tfa: properly wrap webauthn credentials

this (external) struct gets new fields in webauthn-rs 0.3, so let's properly wrap / convert it instead of just aliasing, else deserializing will fail. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2025-07-27 11:42:05 +00:00 · 2021-11-19 11:17:06 +01:00 · 2021-11-19 11:17:06 +01:00 · 148950fd17
commit 148950fd17
parent d49e6a362e
2 changed files with 40 additions and 4 deletions
--- a/proxmox-tfa/src/api/mod.rs
+++ b/proxmox-tfa/src/api/mod.rs
@ -10,7 +10,6 @@ use anyhow::{bail, format_err, Error};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;

-use webauthn_rs::proto::Credential as WebauthnCredential;
 use webauthn_rs::{proto::UserVerificationPolicy, Webauthn};

 use crate::totp::Totp;
@ -29,7 +28,7 @@ pub mod methods;

 pub use recovery::RecoveryState;
 pub use u2f::U2fConfig;
-pub use webauthn::WebauthnConfig;
+pub use webauthn::{WebauthnConfig, WebauthnCredential};

 #[cfg(feature = "api-types")]
 pub use webauthn::WebauthnConfigUpdater;
@ -594,7 +593,10 @@ impl TfaUserData {
            return Ok(None);
        }

-        let creds: Vec<_> = self.enabled_webauthn_entries().map(Clone::clone).collect();
+        let creds: Vec<_> = self
+            .enabled_webauthn_entries()
+            .map(|cred| cred.clone().into())
+            .collect();

        if creds.is_empty() {
            return Ok(None);
@ -1015,6 +1017,6 @@ impl TfaUserChallenges {
                    .any(|cred| cred.entry.cred_id == *id))
            })?;

-        Ok(TfaEntry::new(reg.description, credential))
+        Ok(TfaEntry::new(reg.description, credential.into()))
    }
 }
--- a/proxmox-tfa/src/api/webauthn.rs
+++ b/proxmox-tfa/src/api/webauthn.rs
@ -5,6 +5,9 @@ use serde::{Deserialize, Serialize};
 #[cfg(feature = "api-types")]
 use proxmox_schema::{api, Updater};

+use webauthn_rs::crypto::COSEKey;
+use webauthn_rs::proto::{Credential, CredentialID};
+
 use super::IsExpired;

 #[cfg_attr(feature = "api-types", api)]
@ -117,3 +120,34 @@ impl IsExpired for WebauthnAuthChallenge {
        self.created < at_epoch
    }
 }
+
+/// A webauthn credential
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct WebauthnCredential {
+    /// The ID of this credential.
+    pub cred_id: CredentialID,
+    /// The public key of this credential
+    pub cred: COSEKey,
+    /// The counter for this credential
+    pub counter: u32,
+}
+
+impl From<Credential> for WebauthnCredential {
+    fn from(cred: Credential) -> Self {
+        Self {
+            cred_id: cred.cred_id,
+            cred: cred.cred,
+            counter: cred.counter,
+        }
+    }
+}
+
+impl From<WebauthnCredential> for Credential {
+    fn from(val: WebauthnCredential) -> Self {
+        Credential {
+            cred_id: val.cred_id,
+            cred: val.cred,
+            counter: val.counter,
+        }
+    }
+}