = "7.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82"
|
||||
dependencies = [
|
||||
"asn1-rs",
|
||||
"displaydoc",
|
||||
"nom",
|
||||
"num-bigint",
|
||||
"num-traits",
|
||||
"rusticata-macros",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "derive_more"
|
||||
version = "0.99.17"
|
||||
@ -951,6 +1037,17 @@ dependencies = [
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "displaydoc"
|
||||
version = "0.2.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ecdsa"
|
||||
version = "0.13.4"
|
||||
@ -1667,6 +1764,17 @@ dependencies = [
|
||||
"minimal-lexical",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"num-integer",
|
||||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint-dig"
|
||||
version = "0.7.0"
|
||||
@ -1746,6 +1854,15 @@ dependencies = [
|
||||
"libc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "oid-registry"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a"
|
||||
dependencies = [
|
||||
"asn1-rs",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "once_cell"
|
||||
version = "1.13.1"
|
||||
@ -2177,6 +2294,15 @@ dependencies = [
|
||||
"semver",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rusticata-macros"
|
||||
version = "4.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
|
||||
dependencies = [
|
||||
"nom",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ryu"
|
||||
version = "1.0.11"
|
||||
@ -2706,6 +2832,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f"
|
||||
dependencies = [
|
||||
"getrandom",
|
||||
"serde",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -2792,21 +2919,52 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "webauthn-rs"
|
||||
version = "0.3.2"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "90b266eccb4b32595876f5c73ea443b0516da0b1df72ca07bc08ed9ba7f96ec1"
|
||||
checksum = "08ea37595bdb8d731f39949249e41fb4c66cdad5487693575cc1078c8a67abac"
|
||||
dependencies = [
|
||||
"base64urlsafedata",
|
||||
"serde",
|
||||
"tracing",
|
||||
"url",
|
||||
"uuid",
|
||||
"webauthn-rs-core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webauthn-rs-core"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "15a12633855c4094f700cad8e2aad4c7d07d762745c4e26a1684a4351bcdf0d4"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"base64urlsafedata",
|
||||
"compact_jwt",
|
||||
"der-parser",
|
||||
"nom",
|
||||
"openssl",
|
||||
"rand",
|
||||
"serde",
|
||||
"serde_cbor",
|
||||
"serde_derive",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
"tracing",
|
||||
"url",
|
||||
"uuid",
|
||||
"webauthn-rs-proto",
|
||||
"x509-parser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webauthn-rs-proto"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1a72f222f4496b34acfc7809ac8440984665105785f3556b541ab14c515cf357"
|
||||
dependencies = [
|
||||
"base64urlsafedata",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"url",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -2889,6 +3047,24 @@ version = "0.36.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"
|
||||
|
||||
[[package]]
|
||||
name = "x509-parser"
|
||||
version = "0.13.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9fb9bace5b5589ffead1afb76e43e34cff39cd0f3ce7e170ae0c29e53b88eb1c"
|
||||
dependencies = [
|
||||
"asn1-rs",
|
||||
"base64",
|
||||
"data-encoding",
|
||||
"der-parser",
|
||||
"lazy_static",
|
||||
"nom",
|
||||
"oid-registry",
|
||||
"rusticata-macros",
|
||||
"thiserror",
|
||||
"time",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.4.3"
|
||||
|
@ -32,7 +32,7 @@ lazy-regex = "2.3.0"
|
||||
totp_rfc6238 = "0.5.0"
|
||||
base32 = "0.4.0"
|
||||
qrcode-generator = "4.1.6"
|
||||
webauthn-rs = "0.3.2"
|
||||
webauthn-rs = "0.4.3"
|
||||
url = "2.2.2"
|
||||
aes-gcm = { version = "0.10.1", features = ["aes"] }
|
||||
bincode = "1.3.3"
|
