aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/auth
diff options
context:
space:
mode:
authorGusted <williamzijl7@hotmail.com>2022-06-27 04:20:58 +0200
committerGitHub <noreply@github.com>2022-06-26 21:20:58 -0500
commit004859581148bf8f404599e143932236cb8122a5 (patch)
treeb541ef049bace3e97fd963ac51b335e85a541483 /routers/web/auth
parent5d3f99c7c6d0f2c304dc13c6fa6aa675daf310cc (diff)
downloadgitea-004859581148bf8f404599e143932236cb8122a5.tar.gz
gitea-004859581148bf8f404599e143932236cb8122a5.zip
Remove U2F support (#20141)
- Completely remove U2F support from 1.18.0, 1.17.0 will be the last release that U2F is somewhat supported. Users who used U2F would already be warned about using U2F for a while now and should hopefully already be migrated. But starting 1.18 definitely remove it.
Diffstat (limited to 'routers/web/auth')
-rw-r--r--routers/web/auth/auth.go5
-rw-r--r--routers/web/auth/webauthn.go12
2 files changed, 3 insertions, 14 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 213b88903d..610e4d2904 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -266,7 +266,7 @@ func SignInPost(ctx *context.Context) {
}
if hasTOTPtwofa {
- // User will need to use U2F, save data
+ // User will need to use WebAuthn, save data
if err := ctx.Session.Set("totpEnrolled", u.ID); err != nil {
ctx.ServerError("UserSignIn: Unable to set WebAuthn Enrolled in session", err)
return
@@ -278,7 +278,7 @@ func SignInPost(ctx *context.Context) {
return
}
- // If we have U2F redirect there first
+ // If we have WebAuthn redirect there first
if hasWebAuthnTwofa {
ctx.Redirect(setting.AppSubURL + "/user/webauthn")
return
@@ -317,7 +317,6 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
_ = ctx.Session.Delete("openid_determined_username")
_ = ctx.Session.Delete("twofaUid")
_ = ctx.Session.Delete("twofaRemember")
- _ = ctx.Session.Delete("u2fChallenge")
_ = ctx.Session.Delete("linkAccount")
if err := ctx.Session.Set("uid", u.ID); err != nil {
log.Error("Error setting uid %d in session: %v", u.ID, err)
diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go
index c0cf58f3d3..4778c9a9a3 100644
--- a/routers/web/auth/webauthn.go
+++ b/routers/web/auth/webauthn.go
@@ -67,10 +67,7 @@ func WebAuthnLoginAssertion(ctx *context.Context) {
return
}
- // FIXME: DEPRECATED appid is deprecated and is planned to be removed in v1.18.0
- assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user), webauthn.WithAssertionExtensions(protocol.AuthenticationExtensions{
- "appid": setting.U2F.AppID,
- }))
+ assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user))
if err != nil {
ctx.ServerError("webauthn.BeginLogin", err)
return
@@ -159,12 +156,5 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
}
_ = ctx.Session.Delete("twofaUid")
- // Finally check if the appid extension was used:
- if value, ok := parsedResponse.ClientExtensionResults["appid"]; ok {
- if appid, ok := value.(bool); ok && appid {
- ctx.Flash.Error(ctx.Tr("webauthn_u2f_deprecated", dbCred.Name))
- }
- }
-
ctx.JSON(http.StatusOK, map[string]string{"redirect": redirect})
}