commit ffdcafa0446aa110e27266a920b4497490cddb6f
parent 56ffec40f4cbc79afdeca13634d9b9f6fed04143
Author: BlackDex <black.dex@gmail.com>
Date: Sun, 25 Jul 2021 14:49:55 +0200
Fix WebAuthn issues and some small updates
- Updated some packages
- Updated code related to package updates.
- Disabled User Verification enforcement when WebAuthn Key sends UV=1
This makes it compatible with upstream and resolves #1840
- Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
Diffstat:
4 files changed, 90 insertions(+), 102 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
@@ -421,9 +421,9 @@ dependencies = [
[[package]]
name = "crypto-mac"
-version = "0.10.0"
+version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6"
+checksum = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a"
dependencies = [
"generic-array 0.14.4",
"subtle",
@@ -467,9 +467,9 @@ version = "0.3.0"
source = "git+https://github.com/SergioBenitez/Devise.git?rev=e58b3ac9a#e58b3ac9afc3b6ff10a8aaf02a3e768a8f530089"
dependencies = [
"bitflags",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -495,9 +495,9 @@ version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45f5098f628d02a7a0f68ddba586fb61e80edec3bdc1be3b921f4ceec60858d3"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -591,9 +591,9 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"
[[package]]
name = "fastrand"
-version = "1.4.1"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77b705829d1e87f762c2df6da140b26af5839e1033aa84aa5f56bb688e4e1bdb"
+checksum = "b394ed3d285a429378d3b384b9eb1285267e7df4b166df24b7a6939a04dc392e"
dependencies = [
"instant",
]
@@ -691,9 +691,9 @@ dependencies = [
[[package]]
name = "futures"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e7e43a803dae2fa37c1f6a8fe121e1f7bf9548b4dfc0522a42f34145dadfc27"
+checksum = "1adc00f486adfc9ce99f77d717836f0c5aa84965eb0b4f051f4e83f7cab53f8b"
dependencies = [
"futures-channel",
"futures-core",
@@ -706,9 +706,9 @@ dependencies = [
[[package]]
name = "futures-channel"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e682a68b29a882df0545c143dc3646daefe80ba479bcdede94d5a703de2871e2"
+checksum = "74ed2411805f6e4e3d9bc904c95d5d423b89b3b25dc0250aa74729de20629ff9"
dependencies = [
"futures-core",
"futures-sink",
@@ -716,15 +716,15 @@ dependencies = [
[[package]]
name = "futures-core"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0402f765d8a89a26043b889b26ce3c4679d268fa6bb22cd7c6aad98340e179d1"
+checksum = "af51b1b4a7fdff033703db39de8802c673eb91855f2e0d47dcf3bf2c0ef01f99"
[[package]]
name = "futures-executor"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "badaa6a909fac9e7236d0620a2f57f7664640c56575b71a7552fbd68deafab79"
+checksum = "4d0d535a57b87e1ae31437b892713aee90cd2d7b0ee48727cd11fc72ef54761c"
dependencies = [
"futures-core",
"futures-task",
@@ -733,40 +733,40 @@ dependencies = [
[[package]]
name = "futures-io"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "acc499defb3b348f8d8f3f66415835a9131856ff7714bf10dadfc4ec4bdb29a1"
+checksum = "0b0e06c393068f3a6ef246c75cdca793d6a46347e75286933e5e75fd2fd11582"
[[package]]
name = "futures-macro"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4c40298486cdf52cc00cd6d6987892ba502c7656a16a4192a9992b1ccedd121"
+checksum = "c54913bae956fb8df7f4dc6fc90362aa72e69148e3f39041fbe8742d21e0ac57"
dependencies = [
"autocfg",
"proc-macro-hack",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
name = "futures-sink"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a57bead0ceff0d6dde8f465ecd96c9338121bb7717d3e7b108059531870c4282"
+checksum = "c0f30aaa67363d119812743aa5f33c201a7a66329f97d1a887022971feea4b53"
[[package]]
name = "futures-task"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a16bef9fc1a4dddb5bee51c989e3fbba26569cbb0e31f5b303c184e3dd33dae"
+checksum = "bbe54a98670017f3be909561f6ad13e810d9a51f3f061b902062ca3da80799f2"
[[package]]
name = "futures-util"
-version = "0.3.15"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "feb5c238d27e2bf94ffdfd27b2c29e3df4a68c4193bb6427384259e2bf191967"
+checksum = "67eb846bfd58e44a8481a00049e82c43e0ccb5d61f8dc071057cb19249dd4d78"
dependencies = [
"autocfg",
"futures-channel",
@@ -918,7 +918,7 @@ version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15"
dependencies = [
- "crypto-mac 0.10.0",
+ "crypto-mac 0.10.1",
"digest 0.9.0",
]
@@ -942,9 +942,9 @@ dependencies = [
"log 0.4.14",
"mac",
"markup5ever",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -1002,9 +1002,9 @@ dependencies = [
[[package]]
name = "hyper"
