fix: pass necessary webauthn data through events (#1541)

2024-12-12 02:54:20 +00:00 · 2021-04-07 12:56:59 +02:00 · 2021-04-07 12:56:59 +02:00 · f889b85d42
commit f889b85d42
parent 4d19652cd9
5 changed files with 47 additions and 30 deletions
--- a/internal/command/user_human_webauthn.go
+++ b/internal/command/user_human_webauthn.go
@ -2,11 +2,13 @@ package command

 import (
 	"context"
+
 	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/eventstore"

 	"github.com/caos/zitadel/internal/domain"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	usr_repo "github.com/caos/zitadel/internal/repository/user"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 )
@ -45,7 +47,12 @@ func (c *Commands) getHumanU2FLogin(ctx context.Context, userID, authReqID, reso
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5m88U", "Errors.User.NotFound")
 	}
 	return &domain.WebAuthNLogin{
-		Challenge: tokenReadModel.Challenge,
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: tokenReadModel.AggregateID,
+		},
+		Challenge:            tokenReadModel.Challenge,
+		AllowedCredentialIDs: tokenReadModel.AllowedCredentialIDs,
+		UserVerification:     tokenReadModel.UserVerification,
 	}, nil
 }

@ -259,6 +266,8 @@ func (c *Commands) HumanBeginU2FLogin(ctx context.Context, userID, resourceOwner
 			ctx,
 			userAgg,
 			webAuthNLogin.Challenge,
+			webAuthNLogin.AllowedCredentialIDs,
+			webAuthNLogin.UserVerification,
 			authRequestDomainToAuthRequestInfo(authRequest),
 		),
 	)
@ -281,6 +290,8 @@ func (c *Commands) HumanBeginPasswordlessLogin(ctx context.Context, userID, reso
 			ctx,
 			userAgg,
 			webAuthNLogin.Challenge,
+			webAuthNLogin.AllowedCredentialIDs,
+			webAuthNLogin.UserVerification,
 			authRequestDomainToAuthRequestInfo(authRequest),
 		),
 	)
--- a/internal/command/user_human_webauthn_model.go
+++ b/internal/command/user_human_webauthn_model.go
@ -301,9 +301,12 @@ func (wm *HumanPasswordlessTokensReadModel) WebAuthNTokenByID(id string) (idx in
 type HumanU2FLoginReadModel struct {
 	eventstore.WriteModel

-	AuthReqID string
-	Challenge string
-	State     domain.UserState
+	AuthReqID            string
+	Challenge            string
+	AllowedCredentialIDs [][]byte
+	UserVerification     domain.UserVerificationRequirement
+	User
+	State domain.UserState
 }

 func NewHumanU2FLoginReadModel(userID, authReqID, resourceOwner string) *HumanU2FLoginReadModel {
@ -335,6 +338,8 @@ func (wm *HumanU2FLoginReadModel) Reduce() error {
 		switch e := event.(type) {
 		case *user.HumanU2FBeginLoginEvent:
 			wm.Challenge = e.Challenge
+			wm.AllowedCredentialIDs = e.AllowedCredentialIDs
+			wm.UserVerification = e.UserVerification
 			wm.State = domain.UserStateActive
 		case *user.UserRemovedEvent:
 			wm.State = domain.UserStateDeleted
--- a/internal/repository/user/human_mfa_passwordless.go
+++ b/internal/repository/user/human_mfa_passwordless.go
@ -2,8 +2,9 @@ package user

 import (
 	"context"
-	"github.com/caos/zitadel/internal/eventstore"

+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/repository"
 )

@ -170,18 +171,20 @@ func NewHumanPasswordlessBeginLoginEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
 	challenge string,
+	allowedCredentialIDs [][]byte,
+	userVerification domain.UserVerificationRequirement,
 	info *AuthRequestInfo,
 ) *HumanPasswordlessBeginLoginEvent {
 	return &HumanPasswordlessBeginLoginEvent{
-		HumanWebAuthNBeginLoginEvent: *NewHumanWebAuthNBeginLoginEvent(
-			eventstore.NewBaseEventForPush(
-				ctx,
-				aggregate,
-				HumanPasswordlessTokenBeginLoginType,
-			),
-			challenge,
-			info,
+		HumanWebAuthNBeginLoginEvent: *NewHumanWebAuthNBeginLoginEvent(eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordlessTokenBeginLoginType,
 		),
+			challenge,
+			allowedCredentialIDs,
+			userVerification,
+			info),
 	}
 }

--- a/internal/repository/user/human_mfa_u2f.go
+++ b/internal/repository/user/human_mfa_u2f.go
@ -2,8 +2,9 @@ package user

 import (
 	"context"
-	"github.com/caos/zitadel/internal/eventstore"

+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/repository"
 )

@ -166,12 +167,7 @@ type HumanU2FBeginLoginEvent struct {
 	HumanWebAuthNBeginLoginEvent
 }

-func NewHumanU2FBeginLoginEvent(
-	ctx context.Context,
-	aggregate *eventstore.Aggregate,
-	challenge string,
-	info *AuthRequestInfo,
-) *HumanU2FBeginLoginEvent {
+func NewHumanU2FBeginLoginEvent(ctx context.Context, aggregate *eventstore.Aggregate, challenge string, allowedCredentialIDs [][]byte, userVerification domain.UserVerificationRequirement, info *AuthRequestInfo) *HumanU2FBeginLoginEvent {
 	return &HumanU2FBeginLoginEvent{
 		HumanWebAuthNBeginLoginEvent: *NewHumanWebAuthNBeginLoginEvent(
 			eventstore.NewBaseEventForPush(
@ -180,6 +176,8 @@ func NewHumanU2FBeginLoginEvent(
 				HumanU2FTokenBeginLoginType,
 			),
 			challenge,
+			allowedCredentialIDs,
+			userVerification,
 			info,
 		),
 	}
--- a/internal/repository/user/human_mfa_web_auth_n.go
+++ b/internal/repository/user/human_mfa_web_auth_n.go
@ -180,7 +180,9 @@ func HumanWebAuthNRemovedEventMapper(event *repository.Event) (eventstore.EventR
 type HumanWebAuthNBeginLoginEvent struct {
 	eventstore.BaseEvent `json:"-"`

-	Challenge string `json:"challenge"`
+	Challenge            string                             `json:"challenge"`
+	AllowedCredentialIDs [][]byte                           `json:"allowedCredentialIDs"`
+	UserVerification     domain.UserVerificationRequirement `json:"userVerification"`
 	*AuthRequestInfo
 }

@ -192,15 +194,13 @@ func (e *HumanWebAuthNBeginLoginEvent) UniqueConstraints() []*eventstore.EventUn
 	return nil
 }

-func NewHumanWebAuthNBeginLoginEvent(
-	base *eventstore.BaseEvent,
-	challenge string,
-	info *AuthRequestInfo,
-) *HumanWebAuthNBeginLoginEvent {
+func NewHumanWebAuthNBeginLoginEvent(base *eventstore.BaseEvent, challenge string, allowedCredentialIDs [][]byte, userVerification domain.UserVerificationRequirement, info *AuthRequestInfo) *HumanWebAuthNBeginLoginEvent {
 	return &HumanWebAuthNBeginLoginEvent{
-		BaseEvent:       *base,
-		Challenge:       challenge,
-		AuthRequestInfo: info,
+		BaseEvent:            *base,
+		Challenge:            challenge,
+		AllowedCredentialIDs: allowedCredentialIDs,
+		UserVerification:     userVerification,
+		AuthRequestInfo:      info,
 	}
 }