generated from fluffy-bunny/fluffycore-grpc-starterkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.go
96 lines (86 loc) · 3.73 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package webauthn
import (
proto_oidc_models "github.com/fluffy-bunny/fluffycore-rage-identity/proto/oidc/models"
protocol "github.com/go-webauthn/webauthn/protocol"
go_webauthn "github.com/go-webauthn/webauthn/webauthn"
)
type (
WebAuthNUser struct {
RageUser *proto_oidc_models.RageUser
}
)
func init() {
var _ go_webauthn.User = (*WebAuthNUser)(nil)
}
func NewWebAuthNUser(rageUser *proto_oidc_models.RageUser) *WebAuthNUser {
return &WebAuthNUser{
RageUser: rageUser,
}
}
// WebAuthnID provides the user handle of the user account. A user handle is an opaque byte sequence with a maximum
// size of 64 bytes, and is not meant to be displayed to the user.
//
// To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id
// member, not the displayName nor name members. See Section 6.1 of [RFC8266].
//
// It's recommended this value is completely random and uses the entire 64 bytes.
//
// Specification: §5.4.3. User Account Parameters for Credential Generation (https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-id)
func (s *WebAuthNUser) WebAuthnID() []byte {
subject := s.RageUser.RootIdentity.Subject
return []byte(subject)
}
// WebAuthnName provides the name attribute of the user account during registration and is a human-palatable name for the user
// account, intended only for display. For example, "Alex Müller" or "田中倫". The Relying Party SHOULD let the user
// choose this, and SHOULD NOT restrict the choice more than necessary.
//
// Specification: §5.4.3. User Account Parameters for Credential Generation (https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentity)
func (s *WebAuthNUser) WebAuthnName() string {
return s.RageUser.RootIdentity.Email
}
// WebAuthnDisplayName provides the name attribute of the user account during registration and is a human-palatable
// name for the user account, intended only for display. For example, "Alex Müller" or "田中倫". The Relying Party
// SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.
//
// Specification: §5.4.3. User Account Parameters for Credential Generation (https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-displayname)
func (s *WebAuthNUser) WebAuthnDisplayName() string {
return s.RageUser.RootIdentity.Email
}
// WebAuthnCredentials provides the list of Credential objects owned by the user.
func (s *WebAuthNUser) WebAuthnCredentials() []go_webauthn.Credential {
if s.RageUser.WebAuthN == nil {
return nil
}
response := make([]go_webauthn.Credential, 0)
for _, v := range s.RageUser.WebAuthN.Credentials {
transport := make([]protocol.AuthenticatorTransport, 0)
for _, t := range v.Transport {
transport = append(transport, protocol.AuthenticatorTransport(t))
}
response = append(response, go_webauthn.Credential{
ID: v.ID,
PublicKey: v.PublicKey,
AttestationType: v.AttestationType,
Transport: transport,
Flags: go_webauthn.CredentialFlags{
UserPresent: v.Flags.UserPresent,
UserVerified: v.Flags.UserVerified,
BackupEligible: v.Flags.BackupEligible,
BackupState: v.Flags.BackupState,
},
Authenticator: go_webauthn.Authenticator{
AAGUID: v.Authenticator.AAGUID,
SignCount: v.Authenticator.SignCount,
CloneWarning: v.Authenticator.CloneWarning,
Attachment: protocol.AuthenticatorAttachment(v.Authenticator.Attachment),
},
},
)
}
return response
}
// WebAuthnIcon is a deprecated option.
// Deprecated: this has been removed from the specification recommendation. Suggest a blank string.
func (s *WebAuthNUser) WebAuthnIcon() string {
return ""
}