proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-08-08 00:35:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

login: add 'raw' webauthn challenge access

Browse Source 
So we can get going on the wasm side where we don't yet have access to
the webauthn-rs crate.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-09-26 12:40:31 +02:00
parent c85b534837
commit e72528ca70
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
proxmox-login/src/tfa.rs
View File

@ -26,6 +26,12 @@ pub struct TfaChallenge {
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub webauthn: Option<webauthn_rs::proto::RequestChallengeResponse>, pub webauthn: Option<webauthn_rs::proto::RequestChallengeResponse>,
/// If the user has any webauthn credentials registered, this will contain the corresponding
/// challenge data as a json string.
/// This field is never serialized and is only meant to be informative.
#[serde(default, skip)]
pub webauthn_raw: Option<String>,
/// True if the user has yubico keys configured. /// True if the user has yubico keys configured.
#[serde(skip_serializing_if = "bool_is_false", default)] #[serde(skip_serializing_if = "bool_is_false", default)]
pub yubico: bool, pub yubico: bool,

11
proxmox-login/src/ticket.rs
View File

@ -3,6 +3,7 @@
use std::fmt; use std::fmt;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json::Value;
use crate::error::TicketError; use crate::error::TicketError;
use crate::tfa::TfaChallenge; use crate::tfa::TfaChallenge;
@ -24,7 +25,15 @@ impl std::str::FromStr for TicketResponse {
Some(pos) => { Some(pos) => {
let challenge: std::borrow::Cow<[u8]> = let challenge: std::borrow::Cow<[u8]> =
percent_encoding::percent_decode_str(&challenge[..pos]).into(); percent_encoding::percent_decode_str(&challenge[..pos]).into();
let challenge = serde_json::from_slice(&challenge).map_err(|_| TicketError)?; let raw_challenge: Value =
serde_json::from_slice(&challenge).map_err(|_| TicketError)?;
let webauthn_raw = raw_challenge["webauthn"].clone();
let mut challenge: TfaChallenge =
serde_json::from_value(raw_challenge).map_err(|_| TicketError)?;
if !webauthn_raw.is_null() {
challenge.webauthn_raw =
Some(serde_json::to_string(&webauthn_raw).map_err(|_| TicketError)?);
}
Ok(TicketResponse::Tfa(ticket.to_string(), challenge)) Ok(TicketResponse::Tfa(ticket.to_string(), challenge))
} }
None => Err(TicketError), None => Err(TicketError),