Support webauthn (#17957)

Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
author: Lunny Xiao <xiaolunwen@gmail.com> 2022-01-14 23:03:31 +0800
committer: GitHub <noreply@github.com> 2022-01-14 16:03:31 +0100
commit: 35c3553870e35b2e7cfcc599645791acda6afcef (patch)
tree: 0ad600c2d1cd94ef12566482832768c9efcf8a69 /services
parent: 8808293247bebd20482c3c625c64937174503781 (diff)
download: gitea-35c3553870e35b2e7cfcc599645791acda6afcef.tar.gz
gitea-35c3553870e35b2e7cfcc599645791acda6afcef.zip
5 files changed, 16 insertions, 10 deletions
diff --git a/services/auth/auth.go b/services/auth/auth.go
index ceb9f4c5d8..3eb7f027d2 100644
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@@ -14,6 +14,7 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/auth/webauthn"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
@@ -69,6 +70,8 @@ func Init() {
 			log.Error("Could not initialize '%s' auth method, error: %s", reflect.TypeOf(method).String(), err)
 		}
 	}
+
+	webauthn.Init()
 }
 
 // Free should be called exactly once when the application is terminating to allow Auth plugins
@@ -121,7 +124,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
 	_ = sess.Delete("openid_determined_username")
 	_ = sess.Delete("twofaUid")
 	_ = sess.Delete("twofaRemember")
-	_ = sess.Delete("u2fChallenge")
+	_ = sess.Delete("webauthnAssertion")
 	_ = sess.Delete("linkAccount")
 	err = sess.Set("uid", user.ID)
 	if err != nil {
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 3102be5f14..187c6999e0 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -25,7 +25,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	ini "gopkg.in/ini.v1"
 )
 
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go
index c9a45340a1..944b8da387 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@@ -10,7 +10,7 @@ import (
 
 	"code.gitea.io/gitea/modules/timeutil"
 
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 // ___________     __
@@ -37,6 +37,7 @@ type Token struct {
 	GrantID int64     `json:"gnt"`
 	Type    TokenType `json:"tt"`
 	Counter int64     `json:"cnt,omitempty"`
+	// FIXME: Migrate to registered claims
 	jwt.StandardClaims
 }
 
@@ -69,6 +70,7 @@ func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {
 
 // OIDCToken represents an OpenID Connect id_token
 type OIDCToken struct {
+	// FIXME: Migrate to RegisteredClaims
 	jwt.StandardClaims
 	Nonce string `json:"nonce,omitempty"`
 
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 88e50762f8..a886e89f87 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -409,24 +409,24 @@ func (f *TwoFactorScratchAuthForm) Validate(req *http.Request, errs binding.Erro
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-// U2FRegistrationForm for reserving an U2F name
-type U2FRegistrationForm struct {
+// WebauthnRegistrationForm for reserving an WebAuthn name
+type WebauthnRegistrationForm struct {
 	Name string `binding:"Required"`
 }
 
 // Validate validates the fields
-func (f *U2FRegistrationForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+func (f *WebauthnRegistrationForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
 	ctx := context.GetContext(req)
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-// U2FDeleteForm for deleting U2F keys
-type U2FDeleteForm struct {
+// WebauthnDeleteForm for deleting WebAuthn keys
+type WebauthnDeleteForm struct {
 	ID int64 `binding:"Required"`
 }
 
 // Validate validates the fields
-func (f *U2FDeleteForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+func (f *WebauthnDeleteForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
 	ctx := context.GetContext(req)
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
diff --git a/services/lfs/server.go b/services/lfs/server.go
index df0a8bd39a..25882928a2 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -30,7 +30,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 // requestContext contain variables from the HTTP request.
@@ -45,6 +45,7 @@ type Claims struct {
 	RepoID int64
 	Op     string
 	UserID int64
+	// FIXME: Migrate to RegisteredClaims
 	jwt.StandardClaims
 }
author	Lunny Xiao <xiaolunwen@gmail.com>	2022-01-14 23:03:31 +0800
committer	GitHub <noreply@github.com>	2022-01-14 16:03:31 +0100
commit	35c3553870e35b2e7cfcc599645791acda6afcef (patch)
tree	0ad600c2d1cd94ef12566482832768c9efcf8a69 /services
parent	8808293247bebd20482c3c625c64937174503781 (diff)
download	gitea-35c3553870e35b2e7cfcc599645791acda6afcef.tar.gz gitea-35c3553870e35b2e7cfcc599645791acda6afcef.zip