mirrors
/
gitea
镜像来自 https://github.com/go-gitea/gitea.git
關註 1
收藏 0
複製 0
程式碼 問題管理 0 版本發佈 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6308 Commit
17 分支
目錄樹: 951309f76a
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '951309f76a'
${ noResults }
gitea/routers/user/setting/security_u2f.go

security_u2f.go 2.6KB
原始文件 Blame 文件歷史

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package setting

  6. 

  7. import (

  8. 	"errors"

  9. 

  10. 	"code.gitea.io/gitea/models"

  11. 	"code.gitea.io/gitea/modules/auth"

  12. 	"code.gitea.io/gitea/modules/context"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 

  15. 	"github.com/tstranex/u2f"

  16. )

  17. 

  18. // U2FRegister initializes the u2f registration procedure

  19. func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {

  20. 	if form.Name == "" {

  21. 		ctx.Error(409)

  22. 		return

  23. 	}

  24. 	challenge, err := u2f.NewChallenge(setting.U2F.AppID, setting.U2F.TrustedFacets)

  25. 	if err != nil {

  26. 		ctx.ServerError("NewChallenge", err)

  27. 		return

  28. 	}

  29. 	err = ctx.Session.Set("u2fChallenge", challenge)

  30. 	if err != nil {

  31. 		ctx.ServerError("Session.Set", err)

  32. 		return

  33. 	}

  34. 	regs, err := models.GetU2FRegistrationsByUID(ctx.User.ID)

  35. 	if err != nil {

  36. 		ctx.ServerError("GetU2FRegistrationsByUID", err)

  37. 		return

  38. 	}

  39. 	for _, reg := range regs {

  40. 		if reg.Name == form.Name {

  41. 			ctx.Error(409, "Name already taken")

  42. 			return

  43. 		}

  44. 	}

  45. 	ctx.Session.Set("u2fName", form.Name)

  46. 	ctx.JSON(200, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))

  47. }

  48. 

  49. // U2FRegisterPost receives the response of the security key

  50. func U2FRegisterPost(ctx *context.Context, response u2f.RegisterResponse) {

  51. 	challSess := ctx.Session.Get("u2fChallenge")

  52. 	u2fName := ctx.Session.Get("u2fName")

  53. 	if challSess == nil || u2fName == nil {

  54. 		ctx.ServerError("U2FRegisterPost", errors.New("not in U2F session"))

  55. 		return

  56. 	}

  57. 	challenge := challSess.(*u2f.Challenge)

  58. 	name := u2fName.(string)

  59. 	config := &u2f.Config{

  60. 		// Chrome 66+ doesn't return the device's attestation

  61. 		// certificate by default.

  62. 		SkipAttestationVerify: true,

  63. 	}

  64. 	reg, err := u2f.Register(response, *challenge, config)

  65. 	if err != nil {

  66. 		ctx.ServerError("u2f.Register", err)

  67. 		return

  68. 	}

  69. 	if _, err = models.CreateRegistration(ctx.User, name, reg); err != nil {

  70. 		ctx.ServerError("u2f.Register", err)

  71. 		return

  72. 	}

  73. 	ctx.Status(200)

  74. }

  75. 

  76. // U2FDelete deletes an security key by id

  77. func U2FDelete(ctx *context.Context, form auth.U2FDeleteForm) {

  78. 	reg, err := models.GetU2FRegistrationByID(form.ID)

  79. 	if err != nil {

  80. 		if models.IsErrU2FRegistrationNotExist(err) {

  81. 			ctx.Status(200)

  82. 			return

  83. 		}

  84. 		ctx.ServerError("GetU2FRegistrationByID", err)

  85. 		return

  86. 	}

  87. 	if reg.UserID != ctx.User.ID {

  88. 		ctx.Status(401)

  89. 		return

  90. 	}

  91. 	if err := models.DeleteRegistration(reg); err != nil {

  92. 		ctx.ServerError("DeleteRegistration", err)

  93. 		return

  94. 	}

  95. 	ctx.JSON(200, map[string]interface{}{

  96. 		"redirect": setting.AppSubURL + "/user/settings/security",

  97. 	})

  98. 	return

  99. }