mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
Replace deprecated duo-labs/webauthn with go-webauthn/webauthn (#19476)
This commit is contained in:
parent
fc42dbb8df
commit
77e10d6ff0
|
@ -20,7 +20,7 @@ syntax = "proto3";
|
|||
// capabilities of current browser implementations.
|
||||
//
|
||||
// REST-based Teleport APIs will make an effort to transmit or embed JSON
|
||||
// messages matching the github.com/duo-labs/webauthn reference implementation,
|
||||
// messages matching the github.com/go-webauthn/webauthn reference implementation,
|
||||
// to allow for easy browser integration. gRPC APIs are not meant for REST use
|
||||
// and thus make no such promises, although the correspondence should be
|
||||
// obvious.
|
||||
|
@ -42,7 +42,7 @@ option (gogoproto.unmarshaler_all) = true;
|
|||
// -----------------------------------------------------------------------------
|
||||
|
||||
// SessionData stored by the Relying Party during authentication ceremonies.
|
||||
// Mirrors https://pkg.go.dev/github.com/duo-labs/webauthn/webauthn#SessionData.
|
||||
// Mirrors https://pkg.go.dev/github.com/go-webauthn/webauthn/webauthn#SessionData.
|
||||
message SessionData {
|
||||
// Raw challenge used for the ceremony.
|
||||
bytes challenge = 1 [(gogoproto.jsontag) = "challenge,omitempty"];
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
// capabilities of current browser implementations.
|
||||
//
|
||||
// REST-based Teleport APIs will make an effort to transmit or embed JSON
|
||||
// messages matching the github.com/duo-labs/webauthn reference implementation,
|
||||
// messages matching the github.com/go-webauthn/webauthn reference implementation,
|
||||
// to allow for easy browser integration. gRPC APIs are not meant for REST use
|
||||
// and thus make no such promises, although the correspondence should be
|
||||
// obvious.
|
||||
|
@ -40,7 +40,7 @@ var _ = math.Inf
|
|||
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
|
||||
|
||||
// SessionData stored by the Relying Party during authentication ceremonies.
|
||||
// Mirrors https://pkg.go.dev/github.com/duo-labs/webauthn/webauthn#SessionData.
|
||||
// Mirrors https://pkg.go.dev/github.com/go-webauthn/webauthn/webauthn#SessionData.
|
||||
type SessionData struct {
|
||||
// Raw challenge used for the ceremony.
|
||||
Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
|
||||
|
|
47
go.mod
47
go.mod
|
@ -39,7 +39,6 @@ require (
|
|||
github.com/creack/pty v1.1.18
|
||||
github.com/datastax/go-cassandra-native-protocol v0.0.0-20220706104457-5e8aad05cf90
|
||||
github.com/denisenkom/go-mssqldb v0.11.0 // replaced
|
||||
github.com/duo-labs/webauthn v0.0.0-20220815211337-00c9fb5711f5
|
||||
github.com/dustin/go-humanize v1.0.0
|
||||
github.com/elastic/go-elasticsearch/v8 v8.5.0
|
||||
github.com/flynn/hid v0.0.0-20190502022136-f1b9b6cc019a
|
||||
|
@ -53,6 +52,7 @@ require (
|
|||
github.com/go-mysql-org/go-mysql v1.5.0 // replaced
|
||||
github.com/go-piv/piv-go v1.10.0
|
||||
github.com/go-redis/redis/v9 v9.0.0-rc.1 // replaced
|
||||
github.com/go-webauthn/webauthn v0.5.0
|
||||
github.com/gobuffalo/flect v0.3.0
|
||||
github.com/gocql/gocql v1.3.0
|
||||
github.com/gofrs/flock v0.8.1
|
||||
|
@ -213,28 +213,18 @@ require (
|
|||
github.com/aws/aws-sdk-go-v2/service/sso v1.11.25 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.8 // indirect
|
||||
github.com/aws/smithy-go v1.13.5 // indirect
|
||||
github.com/benbjohnson/clock v1.1.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/bgentry/speakeasy v0.1.0 // indirect
|
||||
github.com/boombuler/barcode v1.0.1 // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
|
||||
github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.1.2 // indirect
|
||||
github.com/chai2010/gettext-go v1.0.2 // indirect
|
||||
github.com/cloudflare/cfssl v1.6.1 // indirect
|
||||
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
|
||||
