aboutsummaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
Diffstat (limited to 'models')
-rw-r--r--models/auth/webauthn.go14
-rw-r--r--models/auth/webauthn_test.go4
-rw-r--r--models/migrations/migrations.go2
-rw-r--r--models/migrations/v208.go51
4 files changed, 62 insertions, 9 deletions
diff --git a/models/auth/webauthn.go b/models/auth/webauthn.go
index 75776f1e0e..9e09134662 100644
--- a/models/auth/webauthn.go
+++ b/models/auth/webauthn.go
@@ -6,7 +6,7 @@ package auth
import (
"context"
- "encoding/base64"
+ "encoding/base32"
"fmt"
"strings"
@@ -94,7 +94,7 @@ type WebAuthnCredentialList []*WebAuthnCredential
func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential {
creds := make([]webauthn.Credential, 0, len(list))
for _, cred := range list {
- credID, _ := base64.RawStdEncoding.DecodeString(cred.CredentialID)
+ credID, _ := base32.HexEncoding.DecodeString(cred.CredentialID)
creds = append(creds, webauthn.Credential{
ID: credID,
PublicKey: cred.PublicKey,
@@ -164,13 +164,13 @@ func HasWebAuthnRegistrationsByUID(uid int64) (bool, error) {
}
// GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID
-func GetWebAuthnCredentialByCredID(credID string) (*WebAuthnCredential, error) {
- return getWebAuthnCredentialByCredID(db.DefaultContext, credID)
+func GetWebAuthnCredentialByCredID(userID int64, credID string) (*WebAuthnCredential, error) {
+ return getWebAuthnCredentialByCredID(db.DefaultContext, userID, credID)
}
-func getWebAuthnCredentialByCredID(ctx context.Context, credID string) (*WebAuthnCredential, error) {
+func getWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID string) (*WebAuthnCredential, error) {
cred := new(WebAuthnCredential)
- if found, err := db.GetEngine(ctx).Where("credential_id = ?", credID).Get(cred); err != nil {
+ if found, err := db.GetEngine(ctx).Where("user_id = ? AND credential_id = ?", userID, credID).Get(cred); err != nil {
return nil, err
} else if !found {
return nil, ErrWebAuthnCredentialNotExist{CredentialID: credID}
@@ -187,7 +187,7 @@ func createCredential(ctx context.Context, userID int64, name string, cred *weba
c := &WebAuthnCredential{
UserID: userID,
Name: name,
- CredentialID: base64.RawStdEncoding.EncodeToString(cred.ID),
+ CredentialID: base32.HexEncoding.EncodeToString(cred.ID),
PublicKey: cred.PublicKey,
AttestationType: cred.AttestationType,
AAGUID: cred.Authenticator.AAGUID,
diff --git a/models/auth/webauthn_test.go b/models/auth/webauthn_test.go
index 572636dbbf..216bf11080 100644
--- a/models/auth/webauthn_test.go
+++ b/models/auth/webauthn_test.go
@@ -5,7 +5,7 @@
package auth
import (
- "encoding/base64"
+ "encoding/base32"
"testing"
"code.gitea.io/gitea/models/unittest"
@@ -61,7 +61,7 @@ func TestCreateCredential(t *testing.T) {
res, err := CreateCredential(1, "WebAuthn Created Credential", &webauthn.Credential{ID: []byte("Test")})
assert.NoError(t, err)
assert.Equal(t, "WebAuthn Created Credential", res.Name)
- bs, err := base64.RawStdEncoding.DecodeString(res.CredentialID)
+ bs, err := base32.HexEncoding.DecodeString(res.CredentialID)
assert.NoError(t, err)
assert.Equal(t, []byte("Test"), bs)
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 4ee2bc839f..5aaf283bd3 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -368,6 +368,8 @@ var migrations = []Migration{
NewMigration("Add authorize column to team_unit table", addAuthorizeColForTeamUnit),
// v207 -> v208
NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred),
+ // v208 -> v209
+ NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential),
}
// GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v208.go b/models/migrations/v208.go
new file mode 100644
index 0000000000..04bb981a4e
--- /dev/null
+++ b/models/migrations/v208.go
@@ -0,0 +1,51 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+ "encoding/base32"
+ "encoding/base64"
+
+ "xorm.io/xorm"
+)
+
+func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error {
+
+ // Create webauthnCredential table
+ type webauthnCredential struct {
+ ID int64 `xorm:"pk autoincr"`
+ CredentialID string `xorm:"INDEX"`
+ }
+ if err := x.Sync2(&webauthnCredential{}); err != nil {
+ return err
+ }
+
+ var start int
+ regs := make([]*webauthnCredential, 0, 50)
+ for {
+ err := x.OrderBy("id").Limit(50, start).Find(&regs)
+ if err != nil {
+ return err
+ }
+
+ for _, reg := range regs {
+ credID, _ := base64.RawStdEncoding.DecodeString(reg.CredentialID)
+ reg.CredentialID = base32.HexEncoding.EncodeToString(credID)
+
+ _, err := x.Update(reg)
+ if err != nil {
+ return err
+ }
+ }
+
+ if len(regs) < 50 {
+ break
+ }
+ start += 50
+ regs = regs[:0]
+ }
+
+ return nil
+}