TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-15 20:41:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(webauthn): add logs (#6569)

Browse Source
This commit is contained in:
Livio Spring 2023-09-15 15:43:38 +02:00 committed by GitHub
parent 776e777cb3
commit b4d0d2c9a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/webauthn/webauthn.go
View File

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"context" "context"
"encoding/json" "encoding/json"
"errors"
"github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/protocol"
"github.com/go-webauthn/webauthn/webauthn" "github.com/go-webauthn/webauthn/webauthn"
@ -100,8 +101,7 @@ func (w *Config) FinishRegistration(ctx context.Context, user *domain.Human, web
} }
credentialData, err := protocol.ParseCredentialCreationResponseBody(bytes.NewReader(credData)) credentialData, err := protocol.ParseCredentialCreationResponseBody(bytes.NewReader(credData))
if err != nil { if err != nil {
e := *err.(*protocol.Error) logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn credential could not be parsed")
logging.WithFields("error", e).Error("webauthn credential could not be parsed")
return nil, caos_errs.ThrowInternal(err, "WEBAU-sEr8c", "Errors.User.WebAuthN.ErrorOnParseCredential") return nil, caos_errs.ThrowInternal(err, "WEBAU-sEr8c", "Errors.User.WebAuthN.ErrorOnParseCredential")
} }
sessionData := WebAuthNToSessionData(webAuthN) sessionData := WebAuthNToSessionData(webAuthN)
@ -116,6 +116,7 @@ func (w *Config) FinishRegistration(ctx context.Context, user *domain.Human, web
sessionData, sessionData,
credentialData) credentialData)
if err != nil { if err != nil {
logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn credential could not be created")
return nil, caos_errs.ThrowInternal(err, "WEBAU-3Vb9s", "Errors.User.WebAuthN.CreateCredentialFailed") return nil, caos_errs.ThrowInternal(err, "WEBAU-3Vb9s", "Errors.User.WebAuthN.CreateCredentialFailed")
} }
@ -139,6 +140,7 @@ func (w *Config) BeginLogin(ctx context.Context, user *domain.Human, userVerific
credentials: WebAuthNsToCredentials(webAuthNs, rpID), credentials: WebAuthNsToCredentials(webAuthNs, rpID),
}, webauthn.WithUserVerification(UserVerificationFromDomain(userVerification))) }, webauthn.WithUserVerification(UserVerificationFromDomain(userVerification)))
if err != nil { if err != nil {
logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn login could not be started")
return nil, caos_errs.ThrowInternal(err, "WEBAU-4G8sw", "Errors.User.WebAuthN.BeginLoginFailed") return nil, caos_errs.ThrowInternal(err, "WEBAU-4G8sw", "Errors.User.WebAuthN.BeginLoginFailed")
} }
cred, err := json.Marshal(assertion) cred, err := json.Marshal(assertion)
@ -157,6 +159,7 @@ func (w *Config) BeginLogin(ctx context.Context, user *domain.Human, userVerific
func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN *domain.WebAuthNLogin, credData []byte, webAuthNs ...*domain.WebAuthNToken) (*webauthn.Credential, error) { func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN *domain.WebAuthNLogin, credData []byte, webAuthNs ...*domain.WebAuthNToken) (*webauthn.Credential, error) {
assertionData, err := protocol.ParseCredentialRequestResponseBody(bytes.NewReader(credData)) assertionData, err := protocol.ParseCredentialRequestResponseBody(bytes.NewReader(credData))
if err != nil { if err != nil {
logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn assertion could not be parsed")
return nil, caos_errs.ThrowInternal(err, "WEBAU-ADgv4", "Errors.User.WebAuthN.ValidateLoginFailed") return nil, caos_errs.ThrowInternal(err, "WEBAU-ADgv4", "Errors.User.WebAuthN.ValidateLoginFailed")
} }
webUser := &webUser{ webUser := &webUser{
@ -169,11 +172,12 @@ func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN *
} }
credential, err := webAuthNServer.ValidateLogin(webUser, WebAuthNLoginToSessionData(webAuthN), assertionData) credential, err := webAuthNServer.ValidateLogin(webUser, WebAuthNLoginToSessionData(webAuthN), assertionData)
if err != nil { if err != nil {
logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn assertion failed")
return nil, caos_errs.ThrowInternal(err, "WEBAU-3M9si", "Errors.User.WebAuthN.ValidateLoginFailed") return nil, caos_errs.ThrowInternal(err, "WEBAU-3M9si", "Errors.User.WebAuthN.ValidateLoginFailed")
} }
if credential.Authenticator.CloneWarning { if credential.Authenticator.CloneWarning {
return credential, caos_errs.ThrowInternal(err, "WEBAU-4M90s", "Errors.User.WebAuthN.CloneWarning") return credential, caos_errs.ThrowInternal(nil, "WEBAU-4M90s", "Errors.User.WebAuthN.CloneWarning")
} }
return credential, nil return credential, nil
} }
@ -206,3 +210,11 @@ func (w *Config) config(id, origin string) *webauthn.Config {
RPOrigins: []string{origin}, RPOrigins: []string{origin},
} }
} }
func tryExtractProtocolErrMsg(err error) string {
var e *protocol.Error
if errors.As(err, &e) {
return e.Details + ": " + e.DevInfo
}
return e.Error()
}