mirrors
/
gitea
의 미러 https://github.com/go-gitea/gitea.git
보기 1
좋아요 0
포크 0
코드 이슈 0 릴리즈 210 위키 Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7867 커밋
17 브랜치
트리: 85202d4784
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '85202d4784'
${ noResults }
gitea/routers/user/setting/security_u2f.go

security_u2f.go 2.6KB
Raw Blame 히스토리

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package setting

  6. 

  7. import (

  8. 	"errors"

  9. 

  10. 	"code.gitea.io/gitea/models"

  11. 	"code.gitea.io/gitea/modules/auth"

  12. 	"code.gitea.io/gitea/modules/context"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 

  15. 	"github.com/tstranex/u2f"

  16. )

  17. 

  18. // U2FRegister initializes the u2f registration procedure

  19. func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {

  20. 	if form.Name == "" {

  21. 		ctx.Error(409)

  22. 		return

  23. 	}

  24. 	challenge, err := u2f.NewChallenge(setting.U2F.AppID, setting.U2F.TrustedFacets)

  25. 	if err != nil {

  26. 		ctx.ServerError("NewChallenge", err)

  27. 		return

  28. 	}

  29. 	err = ctx.Session.Set("u2fChallenge", challenge)

  30. 	if err != nil {

  31. 		ctx.ServerError("Session.Set", err)

  32. 		return

  33. 	}

  34. 	regs, err := models.GetU2FRegistrationsByUID(ctx.User.ID)

  35. 	if err != nil {

  36. 		ctx.ServerError("GetU2FRegistrationsByUID", err)

  37. 		return

  38. 	}

  39. 	for _, reg := range regs {

  40. 		if reg.Name == form.Name {

  41. 			ctx.Error(409, "Name already taken")

  42. 			return

  43. 		}

  44. 	}

  45. 	err = ctx.Session.Set("u2fName", form.Name)

  46. 	if err != nil {

  47. 		ctx.ServerError("", err)

  48. 		return

  49. 	}

  50. 	ctx.JSON(200, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))

  51. }

  52. 

  53. // U2FRegisterPost receives the response of the security key

  54. func U2FRegisterPost(ctx *context.Context, response u2f.RegisterResponse) {

  55. 	challSess := ctx.Session.Get("u2fChallenge")

  56. 	u2fName := ctx.Session.Get("u2fName")

  57. 	if challSess == nil || u2fName == nil {

  58. 		ctx.ServerError("U2FRegisterPost", errors.New("not in U2F session"))

  59. 		return

  60. 	}

  61. 	challenge := challSess.(*u2f.Challenge)

  62. 	name := u2fName.(string)

  63. 	config := &u2f.Config{

  64. 		// Chrome 66+ doesn't return the device's attestation

  65. 		// certificate by default.

  66. 		SkipAttestationVerify: true,

  67. 	}

  68. 	reg, err := u2f.Register(response, *challenge, config)

  69. 	if err != nil {

  70. 		ctx.ServerError("u2f.Register", err)

  71. 		return

  72. 	}

  73. 	if _, err = models.CreateRegistration(ctx.User, name, reg); err != nil {

  74. 		ctx.ServerError("u2f.Register", err)

  75. 		return

  76. 	}

  77. 	ctx.Status(200)

  78. }

  79. 

  80. // U2FDelete deletes an security key by id

  81. func U2FDelete(ctx *context.Context, form auth.U2FDeleteForm) {

  82. 	reg, err := models.GetU2FRegistrationByID(form.ID)

  83. 	if err != nil {

  84. 		if models.IsErrU2FRegistrationNotExist(err) {

  85. 			ctx.Status(200)

  86. 			return

  87. 		}

  88. 		ctx.ServerError("GetU2FRegistrationByID", err)

  89. 		return

  90. 	}

  91. 	if reg.UserID != ctx.User.ID {

  92. 		ctx.Status(401)

  93. 		return

  94. 	}

  95. 	if err := models.DeleteRegistration(reg); err != nil {

  96. 		ctx.ServerError("DeleteRegistration", err)

  97. 		return

  98. 	}

  99. 	ctx.JSON(200, map[string]interface{}{

  100. 		"redirect": setting.AppSubURL + "/user/settings/security",

  101. 	})

  102. }