fix(storage): webauthn kid too short for some devices (#2957)

This fixes an issue that may cause the kid length of a webauthn device to exceed that length allowed by the database column.
This commit is contained in:
James Elliott 2022-03-04 21:21:08 +11:00 committed by GitHub
parent 82d28155d0
commit 204cef4d03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 84 additions and 4 deletions

View File

@ -23,3 +23,4 @@ this instance if you wanted to downgrade to pre1 you would need to use an Authel
| pre1 | 4.0.0 | Downgrading to this version requires you use the --pre1 flag | | pre1 | 4.0.0 | Downgrading to this version requires you use the --pre1 flag |
| 1 | 4.33.0 | Initial migration managed version | | 1 | 4.33.0 | Initial migration managed version |
| 2 | 4.34.0 | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates | | 2 | 4.34.0 | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates |
| 3 | 4.34.2 | Webauthn - fix V2 migration kid column length and provide migration path for anyone on V2 |

View File

@ -56,7 +56,7 @@ const (
const ( const (
// This is the latest schema version for the purpose of tests. // This is the latest schema version for the purpose of tests.
testLatestVersion = 2 testLatestVersion = 3
) )
const ( const (

View File

@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
rpid TEXT, rpid TEXT,
username VARCHAR(100) NOT NULL, username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary', description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(100) NOT NULL, kid VARCHAR(512) NOT NULL,
public_key BLOB NOT NULL, public_key BLOB NOT NULL,
attestation_type VARCHAR(32), attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '', transport VARCHAR(20) DEFAULT '',

View File

@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
rpid TEXT, rpid TEXT,
username VARCHAR(100) NOT NULL, username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary', description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(100) NOT NULL, kid VARCHAR(512) NOT NULL,
public_key BYTEA NOT NULL, public_key BYTEA NOT NULL,
attestation_type VARCHAR(32), attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '', transport VARCHAR(20) DEFAULT '',

View File

@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
rpid TEXT, rpid TEXT,
username VARCHAR(100) NOT NULL, username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary', description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(100) NOT NULL, kid VARCHAR(512) NOT NULL,
public_key BLOB NOT NULL, public_key BLOB NOT NULL,
attestation_type VARCHAR(32), attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '', transport VARCHAR(20) DEFAULT '',

View File

@ -0,0 +1 @@
DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;

View File

@ -0,0 +1,26 @@
ALTER TABLE webauthn_devices RENAME _bkp_UP_V0003_webauthn_devices;
CREATE TABLE IF NOT EXISTS webauthn_devices (
id INTEGER AUTO_INCREMENT,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
last_used_at TIMESTAMP NULL DEFAULT NULL,
rpid TEXT,
username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(512) NOT NULL,
public_key BLOB NOT NULL,
attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '',
aaguid CHAR(36) NOT NULL,
sign_count INTEGER DEFAULT 0,
clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
PRIMARY KEY (id),
UNIQUE KEY (username, description),
UNIQUE KEY (kid)
);
INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
FROM _bkp_UP_V0003_webauthn_devices;
DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;

View File

@ -0,0 +1,26 @@
ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices;
CREATE TABLE IF NOT EXISTS webauthn_devices (
id SERIAL,
created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
last_used_at TIMESTAMP WITH TIME ZONE NULL DEFAULT NULL,
rpid TEXT,
username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(512) NOT NULL,
public_key BYTEA NOT NULL,
attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '',
aaguid CHAR(36) NOT NULL,
sign_count INTEGER DEFAULT 0,
clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
PRIMARY KEY (id),
UNIQUE (username, description),
UNIQUE (kid)
);
INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
FROM _bkp_UP_V0003_webauthn_devices;
DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;

View File

@ -0,0 +1,26 @@
ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices;
CREATE TABLE IF NOT EXISTS webauthn_devices (
id INTEGER,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
last_used_at TIMESTAMP NULL DEFAULT NULL,
rpid TEXT,
username VARCHAR(100) NOT NULL,
description VARCHAR(30) NOT NULL DEFAULT 'Primary',
kid VARCHAR(512) NOT NULL,
public_key BLOB NOT NULL,
attestation_type VARCHAR(32),
transport VARCHAR(20) DEFAULT '',
aaguid CHAR(36) NOT NULL,
sign_count INTEGER DEFAULT 0,
clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
PRIMARY KEY (id),
UNIQUE (username, description),
UNIQUE (kid)
);
INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
FROM _bkp_UP_V0003_webauthn_devices;
DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;