From 09f2e1e1a26039bbff09348403e99269d907aa28 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sat, 30 Jul 2022 20:16:25 +0200
Subject: WebAuthn CredentialID field needs to be increased in size (#20530)
 (#20555)

WebAuthn have updated their specification to set the maximum size of the
CredentialID to 1023 bytes. This is somewhat larger than our current
size and therefore we need to migrate.

The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string
to the bytes field before another migration drops the old CredentialID field. Another migration
renames this field back.

Fix #20457

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
---
 routers/web/auth/webauthn.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'routers/web')

diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go
index c0cf58f3d3..c5e308c66b 100644
--- a/routers/web/auth/webauthn.go
+++ b/routers/web/auth/webauthn.go
@@ -5,7 +5,6 @@
 package auth
 
 import (
-	"encoding/base32"
 	"errors"
 	"net/http"
 
@@ -132,7 +131,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
 	}
 
 	// Success! Get the credential and update the sign count with the new value we received.
-	dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, base32.HexEncoding.EncodeToString(cred.ID))
+	dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, cred.ID)
 	if err != nil {
 		ctx.ServerError("GetWebAuthnCredentialByCredID", err)
 		return
-- 
cgit v1.2.3