Register user security keys

2022-04-21 19:24:26 +02:00
parent 1f0e6d05c8
commit 49716a8bf5
6 changed files with 387 additions and 7 deletions
--- a/src/data/webauthn_manager.rs
+++ b/src/data/webauthn_manager.rs
@ -1,8 +1,9 @@
+use std::io::ErrorKind;
 use std::sync::Arc;

 use actix_web::web;
 use webauthn_rs::{RegistrationState, Webauthn, WebauthnConfig};
-use webauthn_rs::proto::CreationChallengeResponse;
+use webauthn_rs::proto::{CreationChallengeResponse, Credential, RegisterPublicKeyCredential};

 use crate::constants::APP_NAME;
 use crate::data::app_config::AppConfig;
@ -35,6 +36,11 @@ pub struct RegisterKeyRequest {
    pub creation_challenge: CreationChallengeResponse,
 }

+#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
+pub struct WebauthnPubKey {
+    creds: Credential,
+}
+
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 struct RegisterKeyOpaqueData {
    registration_state: RegistrationState,
@ -54,7 +60,10 @@ impl WebAuthManager {
            core: Webauthn::new(WebAuthnAppConfig {
                origin: url::Url::parse(&conf.website_origin)
                    .expect("Failed to parse configuration origin!"),
-                relying_party_id: conf.domain_name().to_string(),
+                relying_party_id: conf.domain_name().split_once(':')
+                    .map(|s| s.0)
+                    .unwrap_or(conf.domain_name())
+                    .to_string(),
            }),
            crypto_wrapper: CryptoWrapper::new_random(),
        }
@ -63,7 +72,7 @@ impl WebAuthManager {
    pub fn start_register(&self, user: &User) -> Res<RegisterKeyRequest> {
        let (creation_challenge, registration_state) = self.core.generate_challenge_register(
            &user.username,
-            true,
+            false,
        )?;

        Ok(RegisterKeyRequest {
@ -74,4 +83,18 @@ impl WebAuthManager {
            creation_challenge,
        })
    }
+
+    pub fn finish_registration(&self, user: &User, opaque_state: &str,
+                               pub_cred: RegisterPublicKeyCredential) -> Res<WebauthnPubKey> {
+        let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
+        if state.user_id != user.uid {
+            return Err(Box::new(
+                std::io::Error::new(ErrorKind::Other, "Invalid user for pubkey!")));
+        }
+
+        let res = self.core
+            .register_credential(&pub_cred, &state.registration_state, |_| Ok(false))?;
+
+        Ok(WebauthnPubKey { creds: res.0 })
+    }
 }