@ -1,6 +1,6 @@
|
||||
use actix_identity::Identity;
|
||||
use actix_web::{HttpRequest, HttpResponse, Responder, web};
|
||||
use webauthn_rs::proto::PublicKeyCredential;
|
||||
use webauthn_rs::prelude::PublicKeyCredential;
|
||||
|
||||
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
||||
use crate::data::webauthn_manager::WebAuthManagerReq;
|
||||
|
@ -1,7 +1,7 @@
|
||||
use actix::Addr;
|
||||
use actix_web::{HttpResponse, Responder, web};
|
||||
use uuid::Uuid;
|
||||
use webauthn_rs::proto::RegisterPublicKeyCredential;
|
||||
use webauthn_rs::prelude::RegisterPublicKeyCredential;
|
||||
|
||||
use crate::actors::users_actor;
|
||||
use crate::actors::users_actor::UsersActor;
|
||||
|
@ -2,39 +2,20 @@ use std::io::ErrorKind;
|
||||
use std::sync::Arc;
|
||||
|
||||
use actix_web::web;
|
||||
use webauthn_rs::{AuthenticationState, RegistrationState, Webauthn, WebauthnConfig};
|
||||
use webauthn_rs::proto::{CreationChallengeResponse, Credential, PublicKeyCredential, RegisterPublicKeyCredential, RequestChallengeResponse};
|
||||
use uuid::Uuid;
|
||||
use webauthn_rs::{Webauthn, WebauthnBuilder};
|
||||
use webauthn_rs::prelude::{CreationChallengeResponse, Passkey, PublicKeyCredential, RegisterPublicKeyCredential, RequestChallengeResponse};
|
||||
|
||||
use crate::constants::{APP_NAME, WEBAUTHN_LOGIN_CHALLENGE_EXPIRE, WEBAUTHN_REGISTER_CHALLENGE_EXPIRE};
|
||||
use crate::constants::{WEBAUTHN_LOGIN_CHALLENGE_EXPIRE, WEBAUTHN_REGISTER_CHALLENGE_EXPIRE};
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::crypto_wrapper::CryptoWrapper;
|
||||
use crate::data::user::{User, UserID};
|
||||
use crate::utils::err::Res;
|
||||
use crate::utils::time::time;
|
||||
|
||||
#[derive(Debug)]
|
||||
struct WebAuthnAppConfig {
|
||||
origin: url::Url,
|
||||
relying_party_id: String,
|
||||
}
|
||||
|
||||
impl WebauthnConfig for WebAuthnAppConfig {
|
||||
fn get_relying_party_name(&self) -> &str {
|
||||
APP_NAME
|
||||
}
|
||||
|
||||
fn get_origin(&self) -> &url::Url {
|
||||
&self.origin
|
||||
}
|
||||
|
||||
fn get_relying_party_id(&self) -> &str {
|
||||
&self.relying_party_id
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
|
||||
pub struct WebauthnPubKey {
|
||||
creds: Credential,
|
||||
creds: Passkey,
|
||||
}
|
||||
|
||||
pub struct RegisterKeyRequest {
|
||||
@ -44,7 +25,7 @@ pub struct RegisterKeyRequest {
|
||||
|
||||
#[derive(Debug, serde::Serialize, serde::Deserialize)]
|
||||
struct RegisterKeyOpaqueData {
|
||||
registration_state: RegistrationState,
|
||||
registration_state: String,
|
||||
user_id: UserID,
|
||||
expire: u64,
|
||||
}
|
||||
@ -56,7 +37,7 @@ pub struct AuthRequest {
|
||||
|
||||
#[derive(Debug, serde::Serialize, serde::Deserialize)]
|
||||
struct AuthStateOpaqueData {
|
||||
authentication_state: AuthenticationState,
|
||||
authentication_state: String,
|
||||
user_id: UserID,
|
||||
expire: u64,
|
||||
}
|
||||
@ -65,34 +46,40 @@ struct AuthStateOpaqueData {
|
||||
pub type WebAuthManagerReq = web::Data<Arc<WebAuthManager>>;
|
||||
|
||||
pub struct WebAuthManager {
|
||||
core: Webauthn<WebAuthnAppConfig>,
|
||||
core: Webauthn,
|
||||
crypto_wrapper: CryptoWrapper,
|
||||
}
|
||||
|
||||
impl WebAuthManager {
|
||||
pub fn init(conf: &AppConfig) -> Self {
|
||||
Self {
|
||||
core: Webauthn::new(WebAuthnAppConfig {
|
||||
origin: url::Url::parse(&conf.website_origin)
|
||||
.expect("Failed to parse configuration origin!"),
|
||||
relying_party_id: conf.domain_name().split_once(':')
|
||||
core: WebauthnBuilder::new(
|
||||
conf.domain_name().split_once(':')
|
||||
.map(|s| s.0)
|
||||
.unwrap_or_else(|| conf.domain_name())
|
||||
.to_string(),
|
||||
}),
|
||||
.unwrap_or_else(|| conf.domain_name()),
|
||||
&url::Url::parse(&conf.website_origin)
|
||||
.expect("Failed to parse configuration origin!"))
