Skip to content

GitLab

Commit d0ca4be4 authored by ale's avatar ale
Browse files
Options

Make the U2F AppID configurable

parent 522bc582
Pipeline #1474 passed with stages
          in 1 minute and 47 seconds
          Hide whitespace changes
          Inline Side-by-side
          Showing with 9 additions and 3 deletions
          server/config.go
          View file @ d0ca4be4
          ......@@ -33,6 +33,7 @@ type Config struct {
          SessionSecrets []string `yaml:"session_secrets"`
          CSRFSecret string `yaml:"csrf_secret"`
          AuthService string `yaml:"auth_service"`
          U2FAppID string `yaml:"u2f_app_id"`
          DeviceManager *device.Config `yaml:"device_manager"`
          KeyStore *clientutil.BackendConfig `yaml:"keystore"`
          ......
          server/http.go
          View file @ d0ca4be4
          ......@@ -137,7 +137,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
          if err != nil {
          return nil, err
          }
          s.loginHandler = newLoginHandler(s.loginCallback, devMgr, authClient, config.AuthService, s.tpl, sessionSecrets...)
          s.loginHandler = newLoginHandler(s.loginCallback, devMgr, authClient, config.AuthService, config.U2FAppID, s.tpl, sessionSecrets...)
          return s, nil
          }
          ......
          server/login.go
          View file @ d0ca4be4
          ......@@ -72,6 +72,7 @@ type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string,
          type loginHandler struct {
          authClient authclient.Client
          authService string
          u2fAppID string
          devMgr *device.Manager
          loginCallback loginCallbackFunc
          loginSessionStore sessions.Store
          ......@@ -80,7 +81,7 @@ type loginHandler struct {
          // NewLoginHandler will wrap an http.Handler with the login workflow,
          // invoking it only on successful login.
          func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authClient authclient.Client, authService string, tpl *template.Template, keyPairs ...[]byte) *loginHandler {
          func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authClient authclient.Client, authService, u2fAppID string, tpl *template.Template, keyPairs ...[]byte) *loginHandler {
          store := sessions.NewCookieStore(keyPairs...)
          store.Options = &sessions.Options{
          HttpOnly: true,
          ......@@ -273,6 +274,10 @@ func (l *loginHandler) handleU2F(w http.ResponseWriter, req *http.Request, sessi
          // Make the auth request to the authentication server.
          func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request, username, password, otp string, u2fResponse *u2f.SignResponse) (*auth.Response, error) {
          appID := l.u2fAppID
          if appID == "" {
          appID = u2fAppIDFromRequest(req)
          }
          ar := auth.Request{
          Service: l.authService,
          Username: username,
          ......@@ -280,7 +285,7 @@ func (l *loginHandler) makeAuthRequest(w http.ResponseWriter, req *http.Request,
          OTP: otp,
          DeviceInfo: l.devMgr.GetDeviceInfoFromRequest(w, req),
          U2FResponse: u2fResponse,
          U2FAppID: u2fAppIDFromRequest(req),
          U2FAppID: appID,
          }
          return l.authClient.Authenticate(req.Context(), &ar)
          }
          ......
          Markdown is supported
          0% or .
          You are about to add 0 people to the discussion. Proceed with caution.
          Finish editing this message first!
          Please register or to comment