Rename passKey to passkey
This commit is contained in:
Neeraj Gupta
Neeraj Gupta
parent
a780598607
commit
1f7d9dbb86
|
|
@ -434,7 +434,7 @@ func main() {
|
|||
publicAPI.POST("/users/two-factor/passkeys/begin", userHandler.BeginPasskeyAuthenticationCeremony)
|
||||
publicAPI.POST("/users/two-factor/passkeys/finish", userHandler.FinishPasskeyAuthenticationCeremony)
|
||||
privateAPI.GET("/users/two-factor/recovery-status", userHandler.GetTwoFactorRecoveryStatus)
|
||||
privateAPI.POST("/users/two-factor/passkeys/configure-reset", userHandler.ConfigurePassKeySkipChallenge)
|
||||
privateAPI.POST("/users/two-factor/passkeys/configure-recovery", userHandler.ConfigurePasskeyRecovery)
|
||||
privateAPI.GET("/users/two-factor/status", userHandler.GetTwoFactorStatus)
|
||||
privateAPI.POST("/users/two-factor/setup", userHandler.SetupTwoFactor)
|
||||
privateAPI.POST("/users/two-factor/enable", userHandler.EnableTwoFactor)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ type Passkey struct {
|
|||
|
||||
var MaxPasskeys = 10
|
||||
|
||||
type SetPassKeyRecoveryRequest struct {
|
||||
type SetPasskeyRecoveryRequest struct {
|
||||
Secret uuid.UUID `json:"secret" binding:"required"`
|
||||
// The UserSecretCipher has SkipSecret encrypted with the user's recoveryKey
|
||||
// If the user sends the correct UserSecretCipher, we can be sure that the user has the recoveryKey,
|
||||
|
|
@ -26,5 +26,5 @@ type TwoFactorRecoveryStatus struct {
|
|||
// AllowAdminReset is a boolean that determines if the admin can reset the user's MFA.
|
||||
// If true, in the event that the user loses their MFA device, the admin can reset the user's MFA.
|
||||
AllowAdminReset bool `json:"allowAdminReset" binding:"required"`
|
||||
IsPassKeyRecoveryEnabled bool `json:"isPassKeyRecoveryEnabled" binding:"required"`
|
||||
IsPasskeyRecoveryEnabled bool `json:"isPasskeyRecoveryEnabled" binding:"required"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -253,15 +253,15 @@ func (h *UserHandler) GetTwoFactorRecoveryStatus(c *gin.Context) {
|
|||
c.JSON(http.StatusOK, res)
|
||||
}
|
||||
|
||||
// ConfigurePassKeySkipChallenge configures the passkey skip challenge for a user. In case the user does not
|
||||
// ConfigurePasskeyRecovery configures the passkey skip challenge for a user. In case the user does not
|
||||
// have access to passkey, the user can bypass the passkey by providing the recovery key
|
||||
func (h *UserHandler) ConfigurePassKeySkipChallenge(c *gin.Context) {
|
||||
var request ente.SetPassKeyRecoveryRequest
|
||||
func (h *UserHandler) ConfigurePasskeyRecovery(c *gin.Context) {
|
||||
var request ente.SetPasskeyRecoveryRequest
|
||||
if err := c.ShouldBindJSON(&request); err != nil {
|
||||
handler.Error(c, stacktrace.Propagate(err, ""))
|
||||
return
|
||||
}
|
||||
err := h.UserController.ConfigurePassKeySkip(c, &request)
|
||||
err := h.UserController.ConfigurePasskeyRecovery(c, &request)
|
||||
if err != nil {
|
||||
handler.Error(c, stacktrace.Propagate(err, ""))
|
||||
return
|
||||
|
|
@ -405,7 +405,7 @@ func (h *UserHandler) RecoverTwoFactor(c *gin.Context) {
|
|||
twoFactorType := c.Query("twoFactorType")
|
||||
var response *ente.TwoFactorRecoveryResponse
|
||||
