Allow non password protected keys for 2FA only
Some checks failed
Lint / pnpm_install (pull_request) Successful in 1m20s
Publish Docker image / Build (pull_request) Successful in 3m50s
Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m2s
Lint / pnpm_install (push) Successful in 1m14s
Test (backend) / unit (22.11.0) (pull_request) Failing after 7m19s
Publish Docker image / Build (push) Successful in 4m49s
Test (production install and build) / production (22.11.0) (push) Successful in 1m16s
Test (backend) / unit (22.11.0) (push) Failing after 7m17s
Lint / lint (backend) (pull_request) Failing after 2m21s
Lint / lint (frontend) (pull_request) Failing after 2m14s
Lint / lint (frontend-embed) (pull_request) Successful in 2m24s
Lint / lint (frontend-shared) (pull_request) Successful in 2m16s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m14s
Lint / lint (misskey-js) (pull_request) Successful in 2m11s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m20s
Lint / lint (sw) (pull_request) Successful in 2m6s
Lint / typecheck (backend) (pull_request) Successful in 2m7s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m26s
Lint / typecheck (sw) (pull_request) Successful in 1m30s
Lint / lint (backend) (push) Failing after 2m17s
Lint / lint (frontend) (push) Failing after 2m11s
Lint / lint (frontend-embed) (push) Successful in 2m28s
Lint / lint (frontend-shared) (push) Successful in 2m22s
Lint / lint (misskey-bubble-game) (push) Successful in 2m14s
Lint / lint (misskey-js) (push) Successful in 2m11s
Lint / lint (sw) (push) Successful in 2m41s
Lint / lint (misskey-reversi) (push) Successful in 2m57s
Lint / typecheck (backend) (push) Successful in 2m12s
Lint / typecheck (misskey-js) (push) Successful in 1m31s
Lint / typecheck (sw) (push) Successful in 1m43s

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-25 08:36:22 -06:00
parent f3eeb711a0
commit 70d5c713ca
No known key found for this signature in database
4 changed files with 17 additions and 8 deletions

View file

@ -83,7 +83,11 @@ export class WebAuthnService {
}
@bindThis
public async verifyRegistration(userId: MiUser['id'], response: RegistrationResponseJSON): Promise<{
public async verifyRegistration(
userId: MiUser['id'],
response: RegistrationResponseJSON,
twoFactorOnly: boolean = false,
): Promise<{
credentialID: string;
credentialPublicKey: Uint8Array;
attestationObject: Uint8Array;
@ -111,7 +115,7 @@ export class WebAuthnService {
expectedChallenge: challenge,
expectedOrigin: relyingParty.origin,
expectedRPID: relyingParty.rpId,
requireUserVerification: true,
requireUserVerification: !twoFactorOnly,
});
} catch (error) {
console.error(error);
@ -245,7 +249,11 @@ export class WebAuthnService {
}
@bindThis
public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> {
public async verifyAuthentication(
userId: MiUser['id'],
response: AuthenticationResponseJSON,
twoFactorOnly: boolean = false,
): Promise<boolean> {
const challenge = await this.redisClient.get(`webauthn:challenge:${userId}`);
if (!challenge) {
@ -302,7 +310,7 @@ export class WebAuthnService {
counter: key.counter,
transports: key.transports ? key.transports as AuthenticatorTransportFuture[] : undefined,
},
requireUserVerification: true,
requireUserVerification: !twoFactorOnly,
});
} catch (error) {
console.error(error);

View file

@ -255,7 +255,7 @@ export class SigninApiService {
});
}
const authorized = await this.webAuthnService.verifyAuthentication(user.id, body.credential);
const authorized = await this.webAuthnService.verifyAuthentication(user.id, body.credential, !profile.usePasswordLessLogin);
if (authorized) {
return this.signinService.signin(request, reply, user);

View file

@ -95,7 +95,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
throw new ApiError(meta.errors.twoFactorNotEnabled);
}
const keyInfo = await this.webAuthnService.verifyRegistration(me.id, ps.credential);
const keyInfo = await this.webAuthnService.verifyRegistration(me.id, ps.credential, !profile.usePasswordLessLogin);
const keyId = keyInfo.credentialID;
await this.userSecurityKeysRepository.insert({

View file

@ -45,7 +45,8 @@ const queryingKey = ref(true);
async function queryKey() {
queryingKey.value = true;
await webAuthnRequest(props.credentialRequest)
.catch(() => {
.catch((e) => {
console.error(e);
return Promise.reject(null);
})
.then((credential) => {
@ -53,7 +54,7 @@ async function queryKey() {
})
.finally(() => {
queryingKey.value = false;
});
});
}
onMounted(() => {