From e819da083734ddbf30afbc62afd48e9d0e8f3d48 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sat, 30 Jul 2022 14:25:26 +0100
Subject: WebAuthn CredentialID field needs to be increased in size (#20530)

WebAuthn have updated their specification to set the maximum size of the
CredentialID to 1023 bytes. This is somewhat larger than our current
size and therefore we need to migrate.

The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string
to the bytes field before another migration drops the old CredentialID field. Another migration
renames this field back.

Fix #20457

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 routers/web/auth/webauthn.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'routers/web/auth')

diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go
index 4778c9a9a3..917cbdd57b 100644
--- a/routers/web/auth/webauthn.go
+++ b/routers/web/auth/webauthn.go
@@ -5,7 +5,6 @@
 package auth
 
 import (
-	"encoding/base32"
 	"errors"
 	"net/http"
 
@@ -129,7 +128,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
 	}
 
 	// Success! Get the credential and update the sign count with the new value we received.
-	dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, base32.HexEncoding.EncodeToString(cred.ID))
+	dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, cred.ID)
 	if err != nil {
 		ctx.ServerError("GetWebAuthnCredentialByCredID", err)
 		return
-- 
cgit v1.2.3