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 // indirect
|
||||
github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534 // indirect
|
||||
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
|
||||
github.com/danieljoos/wincred v1.1.2 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
|
||||
github.com/elastic/elastic-transport-go/v8 v8.1.0 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
|
||||
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect
|
||||
github.com/envoyproxy/protoc-gen-validate v0.6.1 // indirect
|
||||
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
|
||||
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
|
||||
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
|
||||
|
@ -242,7 +232,6 @@ require (
|
|||
github.com/felixge/httpsnoop v1.0.3 // indirect
|
||||
github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect
|
||||
github.com/fsnotify/fsnotify v1.6.0 // indirect
|
||||
github.com/fullstorydev/grpcurl v1.8.1 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.1 // indirect
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
|
||||
github.com/go-errors/errors v1.0.1 // indirect
|
||||
|
@ -251,26 +240,23 @@ require (
|
|||
github.com/go-openapi/jsonpointer v0.19.5 // indirect
|
||||
github.com/go-openapi/jsonreference v0.20.0 // indirect
|
||||
github.com/go-openapi/swag v0.22.3 // indirect
|
||||
github.com/go-webauthn/revoke v0.1.6 // indirect
|
||||
github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
|
||||
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
|
||||
github.com/golang-sql/sqlexp v0.0.0-20170517235910-f1bb20e5a188 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/mock v1.6.0 // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/golang/snappy v0.0.3 // indirect
|
||||
github.com/google/certificate-transparency-go v1.1.2-0.20210511102531-373a877eec92 // indirect
|
||||
github.com/google/flatbuffers v22.9.29+incompatible // indirect
|
||||
github.com/google/gnostic v0.6.9 // indirect
|
||||
github.com/google/go-tpm v0.3.3 // indirect
|
||||
github.com/google/gofuzz v1.2.0 // indirect
|
||||
github.com/google/renameio/v2 v2.0.0 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
|
||||
github.com/gorilla/handlers v1.5.1 // indirect
|
||||
github.com/gorilla/mux v1.8.0 // indirect
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.2.0.20220308023801-e4a6915ea237 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
|
||||
github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
|
||||
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect
|
||||
|
@ -287,7 +273,6 @@ require (
|
|||
github.com/jcmturner/gofork v1.7.6 // indirect
|
||||
github.com/jcmturner/goidentity/v6 v6.0.1 // indirect
|
||||
github.com/jcmturner/rpc/v2 v2.0.3 // indirect
|
||||
github.com/jhump/protoreflect v1.8.2 // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/josharian/intern v1.0.0 // indirect
|
||||
github.com/josharian/native v1.0.0 // indirect
|
||||
|
@ -317,7 +302,6 @@ require (
|
|||
github.com/mtibben/percent v0.2.1 // indirect
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/nsf/termbox-go v1.1.1 // indirect
|
||||
github.com/olekukonko/tablewriter v0.0.5 // indirect
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
|
||||
github.com/pierrec/lz4/v4 v4.1.17 // indirect
|
||||
github.com/pingcap/errors v0.11.5-0.20201126102027-b0a155152ca3 // indirect
|
||||
|
@ -331,17 +315,13 @@ require (
|
|||
github.com/rogpeppe/go-internal v1.9.0 // indirect
|
||||
github.com/rs/zerolog v1.28.0 // indirect
|
||||
github.com/russross/blackfriday v1.5.2 // indirect
|
||||
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
||||
github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
|
||||
github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
|
||||
github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
|
||||
github.com/siddontang/go-log v0.0.0-20180807004314-8d05993dda07 // indirect
|
||||
