mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
300ade66a7
* at least registration prompt works * in memory test for login * buttons to start webauthn process * begin eventstore impl * begin eventstore impl * serialize into bytes * fix: u2f, passwordless types * fix for localhost * fix script * fix: u2f, passwordless types * fix: add u2f * fix: verify u2f * fix: session data in event store * fix: u2f credentials in eventstore * fix: webauthn pkg handles business models * feat: tests * feat: append events * fix: test * fix: check only ready webauthn creds * fix: move u2f methods to authrepo * frontend improvements * fix return * feat: add passwordless * feat: add passwordless * improve ui / error handling * separate call for login * fix login * js * feat: u2f login methods * feat: remove unused session id * feat: error handling * feat: error handling * feat: refactor user eventstore * feat: finish webauthn * feat: u2f and passwordlss in auth.proto * u2f step * passwordless step * cleanup js * EndpointPasswordLessLogin * migration * update mfaChecked test * next step test * token name * cleanup * attribute * passwordless as tokens * remove sms as otp type * add "user" to amr for webauthn * error handling * fixes * fix tests * naming * naming * fixes * session handler * i18n * error handling in login * Update internal/ui/login/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * improvements * merge fixes * fixes * fixes Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
81 lines
2.6 KiB
Go
81 lines
2.6 KiB
Go
package webauthn
|
|
|
|
import (
|
|
"github.com/caos/zitadel/internal/user/model"
|
|
"github.com/duo-labs/webauthn/protocol"
|
|
"github.com/duo-labs/webauthn/webauthn"
|
|
)
|
|
|
|
func WebAuthNsToCredentials(webAuthNs []*model.WebAuthNToken) []webauthn.Credential {
|
|
creds := make([]webauthn.Credential, 0)
|
|
for _, webAuthN := range webAuthNs {
|
|
if webAuthN.State == model.MFAStateReady {
|
|
creds = append(creds, webauthn.Credential{
|
|
ID: webAuthN.KeyID,
|
|
PublicKey: webAuthN.PublicKey,
|
|
AttestationType: webAuthN.AttestationType,
|
|
Authenticator: webauthn.Authenticator{
|
|
AAGUID: webAuthN.AAGUID,
|
|
SignCount: webAuthN.SignCount,
|
|
},
|
|
})
|
|
}
|
|
}
|
|
return creds
|
|
}
|
|
|
|
func WebAuthNToSessionData(webAuthN *model.WebAuthNToken) webauthn.SessionData {
|
|
return webauthn.SessionData{
|
|
Challenge: webAuthN.Challenge,
|
|
UserID: []byte(webAuthN.AggregateID),
|
|
AllowedCredentialIDs: webAuthN.AllowedCredentialIDs,
|
|
UserVerification: UserVerificationFromModel(webAuthN.UserVerification),
|
|
}
|
|
}
|
|
|
|
func WebAuthNLoginToSessionData(webAuthN *model.WebAuthNLogin) webauthn.SessionData {
|
|
return webauthn.SessionData{
|
|
Challenge: webAuthN.Challenge,
|
|
UserID: []byte(webAuthN.AggregateID),
|
|
AllowedCredentialIDs: webAuthN.AllowedCredentialIDs,
|
|
UserVerification: UserVerificationFromModel(webAuthN.UserVerification),
|
|
}
|
|
}
|
|
|
|
func UserVerificationToModel(verification protocol.UserVerificationRequirement) model.UserVerificationRequirement {
|
|
switch verification {
|
|
case protocol.VerificationRequired:
|
|
return model.UserVerificationRequirementRequired
|
|
case protocol.VerificationPreferred:
|
|
return model.UserVerificationRequirementPreferred
|
|
case protocol.VerificationDiscouraged:
|
|
return model.UserVerificationRequirementDiscouraged
|
|
default:
|
|
return model.UserVerificationRequirementUnspecified
|
|
}
|
|
}
|
|
|
|
func UserVerificationFromModel(verification model.UserVerificationRequirement) protocol.UserVerificationRequirement {
|
|
switch verification {
|
|
case model.UserVerificationRequirementRequired:
|
|
return protocol.VerificationRequired
|
|
case model.UserVerificationRequirementPreferred:
|
|
return protocol.VerificationPreferred
|
|
case model.UserVerificationRequirementDiscouraged:
|
|
return protocol.VerificationDiscouraged
|
|
default:
|
|
return protocol.VerificationDiscouraged
|
|
}
|
|
}
|
|
|
|
func AuthenticatorAttachmentFromModel(authType model.AuthenticatorAttachment) protocol.AuthenticatorAttachment {
|
|
switch authType {
|
|
case model.AuthenticatorAttachmentPlattform:
|
|
return protocol.Platform
|
|
case model.AuthenticatorAttachmentCrossPlattform:
|
|
return protocol.CrossPlatform
|
|
default:
|
|
return ""
|
|
}
|
|
}
|