|
||||
.expect("Invalid Webauthn configuration")
|
||||
.build()
|
||||
.expect("Failed to build webauthn")
|
||||
|
||||
,
|
||||
crypto_wrapper: CryptoWrapper::new_random(),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn start_register(&self, user: &User) -> Res<RegisterKeyRequest> {
|
||||
let (creation_challenge, registration_state) = self.core.generate_challenge_register(
|
||||
let (creation_challenge, registration_state)
|
||||
= self.core.start_passkey_registration(
|
||||
Uuid::parse_str(&user.uid.0).expect("Failed to parse user id"),
|
||||
&user.username,
|
||||
false,
|
||||
&user.full_name(),
|
||||
None,
|
||||
)?;
|
||||
|
||||
Ok(RegisterKeyRequest {
|
||||
opaque_state: self.crypto_wrapper.encrypt(&RegisterKeyOpaqueData {
|
||||
registration_state,
|
||||
registration_state: serde_json::to_string(®istration_state)?,
|
||||
user_id: user.uid.clone(),
|
||||
expire: time() + WEBAUTHN_REGISTER_CHALLENGE_EXPIRE,
|
||||
})?,
|
||||
@ -114,19 +101,19 @@ impl WebAuthManager {
|
||||
}
|
||||
|
||||
let res = self.core
|
||||
.register_credential(&pub_cred, &state.registration_state, |_| Ok(false))?;
|
||||
.finish_passkey_registration(&pub_cred, &serde_json::from_str(&state.registration_state)?)?;
|
||||
|
||||
Ok(WebauthnPubKey { creds: res.0 })
|
||||
Ok(WebauthnPubKey { creds: res })
|
||||
}
|
||||
|
||||
pub fn start_authentication(&self, user_id: &UserID, key: &WebauthnPubKey) -> Res<AuthRequest> {
|
||||
let (login_challenge, authentication_state) = self.core.generate_challenge_authenticate(vec![
|
||||
let (login_challenge, authentication_state) = self.core.start_passkey_authentication(&vec![
|
||||
key.creds.clone()
|
||||
])?;
|
||||
|
||||
Ok(AuthRequest {
|
||||
opaque_state: self.crypto_wrapper.encrypt(&AuthStateOpaqueData {
|
||||
authentication_state,
|
||||
authentication_state: serde_json::to_string(&authentication_state)?,
|
||||
user_id: user_id.clone(),
|
||||
expire: time() + WEBAUTHN_LOGIN_CHALLENGE_EXPIRE,
|
||||
})?,
|
||||
@ -147,7 +134,8 @@ impl WebAuthManager {
|
||||
std::io::Error::new(ErrorKind::Other, "Challenge has expired!")));
|
||||
}
|
||||
|
||||
self.core.authenticate_credential(pub_cred, &state.authentication_state)?;
|
||||
self.core.finish_passkey_authentication(pub_cred,
|
||||
&serde_json::from_str(&state.authentication_state)?)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user