diff options
| author | zeripath <art27@cantab.net> | 2022-01-15 16:52:56 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-15 17:52:56 +0100 |
| commit | d7c2a2951c6a0a85f43675c83d3d639cd50eccb4 (patch) | |
| tree | 52d4147b19fa6615f76fb3b8e8fadef948c5bd89 /routers | |
| parent | e239d354c9bd80cdc1606dabd7a4de62708b742e (diff) | |
| download | gitea-d7c2a2951c6a0a85f43675c83d3d639cd50eccb4.tar.gz gitea-d7c2a2951c6a0a85f43675c83d3d639cd50eccb4.zip | |
Webauthn nits (#18284)
This contains some additional fixes and small nits related to #17957
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/web/auth/webauthn.go | 4 | ||||
| -rw-r--r-- | routers/web/user/setting/security/webauthn.go | 18 |
2 files changed, 12 insertions, 10 deletions
diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go index 50dcb919e5..b9e8de2ac0 100644 --- a/routers/web/auth/webauthn.go +++ b/routers/web/auth/webauthn.go @@ -5,7 +5,7 @@ package auth import ( - "encoding/base64" + "encoding/base32" "errors" "net/http" @@ -131,7 +131,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) { } // Success! Get the credential and update the sign count with the new value we received. - dbCred, err := auth.GetWebAuthnCredentialByCredID(base64.RawStdEncoding.EncodeToString(cred.ID)) + dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, base32.HexEncoding.EncodeToString(cred.ID)) if err != nil { ctx.ServerError("GetWebAuthnCredentialByCredID", err) return diff --git a/routers/web/user/setting/security/webauthn.go b/routers/web/user/setting/security/webauthn.go index 8d28de8c98..7e2fc7283b 100644 --- a/routers/web/user/setting/security/webauthn.go +++ b/routers/web/user/setting/security/webauthn.go @@ -38,9 +38,9 @@ func WebAuthnRegister(ctx *context.Context) { return } - _ = ctx.Session.Delete("registration") - if err := ctx.Session.Set("WebauthnName", form.Name); err != nil { - ctx.ServerError("Unable to set session key for WebauthnName", err) + _ = ctx.Session.Delete("webauthnRegistration") + if err := ctx.Session.Set("webauthnName", form.Name); err != nil { + ctx.ServerError("Unable to set session key for webauthnName", err) return } @@ -51,7 +51,7 @@ func WebAuthnRegister(ctx *context.Context) { } // Save the session data as marshaled JSON - if err = ctx.Session.Set("registration", sessionData); err != nil { + if err = ctx.Session.Set("webauthnRegistration", sessionData); err != nil { ctx.ServerError("Unable to set session", err) return } @@ -61,20 +61,20 @@ func WebAuthnRegister(ctx *context.Context) { // WebauthnRegisterPost receives the response of the security key func WebauthnRegisterPost(ctx *context.Context) { - name, ok := ctx.Session.Get("WebauthnName").(string) + name, ok := ctx.Session.Get("webauthnName").(string) if !ok || name == "" { - ctx.ServerError("Get WebauthnName", errors.New("no WebauthnName")) + ctx.ServerError("Get webauthnName", errors.New("no webauthnName")) return } // Load the session data - sessionData, ok := ctx.Session.Get("registration").(*webauthn.SessionData) + sessionData, ok := ctx.Session.Get("webauthnRegistration").(*webauthn.SessionData) if !ok || sessionData == nil { ctx.ServerError("Get registration", errors.New("no registration")) return } defer func() { - _ = ctx.Session.Delete("registration") + _ = ctx.Session.Delete("webauthnRegistration") }() // Verify that the challenge succeeded @@ -103,6 +103,8 @@ func WebauthnRegisterPost(ctx *context.Context) { ctx.ServerError("CreateCredential", err) return } + _ = ctx.Session.Delete("webauthnName") + ctx.JSON(http.StatusCreated, cred) } |