github.com/soheilhy/cmux v0.1.5 // indirect
|
||||
github.com/spf13/cobra v1.6.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/thales-e-security/pool v0.0.2 // indirect
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
|
||||
github.com/urfave/cli v1.22.5 // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
|
||||
github.com/xdg-go/scram v1.1.1 // indirect
|
||||
|
@ -349,20 +329,10 @@ require (
|
|||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
|
||||
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
|
||||
github.com/xlab/treeprint v1.1.0 // indirect
|
||||
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
|
||||
github.com/yuin/gopher-lua v0.0.0-20220504180219-658193537a64 // indirect
|
||||
go.etcd.io/bbolt v1.3.6 // indirect
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.6 // indirect
|
||||
go.etcd.io/etcd/client/v2 v2.305.5 // indirect
|
||||
go.etcd.io/etcd/etcdctl/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/etcdutl/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/raft/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/server/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/tests/v3 v3.5.5 // indirect
|
||||
go.etcd.io/etcd/v3 v3.5.5 // indirect
|
||||
go.opencensus.io v0.24.0 // indirect
|
||||
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2 // indirect
|
||||
go.opentelemetry.io/otel/metric v0.34.0 // indirect
|
||||
|
@ -374,10 +344,8 @@ require (
|
|||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
|
||||
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
|
||||
k8s.io/component-base v0.25.4 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
|
||||
|
@ -401,12 +369,3 @@ replace (
|
|||
github.com/sirupsen/logrus => github.com/gravitational/logrus v1.4.4-0.20210817004754-047e20245621
|
||||
github.com/vulcand/predicate => github.com/gravitational/predicate v1.3.0
|
||||
)
|
||||
|
||||
// Exclude etcd/v3 from the modules graph.
|
||||
// etcd is pulled as a tool dependency by [certificate-transparency-go][1], so
|
||||
// it's not a necessary import, but it causes problems with [opentelemetry
|
||||
// versions >=v1.5.0][2] due to deleted packages (metric/number and
|
||||
// metric/sdkapi).
|
||||
// [1]: https://github.com/google/certificate-transparency-go/blob/9df679d49f8d16130c6c42334430ffc54a9bd074/tools.go#L23
|
||||
// [2]: https://github.com/open-telemetry/opentelemetry-go/tree/v1.4.0/metric
|
||||
exclude go.etcd.io/etcd/v3 v3.5.0-alpha.0
|
||||
|
|
|
@ -33,7 +33,7 @@ import (
|
|||
"math/big"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
)
|
||||
|
||||
|
|
|
@ -23,9 +23,9 @@ import (
|
|||
"encoding/binary"
|
||||
"encoding/json"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
|
||||
wanlib "github.com/gravitational/teleport/lib/auth/webauthn"
|
||||
|
|
|
@ -30,9 +30,9 @@ import (
|
|||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
|
@ -515,7 +515,8 @@ func Login(origin, user string, assertion *wanlib.CredentialAssertion, picker Cr
|
|||
func pickCredential(
|
||||
actx AuthContext,
|
||||
infos []CredentialInfo, allowedCredentials []protocol.CredentialDescriptor,
|
||||
picker CredentialPicker, promptOnce func(), userRequested bool) (*CredentialInfo, error) {
|
||||
picker CredentialPicker, promptOnce func(), userRequested bool,
|
||||
) (*CredentialInfo, error) {
|
||||
// Handle early exits.
|
||||
switch l := len(infos); {
|
||||
// MFA.
|
||||
|
|
|
@ -27,9 +27,9 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
|
|
@ -18,7 +18,7 @@ import (
|
|||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"golang.org/x/exp/slices"
|
||||
|
|
|
@ -26,8 +26,8 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
|
@ -42,7 +42,7 @@ type attestationTest struct {
|
|||
}
|
||||
|
||||
func TestVerifyAttestation(t *testing.T) {
|
||||
var sig = []byte{1, 2, 3} // fake signature
|
||||
sig := []byte{1, 2, 3} // fake signature
|
||||
|
||||
// secureKeyCA stands for a security key manufacturer CA.
