Commit 4699068f authored by ale's avatar ale

Add U2F registrations support to the LDAP backend

parent 72bc4233
Pipeline #1017 passed with stages
in 1 minute 11 seconds
......@@ -8,6 +8,7 @@ import (
"strings"
ldaputil "git.autistici.org/ai3/go-common/ldap"
"github.com/tstranex/u2f"
"gopkg.in/ldap.v2"
)
......@@ -108,6 +109,7 @@ func (c *LDAPServiceConfig) userFromResponse(username string, result *ldap.Searc
EncryptedPassword: []byte(dropCryptPrefix(getStringFromLDAPEntry(entry, c.Attrs["password"]))),
TOTPSecret: getStringFromLDAPEntry(entry, c.Attrs["totp_secret"]),
AppSpecificPasswords: decodeAppSpecificPasswordList(getListFromLDAPEntry(entry, c.Attrs["app_specific_password"])),
U2FRegistrations: decodeU2FRegistrationList(getListFromLDAPEntry(entry, c.Attrs["u2f_registrations"])),
}
return &u, true
......@@ -155,6 +157,24 @@ func decodeAppSpecificPassword(enc string) (*AppSpecificPassword, error) {
}, nil
}
func decodeU2FRegistration(enc string) (u2f.Registration, error) {
var reg u2f.Registration
if err := reg.UnmarshalBinary([]byte(enc)); err != nil {
return reg, err
}
return reg, nil
}
func decodeU2FRegistrationList(encRegs []string) []u2f.Registration {
var out []u2f.Registration
for _, enc := range encRegs {
if r, err := decodeU2FRegistration(enc); err == nil {
out = append(out, r)
}
}
return out
}
// LDAPConfig holds the global configuration for the LDAP user backend.
type LDAPConfig struct {
URI string `yaml:"uri"`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment