mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
8f05846e21
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
38 lines
1.3 KiB
SQL
38 lines
1.3 KiB
SQL
ALTER TABLE totp_configurations RENAME _bkp_DOWN_V0002_totp_configurations;
|
|
ALTER TABLE webauthn_devices RENAME _bkp_DOWN_V0002_webauthn_devices;
|
|
|
|
CREATE TABLE IF NOT EXISTS totp_configurations (
|
|
id INTEGER AUTO_INCREMENT,
|
|
username VARCHAR(100) NOT NULL,
|
|
issuer VARCHAR(100),
|
|
algorithm VARCHAR(6) NOT NULL DEFAULT 'SHA1',
|
|
digits INTEGER NOT NULL DEFAULT 6,
|
|
period INTEGER NOT NULL DEFAULT 30,
|
|
secret BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
UNIQUE KEY (username)
|
|
);
|
|
|
|
INSERT INTO totp_configurations (id, username, issuer, algorithm, digits, period, secret)
|
|
SELECT id, username, issuer, algorithm, digits, period, secret
|
|
FROM _bkp_DOWN_V0002_totp_configurations;
|
|
|
|
CREATE TABLE IF NOT EXISTS u2f_devices (
|
|
id INTEGER AUTO_INCREMENT,
|
|
username VARCHAR(100) NOT NULL,
|
|
description VARCHAR(30) NOT NULL DEFAULT 'Primary',
|
|
key_handle BLOB NOT NULL,
|
|
public_key BLOB NOT NULL,
|
|
PRIMARY KEY (id),
|
|
UNIQUE KEY (username, description)
|
|
);
|
|
|
|
INSERT INTO u2f_devices (id, username, description, key_handle, public_key)
|
|
SELECT id, username, description, FROM_BASE64(kid), public_key
|
|
FROM _bkp_DOWN_V0002_webauthn_devices
|
|
WHERE attestation_type = 'fido-u2f';
|
|
|
|
UPDATE user_preferences
|
|
SET second_factor_method = 'u2f'
|
|
WHERE second_factor_method = 'webauthn';
|