Add U2F registrations support to the LDAP backend

server/ldap.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	ldaputil "git.autistici.org/ai3/go-common/ldap"
+	"github.com/tstranex/u2f"
 	"gopkg.in/ldap.v2"
 )
 
@@ -108,6 +109,7 @@ func (c *LDAPServiceConfig) userFromResponse(username string, result *ldap.Searc
 		EncryptedPassword:    []byte(dropCryptPrefix(getStringFromLDAPEntry(entry, c.Attrs["password"]))),
 		TOTPSecret:           getStringFromLDAPEntry(entry, c.Attrs["totp_secret"]),
 		AppSpecificPasswords: decodeAppSpecificPasswordList(getListFromLDAPEntry(entry, c.Attrs["app_specific_password"])),
+		U2FRegistrations:     decodeU2FRegistrationList(getListFromLDAPEntry(entry, c.Attrs["u2f_registrations"])),
 	}
 
 	return &u, true
@@ -155,6 +157,24 @@ func decodeAppSpecificPassword(enc string) (*AppSpecificPassword, error) {
 	}, nil
 }
 
+func decodeU2FRegistration(enc string) (u2f.Registration, error) {
+	var reg u2f.Registration
+	if err := reg.UnmarshalBinary([]byte(enc)); err != nil {
+		return reg, err
+	}
+	return reg, nil
+}
+
+func decodeU2FRegistrationList(encRegs []string) []u2f.Registration {
+	var out []u2f.Registration
+	for _, enc := range encRegs {
+		if r, err := decodeU2FRegistration(enc); err == nil {
+			out = append(out, r)
+		}
+	}
+	return out
+}
+
 // LDAPConfig holds the global configuration for the LDAP user backend.
 type LDAPConfig struct {
 	URI        string `yaml:"uri"`