TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-27 17:41:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/api/ui/login/mfa_verify_u2f_handler.go
Silvan c54ddc71a2
feat(actions): local users (#5089) 
Actions are extended to to local users. It's possible to run custom code during registration and authentication of local users.
2023-01-25 13:08:01 +00:00

88 lines
2.8 KiB
Go
Raw Blame History

package login
import (
"encoding/base64"
"net/http"
"github.com/zitadel/zitadel/internal/domain"
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
)
const (
tmplU2FVerification = "u2fverification"
)
type mfaU2FData struct {
webAuthNData
MFAProviders []domain.MFAType
SelectedProvider domain.MFAType
}
type mfaU2FFormData struct {
webAuthNFormData
SelectedProvider domain.MFAType `schema:"provider"`
}
func (l *Login) renderU2FVerification(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, providers []domain.MFAType, err error) {
var errID, errMessage, credentialData string
var webAuthNLogin *domain.WebAuthNLogin
if err == nil {
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
webAuthNLogin, err = l.authRepo.BeginMFAU2FLogin(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID)
}
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
if webAuthNLogin != nil {
credentialData = base64.RawURLEncoding.EncodeToString(webAuthNLogin.CredentialAssertionData)
}
data := &mfaU2FData{
webAuthNData: webAuthNData{
userData: l.getUserData(r, authReq, "VerifyMFAU2F.Title", "VerifyMFAU2F.Description", errID, errMessage),
CredentialCreationData: credentialData,
},
MFAProviders: providers,
SelectedProvider: -1,
}
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplU2FVerification], data, nil)
}
func (l *Login) handleU2FVerification(w http.ResponseWriter, r *http.Request) {
formData := new(mfaU2FFormData)
authReq, err := l.getAuthRequestAndParseData(r, formData)
if err != nil {
l.renderError(w, r, authReq, err)
return
}
step, ok := authReq.PossibleSteps[0].(*domain.MFAVerificationStep)
if !ok {
l.renderError(w, r, authReq, err)
return
}
if formData.CredentialData == "" {
l.renderMFAVerifySelected(w, r, authReq, step, formData.SelectedProvider, nil)
return
}
credData, err := base64.URLEncoding.DecodeString(formData.CredentialData)
if err != nil {
l.renderU2FVerification(w, r, authReq, step.MFAProviders, err)
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
err = l.authRepo.VerifyMFAU2F(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID, credData, domain.BrowserInfoFromRequest(r))
metadata, actionErr := l.triggerPostLocalAuthentication(r.Context(), authReq, authMethodU2F, err)
if err == nil && actionErr == nil && len(metadata) > 0 {
_, err = l.command.BulkSetUserMetadata(r.Context(), authReq.UserID, authReq.UserOrgID, metadata...)
} else if actionErr != nil && err == nil {
err = actionErr
}
if err != nil {
l.renderU2FVerification(w, r, authReq, step.MFAProviders, err)
return
}
l.renderNextStep(w, r, authReq)
}
Reference in New Issue View Git Blame Copy Permalink