-version = "0.14.10"
+version = "0.14.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7728a72c4c7d72665fde02204bcbd93b247721025b222ef78606f14513e0fd03"
+checksum = "0b61cf2d1aebcf6e6352c97b81dc2244ca29194be1b276f5d8ad5c6330fffb11"
dependencies = [
"bytes 1.0.1",
"futures-channel",
@@ -1043,7 +1043,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
dependencies = [
"bytes 1.0.1",
- "hyper 0.14.10",
+ "hyper 0.14.11",
"native-tls",
"tokio",
"tokio-native-tls",
@@ -1315,9 +1315,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9753f12909fd8d923f75ae5c3258cae1ed3c8ec052e1b38c93c21a6d157f789c"
dependencies = [
"migrations_internals",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -1536,9 +1536,9 @@ version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -1664,9 +1664,9 @@ dependencies = [
[[package]]
name = "parity-ws"
-version = "0.10.1"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "322d72dfe461b8b9e367d057ceace105379d64d5b03907d23c481ccf3fbf8aa4"
+checksum = "d0ab8a461779bd022964cae2b4989fa9c99deb270bec162da2125ec03c09fcaa"
dependencies = [
"byteorder",
"bytes 0.4.12",
@@ -1814,9 +1814,9 @@ checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55"
dependencies = [
"pest",
"pest_meta",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -1936,9 +1936,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
-version = "1.0.27"
+version = "1.0.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0d8caf72986c1a598726adc988bb5984792ef84f5ee5aa50209145ee8077038"
+checksum = "5c7ed8b8c7b886ea3ed7dde405212185f423ab44682667c8c6dd14aa1d9f6612"
dependencies = [
"unicode-xid 0.2.2",
]
@@ -1998,7 +1998,7 @@ version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
]
[[package]]
@@ -2203,7 +2203,7 @@ dependencies = [
"futures-util",
"http",
"http-body",
- "hyper 0.14.10",
+ "hyper 0.14.11",
"hyper-tls",
"ipnet",
"js-sys",
@@ -2488,9 +2488,9 @@ version = "1.0.126"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "963a7dbc9895aeac7ac90e74f34a5d5261828f79df35cbed41e10189d3804d43"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -2543,9 +2543,9 @@ dependencies = [
[[package]]
name = "sha-1"
-version = "0.9.6"
+version = "0.9.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c4cfa741c5832d0ef7fab46cabed29c2aae926db0b11bb2069edd8db5e64e16"
+checksum = "1a0c8611594e2ab4ebbf06ec7cbbf0a99450b8570e96cbf5188b5d5f6ef18d81"
dependencies = [
"block-buffer 0.9.0",
"cfg-if 1.0.0",
@@ -2668,11 +2668,11 @@ version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
"serde",
"serde_derive",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -2682,13 +2682,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11"
dependencies = [
"base-x",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
"serde",
"serde_derive",
"serde_json",
"sha1",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -2718,7 +2718,7 @@ checksum = "f24c8e5e19d22a726626f1a5e16fe15b132dcf21d10177fa5a45ce7962996b97"
dependencies = [
"phf_generator",
"phf_shared",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
]
@@ -2741,11 +2741,11 @@ dependencies = [
[[package]]
name = "syn"
-version = "1.0.73"
+version = "1.0.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f71489ff30030d2ae598524f61326b902466f72a0fb1a8564c001cc63425bcc7"
+checksum = "1873d832550d4588c3dbc20f01361ab00bfe741048f71e3fecf145a7cc18b29c"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
"unicode-xid 0.2.2",
]
@@ -2808,9 +2808,9 @@ version = "1.0.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "060d69a0afe7796bf42e9e2ff91f5ee691fb15c53d38b4b62a9a53eb23164745"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -2865,17 +2865,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
dependencies = [
"proc-macro-hack",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
"standback",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
name = "tinyvec"
-version = "1.2.0"
+version = "1.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b5220f05bb7de7f3f53c7c065e1199b3172696fe2db9f9c4d8ad9b4ee74c342"
+checksum = "848a1e1181b9f6753b5e96a092749e29b11d19ede67dfbbd6c7dc7e0f49b5338"
dependencies = [
"tinyvec_macros",
]
@@ -2888,9 +2888,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
[[package]]
name = "tokio"
-version = "1.8.1"
+version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "98c8b05dc14c75ea83d63dd391100353789f5f24b8b3866542a5e85c8be8e985"
+checksum = "4b7b349f11a7047e6d1276853e612d152f5e8a352c61917887cc2169e2366b4c"
dependencies = [
"autocfg",
"bytes 1.0.1",