|
||||
// In practice, attestation certs are likely to derive directly from this one,
|
||||
|
|
|
@ -17,8 +17,8 @@ limitations under the License.
|
|||
package webauthn
|
||||
|
||||
import (
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
|
||||
"github.com/gravitational/teleport/api/types"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
|
|
|
@ -20,9 +20,9 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"crypto/x509"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
|
|
|
@ -20,13 +20,12 @@ import (
|
|||
"bytes"
|
||||
"testing"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func FuzzParseCredentialCreationResponseBody(f *testing.F) {
|
||||
f.Fuzz(func(t *testing.T, body []byte) {
|
||||
|
||||
require.NotPanics(t, func() {
|
||||
protocol.ParseCredentialCreationResponseBody(bytes.NewReader(body))
|
||||
})
|
||||
|
@ -35,7 +34,6 @@ func FuzzParseCredentialCreationResponseBody(f *testing.F) {
|
|||
|
||||
func FuzzParseCredentialRequestResponseBody(f *testing.F) {
|
||||
f.Fuzz(func(t *testing.T, body []byte) {
|
||||
|
||||
require.NotPanics(t, func() {
|
||||
protocol.ParseCredentialRequestResponseBody(bytes.NewReader(body))
|
||||
})
|
||||
|
|
|
@ -24,8 +24,8 @@ import (
|
|||
"sort"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gogo/protobuf/proto"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/gravitational/trace"
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
package webauthn
|
||||
|
||||
import (
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
)
|
||||
|
||||
|
|
|
@ -19,8 +19,8 @@ import (
|
|||
"encoding/json"
|
||||
"testing"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
@ -247,7 +247,7 @@ func TestRequireResidentKey(t *testing.T) {
|
|||
name: "required and rrk=false",
|
||||
in: protocol.AuthenticatorSelection{
|
||||
ResidentKey: protocol.ResidentKeyRequirementRequired,
|
||||
RequireResidentKey: protocol.ResidentKeyUnrequired(),
|
||||
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
||||
},
|
||||
wantErr: "invalid combination of ResidentKey",
|
||||
},
|
||||
|
|
|
@ -17,8 +17,8 @@ package webauthn
|
|||
import (
|
||||
"encoding/base64"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
|
||||
wantypes "github.com/gravitational/teleport/api/types/webauthn"
|
||||
)
|
||||
|
|
|
@ -22,8 +22,8 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/google/uuid"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
|
|
@ -21,7 +21,7 @@ import (
|
|||
"sort"
|
||||
"testing"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
|
|
@ -19,8 +19,8 @@ package webauthn
|
|||
import (
|
||||
"encoding/base64"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/gravitational/trace"
|
||||
|
||||
wantypes "github.com/gravitational/teleport/api/types/webauthn"
|
||||
|
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
package webauthn
|
||||
|
||||
import (
|
||||
wan "github.com/duo-labs/webauthn/webauthn"
|
||||
wan "github.com/go-webauthn/webauthn/webauthn"
|
||||
|
||||
"github.com/gravitational/teleport/api/types"
|
||||
)
|
||||
|
|
|
@ -28,9 +28,9 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/keys-pub/go-libfido2"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
@ -78,10 +78,12 @@ type FIDODevice interface {
|
|||
}
|
||||
|
||||
// fidoDeviceLocations and fidoNewDevice are used to allow testing.
|
||||
var fidoDeviceLocations = libfido2.DeviceLocations
|
||||
var fidoNewDevice = func(path string) (FIDODevice, error) {
|
||||
return libfido2.NewDevice(path)
|
||||
}
|
||||
var (
|
||||
fidoDeviceLocations = libfido2.DeviceLocations
|
||||
fidoNewDevice = func(path string) (FIDODevice, error) {
|
||||
return libfido2.NewDevice(path)
|
||||
}
|
||||
)
|
||||
|
||||
// isLibfido2Enabled returns true if libfido2 is available in the current build.
