fix: improvements for WebAuthN (#1105)

* add missing translations * add missing passwordless funcs in api * remove u2f with verification from setup in login
2025-08-12 04:37:31 +00:00 · 2020-12-15 16:44:16 +01:00
parent 7463bf4fe0
commit 71df1bcd0e
14 changed files with 150 additions and 11 deletions
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"context"
+
 	"github.com/golang/protobuf/ptypes/empty"

 	"github.com/caos/zitadel/pkg/grpc/auth"
@@ -175,6 +176,14 @@ func (s *Server) RemoveMyMfaU2F(ctx context.Context, id *auth.WebAuthNTokenID) (
 	return &empty.Empty{}, err
 }

+func (s *Server) GetMyPasswordless(ctx context.Context, _ *empty.Empty) (_ *auth.WebAuthNTokens, err error) {
+	tokens, err := s.repo.GetMyPasswordless(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return webAuthNTokensFromModel(tokens), err
+}
+
 func (s *Server) AddMyPasswordless(ctx context.Context, _ *empty.Empty) (_ *auth.WebAuthNResponse, err error) {
 	u2f, err := s.repo.AddMyPasswordless(ctx)
 	return verifyWebAuthNFromModel(u2f), err
--- a/internal/api/grpc/auth/user_converter.go
+++ b/internal/api/grpc/auth/user_converter.go
@@ -436,3 +436,19 @@ func verifyWebAuthNFromModel(u2f *usr_model.WebAuthNToken) *auth.WebAuthNRespons
 		State:     mfaStateFromModel(u2f.State),
 	}
 }
+
+func webAuthNTokensFromModel(tokens []*usr_model.WebAuthNToken) *auth.WebAuthNTokens {
+	result := make([]*auth.WebAuthNToken, len(tokens))
+	for i, token := range tokens {
+		result[i] = webAuthNTokenFromModel(token)
+	}
+	return &auth.WebAuthNTokens{Tokens: result}
+}
+
+func webAuthNTokenFromModel(token *usr_model.WebAuthNToken) *auth.WebAuthNToken {
+	return &auth.WebAuthNToken{
+		Id:    token.WebAuthNTokenID,
+		Name:  token.WebAuthNTokenName,
+		State: mfaStateFromModel(token.State),
+	}
+}
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -2,9 +2,11 @@ package management

 import (
 	"context"
+
+	"github.com/golang/protobuf/ptypes/empty"
+
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/pkg/grpc/management"
-	"github.com/golang/protobuf/ptypes/empty"
 )

 func (s *Server) GetUserByID(ctx context.Context, id *management.UserID) (*management.UserView, error) {
@@ -231,6 +233,19 @@ func (s *Server) RemoveMfaU2F(ctx context.Context, webAuthNTokenID *management.W
 	return &empty.Empty{}, err
 }

+func (s *Server) GetPasswordless(ctx context.Context, userID *management.UserID) (_ *management.WebAuthNTokens, err error) {
+	tokens, err := s.user.GetPasswordless(ctx, userID.Id)
+	if err != nil {
+		return nil, err
+	}
+	return webAuthNTokensFromModel(tokens), err
+}
+
+func (s *Server) RemovePasswordless(ctx context.Context, id *management.WebAuthNTokenID) (*empty.Empty, error) {
+	err := s.user.RemovePasswordless(ctx, id.UserId, id.Id)
+	return &empty.Empty{}, err
+}
+
 func (s *Server) SearchUserMemberships(ctx context.Context, in *management.UserMembershipSearchRequest) (*management.UserMembershipSearchResponse, error) {
 	request := userMembershipSearchRequestsToModel(in)
 	request.AppendUserIDQuery(in.UserId)
--- a/internal/api/grpc/management/user_converter.go
+++ b/internal/api/grpc/management/user_converter.go
@@ -629,3 +629,19 @@ func userChangesToMgtAPI(changes *usr_model.UserChanges) (_ []*management.Change

 	return result
 }
+
+func webAuthNTokensFromModel(tokens []*usr_model.WebAuthNToken) *management.WebAuthNTokens {
+	result := make([]*management.WebAuthNToken, len(tokens))
+	for i, token := range tokens {
+		result[i] = webAuthNTokenFromModel(token)
+	}
+	return &management.WebAuthNTokens{Tokens: result}
+}
+
+func webAuthNTokenFromModel(token *usr_model.WebAuthNToken) *management.WebAuthNToken {
+	return &management.WebAuthNToken{
+		Id:    token.WebAuthNTokenID,
+		Name:  token.WebAuthNTokenName,
+		State: mfaStateFromModel(token.State),
+	}
+}