@@ -2972,9 +2972,9 @@ version = "0.1.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c42e6fa53307c8a17e4ccd4dc81cf5ec38db9209f59b222210375b54ee40d1e2"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
]
[[package]]
@@ -3261,9 +3261,9 @@ dependencies = [
"bumpalo",
"lazy_static",
"log 0.4.14",
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
"wasm-bindgen-shared",
]
@@ -3295,9 +3295,9 @@ version = "0.2.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be2241542ff3d9f241f5e2cb6dd09b37efe786df8851c54957683a49f0987a97"
dependencies = [
- "proc-macro2 1.0.27",
+ "proc-macro2 1.0.28",
"quote 1.0.9",
- "syn 1.0.73",
+ "syn 1.0.74",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
@@ -3320,8 +3320,9 @@ dependencies = [
[[package]]
name = "webauthn-rs"
-version = "0.3.0-alpha.7"
-source = "git+https://github.com/kanidm/webauthn-rs?rev=02a99f534127b30c6f4df7f2d42bc24f76dc4211#02a99f534127b30c6f4df7f2d42bc24f76dc4211"
+version = "0.3.0-alpha.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bbb2b77105c3b25ef0187146d80824648da0645f650c4d2080e3815d6cbbb87"
dependencies = [
"base64 0.13.0",
"log 0.4.14",
@@ -3448,12 +3449,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d3c3f584739059f479ca4de114cbfe032315752abb3be60afb30db40a802169"
dependencies = [
"base64 0.13.0",
- "crypto-mac 0.10.0",
+ "crypto-mac 0.10.1",
"futures",
"hmac 0.10.1",
"rand 0.8.4",
"reqwest",
- "sha-1 0.9.6",
+ "sha-1 0.9.7",
"threadpool",
"url 1.7.2",
]
diff --git a/Cargo.toml b/Cargo.toml
@@ -44,7 +44,7 @@ url = "2.2.2"
multipart = { version = "0.18.0", features = ["server"], default-features = false }
# WebSockets library
-ws = { version = "0.10.0", package = "parity-ws" }
+ws = { version = "0.11.0", package = "parity-ws" }
# MessagePack library
rmpv = "0.4.7"
@@ -93,7 +93,7 @@ jsonwebtoken = "7.2.0"
# U2F library
u2f = "0.2.0"
-webauthn-rs = "=0.3.0-alpha.7"
+webauthn-rs = "=0.3.0-alpha.9"
# Yubico Library
yubico = { version = "0.10.0", features = ["online-tokio"], default-features = false }
@@ -152,6 +152,3 @@ data-url = { git = 'https://github.com/servo/rust-url', package="data-url", rev
# In particular, `cron` has since implemented parsing of some common syntax
# that wasn't previously supported (https://github.com/zslayton/cron/pull/64).
job_scheduler = { git = 'https://github.com/jjlin/job_scheduler', rev = 'ee023418dbba2bfe1e30a5fd7d937f9e33739806' }
-
-# Add support for U2F appid extension compatibility
-webauthn-rs = { git = 'https://github.com/kanidm/webauthn-rs', rev = '02a99f534127b30c6f4df7f2d42bc24f76dc4211' }
diff --git a/src/api/core/two_factor/webauthn.rs b/src/api/core/two_factor/webauthn.rs
@@ -51,19 +51,12 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig {
fn get_relying_party_id(&self) -> &str {
&self.rpid
}
-}
-
-impl webauthn_rs::WebauthnConfig for &WebauthnConfig {
- fn get_relying_party_name(&self) -> &str {
- &self.url
- }
-
- fn get_origin(&self) -> &str {
- &self.url
- }
- fn get_relying_party_id(&self) -> &str {
- &self.rpid
+ /// We have WebAuthn configured to discourage user verification
+ /// if we leave this enabled, it will cause verification issues when a keys send UV=1.
+ /// Upstream (the library they use) ignores this when set to discouraged, so we should too.
+ fn get_require_uv_consistency(&self) -> bool {
+ false
}
}
@@ -289,15 +282,14 @@ fn delete_webauthn(data: JsonUpcase<DeleteU2FData>, headers: Headers, conn: DbCo
err!("Invalid password");
}
- let type_ = TwoFactorType::Webauthn as i32;
- let mut tf = match TwoFactor::find_by_user_and_type(&headers.user.uuid, type_, &conn) {
+ let mut tf = match TwoFactor::find_by_user_and_type(&headers.user.uuid, TwoFactorType::Webauthn as i32, &conn) {
Some(tf) => tf,
None => err!("Webauthn data not found!"),
};
let mut data: Vec<WebauthnRegistration> = serde_json::from_str(&tf.data)?;
- let item_pos = match data.iter().position(|r| r.id != id) {
+ let item_pos = match data.iter().position(|r| r.id == id) {
Some(p) => p,
None => err!("Webauthn entry not found"),
};
diff --git a/src/api/notifications.rs b/src/api/notifications.rs
@@ -408,12 +408,10 @@ pub fn start_notification_server() -> WebSocketUsers {
if CONFIG.websocket_enabled() {
thread::spawn(move || {
- let settings = ws::Settings {
- max_connections: 500,
- queue_size: 2,
- panic_on_internal: false,
- ..Default::default()
- };
+ let mut settings = ws::Settings::default();
+ settings.max_connections = 500;
+ settings.queue_size = 2;
+ settings.panic_on_internal = false;
ws::Builder::new()
.with_settings(settings)