|
||||
func isLibfido2Enabled() bool {
|
||||
|
@ -275,7 +277,8 @@ func discoverRPID(dev FIDODevice, info *deviceInfo, pin, rpID, appID string, all
|
|||
}
|
||||
|
||||
func pickAssertion(
|
||||
assertions []*libfido2.Assertion, prompt LoginPrompt, user string, passwordless bool) (*libfido2.Assertion, error) {
|
||||
assertions []*libfido2.Assertion, prompt LoginPrompt, user string, passwordless bool,
|
||||
) (*libfido2.Assertion, error) {
|
||||
switch l := len(assertions); {
|
||||
// Shouldn't happen, but let's be safe and handle it anyway.
|
||||
case l == 0:
|
||||
|
@ -540,9 +543,11 @@ type deviceWithInfo struct {
|
|||
info *deviceInfo
|
||||
}
|
||||
|
||||
type deviceFilterFunc func(dev FIDODevice, info *deviceInfo) error
|
||||
type deviceCallbackFunc func(dev FIDODevice, info *deviceInfo, pin string) error
|
||||
type pinAwareCallbackFunc func(dev FIDODevice, info *deviceInfo, pin string) (requiresPIN bool, err error)
|
||||
type (
|
||||
deviceFilterFunc func(dev FIDODevice, info *deviceInfo) error
|
||||
deviceCallbackFunc func(dev FIDODevice, info *deviceInfo, pin string) error
|
||||
pinAwareCallbackFunc func(dev FIDODevice, info *deviceInfo, pin string) (requiresPIN bool, err error)
|
||||
)
|
||||
|
||||
// runPrompt defines the prompt operations necessary for runOnFIDO2Devices.
|
||||
// (RegisterPrompt happens to match the minimal interface required.)
|
||||
|
@ -552,7 +557,8 @@ func runOnFIDO2Devices(
|
|||
ctx context.Context,
|
||||
prompt runPrompt,
|
||||
filter deviceFilterFunc,
|
||||
deviceCallback deviceCallbackFunc) error {
|
||||
deviceCallback deviceCallbackFunc,
|
||||
) error {
|
||||
// About to select, prompt user.
|
||||
if err := prompt.PromptTouch(); err != nil {
|
||||
return trace.Wrap(err)
|
||||
|
@ -887,7 +893,8 @@ func findDevices(knownPaths map[string]struct{}) ([]*deviceWithInfo, error) {
|
|||
|
||||
func selectDevice(
|
||||
ctx context.Context,
|
||||
pin string, dev *deviceWithInfo, cb pinAwareCallbackFunc) (requiresPIN bool, err error) {
|
||||
pin string, dev *deviceWithInfo, cb pinAwareCallbackFunc,
|
||||
) (requiresPIN bool, err error) {
|
||||
// Spin a goroutine to run the callback so we can deal with context
|
||||
// cancellation.
|
||||
done := make(chan struct{})
|
||||
|
|
|
@ -19,8 +19,8 @@ import (
|
|||
"io"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
|
||||
"github.com/gravitational/teleport/api/client/proto"
|
||||
|
|
|
@ -27,9 +27,9 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/keys-pub/go-libfido2"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
@ -42,8 +42,10 @@ import (
|
|||
wancli "github.com/gravitational/teleport/lib/auth/webauthncli"
|
||||
)
|
||||
|
||||
var makeCredentialAuthDataRaw, makeCredentialAuthDataCBOR, makeCredentialSig []byte
|
||||
var assertionAuthDataRaw, assertionAuthDataCBOR, assertionSig []byte
|
||||
var (
|
||||
makeCredentialAuthDataRaw, makeCredentialAuthDataCBOR, makeCredentialSig []byte
|
||||
assertionAuthDataRaw, assertionAuthDataCBOR, assertionSig []byte
|
||||
)
|
||||
|
||||
func init() {
|
||||
// Initialize arrays with random data, but use realistic sizes.
