proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-07-27 20:37:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tfa: properly wrap webauthn credentials

Browse Source 
this (external) struct gets new fields in webauthn-rs 0.3, so let's
properly wrap / convert it instead of just aliasing, else deserializing
will fail.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2021-11-19 11:17:06 +01:00
parent d49e6a362e
commit 148950fd17
2 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
proxmox-tfa/src/api/mod.rs
View File

@ -10,7 +10,6 @@ use anyhow::{bail, format_err, Error};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json::Value; use serde_json::Value;
use webauthn_rs::proto::Credential as WebauthnCredential;
use webauthn_rs::{proto::UserVerificationPolicy, Webauthn}; use webauthn_rs::{proto::UserVerificationPolicy, Webauthn};
use crate::totp::Totp; use crate::totp::Totp;
@ -29,7 +28,7 @@ pub mod methods;
pub use recovery::RecoveryState; pub use recovery::RecoveryState;
pub use u2f::U2fConfig; pub use u2f::U2fConfig;
pub use webauthn::WebauthnConfig; pub use webauthn::{WebauthnConfig, WebauthnCredential};
#[cfg(feature = "api-types")] #[cfg(feature = "api-types")]
pub use webauthn::WebauthnConfigUpdater; pub use webauthn::WebauthnConfigUpdater;
@ -594,7 +593,10 @@ impl TfaUserData {
return Ok(None); return Ok(None);
} }
let creds: Vec<_> = self.enabled_webauthn_entries().map(Clone::clone).collect(); let creds: Vec<_> = self
.enabled_webauthn_entries()
.map(|cred| cred.clone().into())
.collect();
if creds.is_empty() { if creds.is_empty() {
return Ok(None); return Ok(None);
@ -1015,6 +1017,6 @@ impl TfaUserChallenges {
.any(|cred| cred.entry.cred_id == *id)) .any(|cred| cred.entry.cred_id == *id))
})?; })?;
Ok(TfaEntry::new(reg.description, credential)) Ok(TfaEntry::new(reg.description, credential.into()))
} }
} }

34
proxmox-tfa/src/api/webauthn.rs
View File

@ -5,6 +5,9 @@ use serde::{Deserialize, Serialize};
#[cfg(feature = "api-types")] #[cfg(feature = "api-types")]
use proxmox_schema::{api, Updater}; use proxmox_schema::{api, Updater};
use webauthn_rs::crypto::COSEKey;
use webauthn_rs::proto::{Credential, CredentialID};
use super::IsExpired; use super::IsExpired;
#[cfg_attr(feature = "api-types", api)] #[cfg_attr(feature = "api-types", api)]
@ -117,3 +120,34 @@ impl IsExpired for WebauthnAuthChallenge {
self.created < at_epoch self.created < at_epoch
} }
} }
/// A webauthn credential
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct WebauthnCredential {
/// The ID of this credential.
pub cred_id: CredentialID,
/// The public key of this credential
pub cred: COSEKey,
/// The counter for this credential
pub counter: u32,
}
impl From<Credential> for WebauthnCredential {
fn from(cred: Credential) -> Self {
Self {
cred_id: cred.cred_id,
cred: cred.cred,
counter: cred.counter,
}
}
}
impl From<WebauthnCredential> for Credential {
fn from(val: WebauthnCredential) -> Self {
Credential {
cred_id: val.cred_id,
cred: val.cred,
counter: val.counter,
}
}
}