var err error
|
||||
if twoFactorType == "passKey" {
|
||||
if twoFactorType == "passkey" {
|
||||
response, err = h.UserController.GetPasskeyRecoveryResponse(c, sessionID)
|
||||
} else {
|
||||
response, err = h.UserController.RecoverTwoFactor(sessionID)
|
||||
|
|
@ -427,7 +427,7 @@ func (h *UserHandler) RemoveTwoFactor(c *gin.Context) {
|
|||
}
|
||||
var response *ente.TwoFactorAuthorizationResponse
|
||||
var err error
|
||||
if request.TwoFactorType == "passKey" {
|
||||
if request.TwoFactorType == "passkey" {
|
||||
response, err = h.UserController.SkipPasskeyVerification(c, &request)
|
||||
} else {
|
||||
response, err = h.UserController.RemoveTOTPTwoFactor(c, request.SessionID, request.Secret)
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ func (c *UserController) GetTwoFactorRecoveryStatus(ctx *gin.Context) (*ente.Two
|
|||
return c.TwoFactorRecoveryRepo.GetStatus(userID)
|
||||
}
|
||||
|
||||
func (c *UserController) ConfigurePassKeySkip(ctx *gin.Context, req *ente.SetPassKeyRecoveryRequest) error {
|
||||
func (c *UserController) ConfigurePasskeyRecovery(ctx *gin.Context, req *ente.SetPasskeyRecoveryRequest) error {
|
||||
userID := auth.GetUserID(ctx.Request.Header)
|
||||
return c.TwoFactorRecoveryRepo.SetPassKeyRecovery(ctx, userID, req)
|
||||
return c.TwoFactorRecoveryRepo.SetPasskeyRecovery(ctx, userID, req)
|
||||
}
|
||||
|
||||
func (c *UserController) GetPasskeyRecoveryResponse(ctx *gin.Context, passKeySessionID string) (*ente.TwoFactorRecoveryResponse, error) {
|
||||
|
|
@ -27,11 +27,11 @@ func (c *UserController) GetPasskeyRecoveryResponse(ctx *gin.Context, passKeySes
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !recoveryStatus.IsPassKeyRecoveryEnabled {
|
||||
if !recoveryStatus.IsPasskeyRecoveryEnabled {
|
||||
return nil, ente.NewBadRequestWithMessage("Passkey reset is not configured")
|
||||
}
|
||||
|
||||
result, err := c.TwoFactorRecoveryRepo.GetPasskeySkipChallenge(ctx, userID)
|
||||
result, err := c.TwoFactorRecoveryRepo.GetPasskeyRecoveryData(ctx, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -46,7 +46,7 @@ func (c *UserController) SkipPasskeyVerification(context *gin.Context, req *ente
|
|||
if err != nil {
|
||||
return nil, stacktrace.Propagate(err, "")
|
||||
}
|
||||
exists, err := c.TwoFactorRecoveryRepo.VerifyPasskeySkipSecret(userID, req.Secret)
|
||||
exists, err := c.TwoFactorRecoveryRepo.ValidatePasskeyRecoverySecret(userID, req.Secret)
|
||||
if err != nil {
|
||||
return nil, stacktrace.Propagate(err, "")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,29 +26,29 @@ func (r *Repository) GetStatus(userID int64) (*ente.TwoFactorRecoveryStatus, err
|
|||
// by default, admin
|
||||
return &ente.TwoFactorRecoveryStatus{
|
||||
AllowAdminReset: true,
|
||||
IsPassKeyRecoveryEnabled: false,
|
||||
IsPasskeyRecoveryEnabled: false,
|
||||
}, nil
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
return &ente.TwoFactorRecoveryStatus{AllowAdminReset: isAdminResetEnabled, IsPassKeyRecoveryEnabled: len(resetKey) > 0}, nil
|
||||
return &ente.TwoFactorRecoveryStatus{AllowAdminReset: isAdminResetEnabled, IsPasskeyRecoveryEnabled: len(resetKey) > 0}, nil
|
||||
}
|
||||
|
||||