|
||||
|
@ -189,8 +191,8 @@ func TestFIDO2Login(t *testing.T) {
|
|||
// User IDs and names for resident credentials / passwordless.
|
||||
const llamaName = "llama"
|
||||
const alpacaName = "alpaca"
|
||||
var llamaID = make([]byte, 16)
|
||||
var alpacaID = make([]byte, 16)
|
||||
llamaID := make([]byte, 16)
|
||||
alpacaID := make([]byte, 16)
|
||||
for _, b := range [][]byte{llamaID, alpacaID} {
|
||||
_, err := rand.Read(b)
|
||||
require.NoError(t, err, "Read failed")
|
||||
|
@ -1236,7 +1238,7 @@ func TestFIDO2_LoginRegister_interactionErrors(t *testing.T) {
|
|||
},
|
||||
},
|
||||
AuthenticatorSelection: protocol.AuthenticatorSelection{
|
||||
RequireResidentKey: protocol.ResidentKeyUnrequired(),
|
||||
RequireResidentKey: protocol.ResidentKeyNotRequired(),
|
||||
ResidentKey: protocol.ResidentKeyRequirementDiscouraged,
|
||||
UserVerification: protocol.VerificationDiscouraged,
|
||||
},
|
||||
|
|
|
@ -22,8 +22,8 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/flynn/u2f/u2ftoken"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
|
||||
"github.com/gravitational/teleport/api/client/proto"
|
||||
|
|
|
@ -25,10 +25,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/flynn/hid"
|
||||
"github.com/flynn/u2f/u2fhid"
|
||||
"github.com/flynn/u2f/u2ftoken"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
|
|
|
@ -27,10 +27,10 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/flynn/u2f/u2ftoken"
|
||||
"github.com/fxamacker/cbor/v2"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
|
|
|
@ -19,8 +19,8 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/gravitational/teleport/api/types"
|
||||
|
|
|
@ -25,8 +25,8 @@ import (
|
|||
"io"
|
||||
"os"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/gravitational/trace"
|
||||
|
||||
"github.com/gravitational/teleport/api/client/proto"
|
||||
|
|
|
@ -20,8 +20,8 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/duo-labs/webauthn/protocol/webauthncose"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol/webauthncose"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
|
@ -76,7 +76,6 @@ func TestRegister(t *testing.T) {
|
|||
origin: origin,
|
||||
createCC: func() *wanlib.CredentialCreation { return okCC },
|
||||
assertFn: func(t *testing.T, ccr *webauthn.CredentialCreationResponse, req *makeCredentialRequest) {
|
||||
|
||||
assert.Equal(t, webauthnAttachmentAny, req.opts.dwAuthenticatorAttachment)
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationDiscouraged, req.opts.dwUserVerificationRequirement)
|
||||
|
@ -96,7 +95,6 @@ func TestRegister(t *testing.T) {
|
|||
return &cc
|
||||
},
|
||||
assertFn: func(t *testing.T, ccr *webauthn.CredentialCreationResponse, req *makeCredentialRequest) {
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationRequired, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
assert.Equal(t, webauthnAttachmentCrossPlatform, req.opts.dwAuthenticatorAttachment)
|
||||
|
@ -114,7 +112,6 @@ func TestRegister(t *testing.T) {
|
|||
return &cc
|
||||
},
|
||||
assertFn: func(t *testing.T, ccr *webauthn.CredentialCreationResponse, req *makeCredentialRequest) {
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationPreferred, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
assert.Equal(t, webauthnAttachmentPlatform, req.opts.dwAuthenticatorAttachment)
|
||||
|
@ -129,9 +126,7 @@ func TestRegister(t *testing.T) {
|
|||
return &cc
|
||||
},
|
||||
assertFn: func(t *testing.T, ccr *webauthn.CredentialCreationResponse, req *makeCredentialRequest) {
