forked from zitadel/zitadel
/
mfa_init_u2f.go
64 lines (57 loc) · 1.86 KB
/
mfa_init_u2f.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package login
import (
"encoding/base64"
"net/http"
http_mw "github.com/dennigogo/zitadel/internal/api/http/middleware"
"github.com/dennigogo/zitadel/internal/domain"
)
const (
tmplMFAU2FInit = "mfainitu2f"
)
type u2fInitData struct {
webAuthNData
MFAType domain.MFAType
}
func (l *Login) renderRegisterU2F(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) {
var errID, errMessage, credentialData string
var u2f *domain.WebAuthNToken
if err == nil {
u2f, err = l.command.HumanAddU2FSetup(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, true)
}
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
if u2f != nil {
credentialData = base64.RawURLEncoding.EncodeToString(u2f.CredentialCreationData)
}
data := &u2fInitData{
webAuthNData: webAuthNData{
userData: l.getUserData(r, authReq, "Register WebAuthNToken", errID, errMessage),
CredentialCreationData: credentialData,
},
MFAType: domain.MFATypeU2F,
}
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplMFAU2FInit], data, nil)
}
func (l *Login) handleRegisterU2F(w http.ResponseWriter, r *http.Request) {
data := new(webAuthNFormData)
authReq, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
l.renderError(w, r, authReq, err)
return
}
credData, err := base64.URLEncoding.DecodeString(data.CredentialData)
if err != nil {
l.renderRegisterU2F(w, r, authReq, err)
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
if _, err = l.command.HumanVerifyU2FSetup(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, data.Name, userAgentID, credData); err != nil {
l.renderRegisterU2F(w, r, authReq, err)
return
}
done := &mfaDoneData{
MFAType: domain.MFATypeU2F,
}
l.renderMFAInitDone(w, r, authReq, done)
}