func (r *Repository) SetPassKeyRecovery(ctx context.Context, userID int64, req *ente.SetPassKeyRecoveryRequest) error {
|
||||
serveEncPassKey, encRrr := crypto.Encrypt(req.Secret.String(), r.SecretEncryptionKey)
|
||||
if encRrr != nil {
|
||||
return stacktrace.Propagate(encRrr, "failed to encrypt passkey secret")
|
||||
func (r *Repository) SetPasskeyRecovery(ctx context.Context, userID int64, req *ente.SetPasskeyRecoveryRequest) error {
|
||||
serveEncPasskey, encErr := crypto.Encrypt(req.Secret.String(), r.SecretEncryptionKey)
|
||||
if encErr != nil {
|
||||
return stacktrace.Propagate(encErr, "failed to encrypt passkey secret")
|
||||
}
|
||||
_, err := r.Db.ExecContext(ctx, `INSERT INTO two_factor_recovery
|
||||
(user_id, server_passkey_secret_data, server_passkey_secret_nonce, user_passkey_secret_data, user_passkey_secret_nonce)
|
||||
VALUES ($1, $2, $3, $4, $5) ON CONFLICT (user_id)
|
||||
DO UPDATE SET server_passkey_secret_data = $2, server_passkey_secret_nonce = $3, user_passkey_secret_data = $4, user_passkey_secret_nonce = $5
|
||||
WHERE two_factor_recovery.user_passkey_secret_data IS NULL AND two_factor_recovery.server_passkey_secret_data IS NULL`,
|
||||
userID, serveEncPassKey.Cipher, serveEncPassKey.Nonce, req.UserSecretCipher, req.UserSecretNonce)
|
||||
userID, serveEncPasskey.Cipher, serveEncPasskey.Nonce, req.UserSecretCipher, req.UserSecretNonce)
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *Repository) GetPasskeySkipChallenge(ctx context.Context, userID int64) (*ente.TwoFactorRecoveryResponse, error) {
|
||||
func (r *Repository) GetPasskeyRecoveryData(ctx context.Context, userID int64) (*ente.TwoFactorRecoveryResponse, error) {
|
||||
var result *ente.TwoFactorRecoveryResponse
|
||||
err := r.Db.QueryRowContext(ctx, "SELECT user_passkey_secret_data, user_passkey_secret_nonce FROM two_factor_recovery WHERE user_id= $1", userID).Scan(result.EncryptedSecret, result.SecretDecryptionNonce)
|
||||
if err != nil {
|
||||
|
|
@ -57,8 +57,8 @@ func (r *Repository) GetPasskeySkipChallenge(ctx context.Context, userID int64)
|
|||
return result, nil
|
||||
}
|
||||
|
||||
// VerifyPasskeySkipSecret checks if the passkey skip secret is valid for a user
|
||||
func (r *Repository) VerifyPasskeySkipSecret(userID int64, skipSecret string) (bool, error) {
|
||||
// ValidatePasskeyRecoverySecret checks if the passkey skip secret is valid for a user
|
||||
func (r *Repository) ValidatePasskeyRecoverySecret(userID int64, secret string) (bool, error) {
|
||||
// get server_passkey_secret_data and server_passkey_secret_nonce for given user id
|
||||
var severSecreteData, serverSecretNonce []byte
|
||||
row := r.Db.QueryRow(`SELECT server_passkey_secret_data, server_passkey_secret_nonce FROM two_factor_recovery WHERE user_id = $1`, userID)
|
||||
|
|
@ -71,7 +71,7 @@ func (r *Repository) VerifyPasskeySkipSecret(userID int64, skipSecret string) (b
|
|||
if decErr != nil {
|
||||
return false, stacktrace.Propagate(decErr, "failed to decrypt passkey reset key")
|
||||
}
|
||||
if skipSecret != serverSkipSecretKey {
|
||||
if secret != serverSkipSecretKey {
|
||||
logrus.Warn("invalid passkey skip secret")
|
||||
return false, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue