diff options
Diffstat (limited to 'routers/web')
| -rw-r--r-- | routers/web/auth/auth.go | 5 | ||||
| -rw-r--r-- | routers/web/auth/webauthn.go | 12 | ||||
| -rw-r--r-- | routers/web/user/setting/security/security.go | 1 |
3 files changed, 3 insertions, 15 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 213b88903d..610e4d2904 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -266,7 +266,7 @@ func SignInPost(ctx *context.Context) { } if hasTOTPtwofa { - // User will need to use U2F, save data + // User will need to use WebAuthn, save data if err := ctx.Session.Set("totpEnrolled", u.ID); err != nil { ctx.ServerError("UserSignIn: Unable to set WebAuthn Enrolled in session", err) return @@ -278,7 +278,7 @@ func SignInPost(ctx *context.Context) { return } - // If we have U2F redirect there first + // If we have WebAuthn redirect there first if hasWebAuthnTwofa { ctx.Redirect(setting.AppSubURL + "/user/webauthn") return @@ -317,7 +317,6 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe _ = ctx.Session.Delete("openid_determined_username") _ = ctx.Session.Delete("twofaUid") _ = ctx.Session.Delete("twofaRemember") - _ = ctx.Session.Delete("u2fChallenge") _ = ctx.Session.Delete("linkAccount") if err := ctx.Session.Set("uid", u.ID); err != nil { log.Error("Error setting uid %d in session: %v", u.ID, err) diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go index c0cf58f3d3..4778c9a9a3 100644 --- a/routers/web/auth/webauthn.go +++ b/routers/web/auth/webauthn.go @@ -67,10 +67,7 @@ func WebAuthnLoginAssertion(ctx *context.Context) { return } - // FIXME: DEPRECATED appid is deprecated and is planned to be removed in v1.18.0 - assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user), webauthn.WithAssertionExtensions(protocol.AuthenticationExtensions{ - "appid": setting.U2F.AppID, - })) + assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user)) if err != nil { ctx.ServerError("webauthn.BeginLogin", err) return @@ -159,12 +156,5 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) { } _ = ctx.Session.Delete("twofaUid") - // Finally check if the appid extension was used: - if value, ok := parsedResponse.ClientExtensionResults["appid"]; ok { - if appid, ok := value.(bool); ok && appid { - ctx.Flash.Error(ctx.Tr("webauthn_u2f_deprecated", dbCred.Name)) - } - } - ctx.JSON(http.StatusOK, map[string]string{"redirect": redirect}) } diff --git a/routers/web/user/setting/security/security.go b/routers/web/user/setting/security/security.go index 747bf64a17..218cf57ab7 100644 --- a/routers/web/user/setting/security/security.go +++ b/routers/web/user/setting/security/security.go @@ -26,7 +26,6 @@ const ( func Security(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("settings") ctx.Data["PageIsSettingsSecurity"] = true - ctx.Data["RequireU2F"] = true if ctx.FormString("openid.return_to") != "" { settingsOpenIDVerify(ctx) |