| 
									
										
										
										
											2021-01-05 09:33:45 +01:00
										 |  |  | package domain | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-08 11:30:30 +01:00
										 |  |  | import ( | 
					
						
							|  |  |  | 	"bytes" | 
					
						
							| 
									
										
										
										
											2021-08-02 15:24:58 +02:00
										 |  |  | 	"fmt" | 
					
						
							|  |  |  | 	"time" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-27 01:01:45 +02:00
										 |  |  | 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" | 
					
						
							| 
									
										
										
										
											2021-02-08 11:30:30 +01:00
										 |  |  | ) | 
					
						
							| 
									
										
										
										
											2021-01-05 09:33:45 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | type WebAuthNToken struct { | 
					
						
							|  |  |  | 	es_models.ObjectRoot | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	WebAuthNTokenID        string | 
					
						
							|  |  |  | 	CredentialCreationData []byte | 
					
						
							|  |  |  | 	State                  MFAState | 
					
						
							|  |  |  | 	Challenge              string | 
					
						
							|  |  |  | 	AllowedCredentialIDs   [][]byte | 
					
						
							|  |  |  | 	UserVerification       UserVerificationRequirement | 
					
						
							|  |  |  | 	KeyID                  []byte | 
					
						
							|  |  |  | 	PublicKey              []byte | 
					
						
							|  |  |  | 	AttestationType        string | 
					
						
							|  |  |  | 	AAGUID                 []byte | 
					
						
							|  |  |  | 	SignCount              uint32 | 
					
						
							|  |  |  | 	WebAuthNTokenName      string | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | type WebAuthNLogin struct { | 
					
						
							|  |  |  | 	es_models.ObjectRoot | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	CredentialAssertionData []byte | 
					
						
							|  |  |  | 	Challenge               string | 
					
						
							|  |  |  | 	AllowedCredentialIDs    [][]byte | 
					
						
							|  |  |  | 	UserVerification        UserVerificationRequirement | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | type UserVerificationRequirement int32 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | const ( | 
					
						
							|  |  |  | 	UserVerificationRequirementUnspecified UserVerificationRequirement = iota | 
					
						
							|  |  |  | 	UserVerificationRequirementRequired | 
					
						
							|  |  |  | 	UserVerificationRequirementPreferred | 
					
						
							|  |  |  | 	UserVerificationRequirementDiscouraged | 
					
						
							|  |  |  | ) | 
					
						
							| 
									
										
										
										
											2021-01-07 16:06:45 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | type AuthenticatorAttachment int32 | 
					
						
							| 
									
										
										
										
											2021-01-07 16:06:45 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | const ( | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	AuthenticatorAttachmentUnspecified AuthenticatorAttachment = iota | 
					
						
							|  |  |  | 	AuthenticatorAttachmentPlattform | 
					
						
							|  |  |  | 	AuthenticatorAttachmentCrossPlattform | 
					
						
							| 
									
										
										
										
											2021-01-07 16:06:45 +01:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func GetTokenToVerify(tokens []*WebAuthNToken) (int, *WebAuthNToken) { | 
					
						
							|  |  |  | 	for i, u2f := range tokens { | 
					
						
							|  |  |  | 		if u2f.State == MFAStateNotReady { | 
					
						
							|  |  |  | 			return i, u2f | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return -1, nil | 
					
						
							| 
									
										
										
										
											2021-01-07 16:06:45 +01:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2021-02-08 11:30:30 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | func GetTokenByKeyID(tokens []*WebAuthNToken, keyID []byte) (int, *WebAuthNToken) { | 
					
						
							|  |  |  | 	for i, token := range tokens { | 
					
						
							|  |  |  | 		if bytes.Compare(token.KeyID, keyID) == 0 { | 
					
						
							|  |  |  | 			return i, token | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return -1, nil | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2021-08-02 15:24:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | type PasswordlessInitCodeState int32 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | const ( | 
					
						
							|  |  |  | 	PasswordlessInitCodeStateUnspecified PasswordlessInitCodeState = iota | 
					
						
							|  |  |  | 	PasswordlessInitCodeStateRequested | 
					
						
							|  |  |  | 	PasswordlessInitCodeStateActive | 
					
						
							|  |  |  | 	PasswordlessInitCodeStateRemoved | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | type PasswordlessInitCode struct { | 
					
						
							|  |  |  | 	es_models.ObjectRoot | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	CodeID     string | 
					
						
							|  |  |  | 	Code       string | 
					
						
							|  |  |  | 	Expiration time.Duration | 
					
						
							|  |  |  | 	State      PasswordlessInitCodeState | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (p *PasswordlessInitCode) Link(baseURL string) string { | 
					
						
							|  |  |  | 	return PasswordlessInitCodeLink(baseURL, p.AggregateID, p.ResourceOwner, p.CodeID, p.Code) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func PasswordlessInitCodeLink(baseURL, userID, resourceOwner, codeID, code string) string { | 
					
						
							|  |  |  | 	return fmt.Sprintf("%s?userID=%s&orgID=%s&codeID=%s&code=%s", baseURL, userID, resourceOwner, codeID, code) | 
					
						
							|  |  |  | } |