mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
92d328926d
* refactor(handlers): lower case error messages also refactor verifyAuth function to detect malicious activity both with session cookie and authorization header. * refacto(handlers): simplify error construction * fix(handlers): check prefix in authorization header to determine auth method * fix(handlers): determining the method should be done with headers instead of query arg * refacto(handlers): rollback changes of verifyAuth * don't lowercase log messages * Apply suggestions from code review Make sure logger errors are not lowercased. * fix: uppercase logger errors and remove unused param * Do not lowercase logger errors * Remove unused param targetURL * Rename url variable to not conflict with imported package Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
57 lines
1.7 KiB
Go
57 lines
1.7 KiB
Go
package handlers
|
|
|
|
import (
|
|
"crypto/elliptic"
|
|
"fmt"
|
|
|
|
"github.com/tstranex/u2f"
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
|
)
|
|
|
|
// SecondFactorU2FRegister handler validating the client has successfully validated the challenge
|
|
// to complete the U2F registration.
|
|
func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx) {
|
|
responseBody := u2f.RegisterResponse{}
|
|
err := ctx.ParseBody(&responseBody)
|
|
|
|
if err != nil {
|
|
ctx.Error(fmt.Errorf("unable to parse response body: %v", err), messageUnableToRegisterSecurityKey)
|
|
}
|
|
|
|
userSession := ctx.GetSession()
|
|
|
|
if userSession.U2FChallenge == nil {
|
|
ctx.Error(fmt.Errorf("U2F registration has not been initiated yet"), messageUnableToRegisterSecurityKey)
|
|
return
|
|
}
|
|
// Ensure the challenge is cleared if anything goes wrong.
|
|
defer func() {
|
|
userSession.U2FChallenge = nil
|
|
|
|
err := ctx.SaveSession(userSession)
|
|
if err != nil {
|
|
ctx.Logger.Errorf("Unable to clear U2F challenge in session for user %s: %s", userSession.Username, err)
|
|
}
|
|
}()
|
|
|
|
registration, err := u2f.Register(responseBody, *userSession.U2FChallenge, u2fConfig)
|
|
|
|
if err != nil {
|
|
ctx.Error(fmt.Errorf("unable to verify U2F registration: %v", err), messageUnableToRegisterSecurityKey)
|
|
return
|
|
}
|
|
|
|
ctx.Logger.Debugf("Register U2F device for user %s", userSession.Username)
|
|
|
|
publicKey := elliptic.Marshal(elliptic.P256(), registration.PubKey.X, registration.PubKey.Y)
|
|
err = ctx.Providers.StorageProvider.SaveU2FDeviceHandle(userSession.Username, registration.KeyHandle, publicKey)
|
|
|
|
if err != nil {
|
|
ctx.Error(fmt.Errorf("unable to register U2F device for user %s: %v", userSession.Username, err), messageUnableToRegisterSecurityKey)
|
|
return
|
|
}
|
|
|
|
ctx.ReplyOK()
|
|
}
|