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationDiscouraged, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -160,7 +155,6 @@ func TestRegister(t *testing.T) {
|
|||
if test.assertFn != nil {
|
||||
test.assertFn(t, resp.GetWebauthn(), mock.makeCredentialReq)
|
||||
}
|
||||
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -193,7 +187,6 @@ func TestLogin(t *testing.T) {
|
|||
origin: origin,
|
||||
assertionIn: func() *wanlib.CredentialAssertion { return okAssertion },
|
||||
assertFn: func(t *testing.T, car *webauthn.CredentialAssertionResponse, req *getAssertionRequest) {
|
||||
|
||||
assert.Equal(t, uint32(6), req.opts.dwVersion)
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationDiscouraged, req.opts.dwUserVerificationRequirement)
|
||||
|
@ -211,13 +204,11 @@ func TestLogin(t *testing.T) {
|
|||
},
|
||||
opts: LoginOpts{AuthenticatorAttachment: AttachmentPlatform},
|
||||
assertFn: func(t *testing.T, car *webauthn.CredentialAssertionResponse, req *getAssertionRequest) {
|
||||
|
||||
assert.Equal(t, uint32(6), req.opts.dwVersion)
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationRequired, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
assert.Equal(t, webauthnAttachmentPlatform, req.opts.dwAuthenticatorAttachment)
|
||||
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -230,13 +221,11 @@ func TestLogin(t *testing.T) {
|
|||
},
|
||||
opts: LoginOpts{AuthenticatorAttachment: AttachmentCrossPlatform},
|
||||
assertFn: func(t *testing.T, car *webauthn.CredentialAssertionResponse, req *getAssertionRequest) {
|
||||
|
||||
assert.Equal(t, uint32(6), req.opts.dwVersion)
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationPreferred, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
assert.Equal(t, webauthnAttachmentCrossPlatform, req.opts.dwAuthenticatorAttachment)
|
||||
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -249,11 +238,9 @@ func TestLogin(t *testing.T) {
|
|||
},
|
||||
opts: LoginOpts{AuthenticatorAttachment: AttachmentCrossPlatform},
|
||||
assertFn: func(t *testing.T, car *webauthn.CredentialAssertionResponse, req *getAssertionRequest) {
|
||||
|
||||
assert.Equal(t, uint32(6), req.opts.dwVersion)
|
||||
|
||||
assert.Equal(t, webauthnUserVerificationDiscouraged, req.opts.dwUserVerificationRequirement)
|
||||
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@ import (
|
|||
"syscall"
|
||||
"unicode/utf16"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
)
|
||||
|
||||
|
@ -172,7 +172,6 @@ func clientDataToCType(challenge, origin, cdType string) (*webauthnClientData, [
|
|||
pbClientDataJSON: &jsonCD[0],
|
||||
pwszHashAlgID: algID,
|
||||
}, jsonCD, nil
|
||||
|
||||
}
|
||||
|
||||
func credentialsExToCType(in []protocol.CredentialDescriptor) (*webauthnCredentialList, error) {
|
||||
|
|
|
@ -21,7 +21,7 @@ import (
|
|||
"syscall"
|
||||
"unsafe"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/trace"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/windows"
|
||||
|
|
|
@ -30,7 +30,7 @@ import (
|
|||
"runtime"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gravitational/roundtrip"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
|
@ -22,7 +22,7 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/google/uuid"
|
||||
"github.com/gravitational/trace"
|
||||
|
|
|
@ -28,7 +28,7 @@ import (
|
|||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"github.com/duo-labs/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/google/go-cmp/cmp/cmpopts"
|
||||
"github.com/gravitational/trace"
|
||||
|
|
Loading…
Reference in a new issue