diff options
author | Gusted <williamzijl7@hotmail.com> | 2022-06-27 04:20:58 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-26 21:20:58 -0500 |
commit | 004859581148bf8f404599e143932236cb8122a5 (patch) | |
tree | b541ef049bace3e97fd963ac51b335e85a541483 /routers | |
parent | 5d3f99c7c6d0f2c304dc13c6fa6aa675daf310cc (diff) | |
download | gitea-004859581148bf8f404599e143932236cb8122a5.tar.gz gitea-004859581148bf8f404599e143932236cb8122a5.zip |
Remove U2F support (#20141)
- Completely remove U2F support from 1.18.0, 1.17.0 will be the last
release that U2F is somewhat supported. Users who used U2F would already
be warned about using U2F for a while now and should hopefully already
be migrated. But starting 1.18 definitely remove it.
Diffstat (limited to 'routers')
-rw-r--r-- | routers/web/auth/auth.go | 5 | ||||
-rw-r--r-- | routers/web/auth/webauthn.go | 12 | ||||
-rw-r--r-- | routers/web/user/setting/security/security.go | 1 |
3 files changed, 3 insertions, 15 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 213b88903d..610e4d2904 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -266,7 +266,7 @@ func SignInPost(ctx *context.Context) { } if hasTOTPtwofa { - // User will need to use U2F, save data + // User will need to use WebAuthn, save data if err := ctx.Session.Set("totpEnrolled", u.ID); err != nil { ctx.ServerError("UserSignIn: Unable to set WebAuthn Enrolled in session", err) return @@ -278,7 +278,7 @@ func SignInPost(ctx *context.Context) { return } - // If we have U2F redirect there first + // If we have WebAuthn redirect there first if hasWebAuthnTwofa { ctx.Redirect(setting.AppSubURL + "/user/webauthn") return @@ -317,7 +317,6 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe _ = ctx.Session.Delete("openid_determined_username") _ = ctx.Session.Delete("twofaUid") _ = ctx.Session.Delete("twofaRemember") - _ = ctx.Session.Delete("u2fChallenge") _ = ctx.Session.Delete("linkAccount") if err := ctx.Session.Set("uid", u.ID); err != nil { log.Error("Error setting uid %d in session: %v", u.ID, err) diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go index c0cf58f3d3..4778c9a9a3 100644 --- a/routers/web/auth/webauthn.go +++ b/routers/web/auth/webauthn.go @@ -67,10 +67,7 @@ func WebAuthnLoginAssertion(ctx *context.Context) { return } - // FIXME: DEPRECATED appid is deprecated and is planned to be removed in v1.18.0 - assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user), webauthn.WithAssertionExtensions(protocol.AuthenticationExtensions{ - "appid": setting.U2F.AppID, - })) + assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user)) if err != nil { ctx.ServerError("webauthn.BeginLogin", err) return @@ -159,12 +156,5 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) { } _ = ctx.Session.Delete("twofaUid") - // Finally check if the appid extension was used: - if value, ok := parsedResponse.ClientExtensionResults["appid"]; ok { - if appid, ok := value.(bool); ok && appid { - ctx.Flash.Error(ctx.Tr("webauthn_u2f_deprecated", dbCred.Name)) - } - } - ctx.JSON(http.StatusOK, map[string]string{"redirect": redirect}) } diff --git a/routers/web/user/setting/security/security.go b/routers/web/user/setting/security/security.go index 747bf64a17..218cf57ab7 100644 --- a/routers/web/user/setting/security/security.go +++ b/routers/web/user/setting/security/security.go @@ -26,7 +26,6 @@ const ( func Security(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("settings") ctx.Data["PageIsSettingsSecurity"] = true - ctx.Data["RequireU2F"] = true if ctx.FormString("openid.return_to") != "" { settingsOpenIDVerify(ctx) |