tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Fix: passkey login not working anymore (#32623)

Browse Source 
Quick fix #32595, use authenticator auth flags to login

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
hiifong
2024-11-27 00:04:17 +08:00
committed by GitHub
parent 0f4b0cf892
commit 87bb5ed0bc
9 changed files with 86 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
routers/web/auth/webauthn.go
View File

@@ -76,8 +76,17 @@ func WebAuthnPasskeyLogin(ctx *context.Context) {
}()
// Validate the parsed response.
// ParseCredentialRequestResponse+ValidateDiscoverableLogin equals to FinishDiscoverableLogin, but we need to ParseCredentialRequestResponse first to get flags
var user *user_model.User
cred, err := wa.WebAuthn.FinishDiscoverableLogin(func(rawID, userHandle []byte) (webauthn.User, error) {
parsedResponse, err := protocol.ParseCredentialRequestResponse(ctx.Req)
if err != nil {
// Failed authentication attempt.
log.Info("Failed authentication attempt for %s from %s: %v", user.Name, ctx.RemoteAddr(), err)
ctx.Status(http.StatusForbidden)
return
}
cred, err := wa.WebAuthn.ValidateDiscoverableLogin(func(rawID, userHandle []byte) (webauthn.User, error) {
userID, n := binary.Varint(userHandle)
if n <= 0 {
return nil, errors.New("invalid rawID")
@@ -89,8 +98,8 @@ func WebAuthnPasskeyLogin(ctx *context.Context) {
return nil, err
}
return (*wa.User)(user), nil
}, *sessionData, ctx.Req)
return wa.NewWebAuthnUser(ctx, user, parsedResponse.Response.AuthenticatorData.Flags), nil
}, *sessionData, parsedResponse)
if err != nil {
// Failed authentication attempt.
log.Info("Failed authentication attempt for passkey from %s: %v", ctx.RemoteAddr(), err)
@@ -171,7 +180,8 @@ func WebAuthnLoginAssertion(ctx *context.Context) {
return
}
assertion, sessionData, err := wa.WebAuthn.BeginLogin((*wa.User)(user))
webAuthnUser := wa.NewWebAuthnUser(ctx, user)
assertion, sessionData, err := wa.WebAuthn.BeginLogin(webAuthnUser)
if err != nil {
ctx.ServerError("webauthn.BeginLogin", err)
return
@@ -216,7 +226,8 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
}
// Validate the parsed response.
cred, err := wa.WebAuthn.ValidateLogin((*wa.User)(user), *sessionData, parsedResponse)
webAuthnUser := wa.NewWebAuthnUser(ctx, user, parsedResponse.Response.AuthenticatorData.Flags)
cred, err := wa.WebAuthn.ValidateLogin(webAuthnUser, *sessionData, parsedResponse)
if err != nil {
// Failed authentication attempt.
log.Info("Failed authentication attempt for %s from %s: %v", user.Name, ctx.RemoteAddr(), err)