Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webauthn implementation #7

Merged
merged 2 commits into from Jun 23, 2021
Merged

webauthn implementation #7

merged 2 commits into from Jun 23, 2021

Conversation

nilsbehlen
Copy link
Member

Feature (closes #1):

  • Implemented PIWebAuthnSignRequest to be able to recognize when a webauthn token was triggered
  • A button will be shown in the UI if a SIgnRequest is available
  • Implemented ValidateCheckWebAuthn to send the SignResponse that is received from the browser to privacyIDEA

Internally:

  • Fixed namespace names
  • Put try-catch block around usages of dynmaic to prevent crashes
  • Refactored the usage of HttpClient to use StringContent instead of FormUrlEncoded so that we can decide what to encode. (encoding the SignResponse breaks it for the server)
  • SendRequest now properly uses the headers if any are passed

@nilsbehlen
webauthn implementation
78871c5 
Feature:
* Implemented PIWebAuthnSignRequest to be able to recognize when a webauthn token was triggered
* A button will be shown in the UI if a SIgnRequest is available
* Implemented ValidateCheckWebAuthn to send the SignResponse that is received from the browser to privacyIDEA

Internally:
* Fixed namespace names
* Put try-catch block around usages of dynmaic to prevent crashes
* Refactored the usage of HttpClient to use StringContent instead of FormUrlEncoded so that we can decide what to encode. (encoding the SignResponse breaks it for the server)
* SendRequest now properly uses the headers if any are passed
@nilsbehlen nilsbehlen self-assigned this Jun 17, 2021
@nilsbehlen nilsbehlen added this to the 1.0.0 milestone Jun 17, 2021
@nilsbehlen nilsbehlen added the Type: Enhancement New feature (internally/planned) or enhancement of existing feature label Jun 17, 2021
cornelinux
cornelinux requested changes Jun 17, 2021
View reviewed changes
Copy link
Member

@cornelinux cornelinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand a lot, so I only have some conceptual/design questions.

privacyIDEAADFSProvider/Adapter.cs
}
}
else
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would go for

else if (mode == "interactive")

and then finally do

else {
   raise Exception("Mode not supported").
}

This might be more clear, and then is allowed to fail with a u2f token.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not the mode that will be sent from privacyIDEA in the future.
It is the internal mode of the plugin, therefore there can be no mode that is not supported.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, ok. YOu are parsing the mode somewhere else. So at this point the plugin already knows the mode.

Conceptually I decided in the JSON Response to all the default mode "interactive" and not "otp", since it can be anything - like entering a PIN to be changed.

I would appreciate, if you also would call it here in the code "interactive" and not "otp", to have a uniform wording.
(The Glossry is to be done :-)

privacyIDEAADFSProvider/Adapter.cs
if (response.MultiChallenge.Count > 0)
{
// TODO
Log("multichallenge > 0");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean with "multichallenge" here?

I would like to get rid of the term "multi_challenge" in the long run, so maybe you can already talk of response.challenges.Count
or is the object created automatically from the key names like

 multi_challenge -> MultiChallenge

?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case it is the name of the field in the PIResponse class, so it could already be renamed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is up to you how you (or others) will understand the code better.

privacyIDEAADFSProvider/AuthPage.html Show resolved Hide resolved
privacyIDEAADFSProvider/PIResponse.cs Show resolved Hide resolved
privacyIDEAADFSProvider/PrivacyIDEA.cs Show resolved Hide resolved
@cornelinux cornelinux self-requested a review June 18, 2021 07:18
cornelinux
cornelinux reviewed Jun 18, 2021
View reviewed changes
Copy link
Member

@cornelinux cornelinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please consider my suggestions for naming of multiChallenge->Challenges and otp->interactive.

If not now (maybe we can let it sink in for a while) then maybe later.

@nilsbehlen
Copy link
Member Author

Please consider my suggestions for naming of multiChallenge->Challenges and otp->interactive.

If not now (maybe we can let it sink in for a while) then maybe later.

I made a new issue for that (#8). Since it is not really related to webauthn i would just merge this PR now

@cornelinux
Copy link
Member

Please consider my suggestions for naming of multiChallenge->Challenges and otp->interactive.
If not now (maybe we can let it sink in for a while) then maybe later.

I made a new issue for that (#8). Since it is not really related to webauthn i would just merge this PR now

This is a good idea! Thanks.

@cornelinux
Copy link
Member

As for me this could be merged.
I think @lukasmatusiewicz will also take a look at it?

@nilsbehlen nilsbehlen merged commit 6914c97 into main Jun 23, 2021
@nilsbehlen nilsbehlen deleted the webauthn_implementation branch February 27, 2023 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cornelinux cornelinux cornelinux requested changes

@lukasmatusiewicz lukasmatusiewicz Awaiting requested review from lukasmatusiewicz

Assignees

@nilsbehlen nilsbehlen

Labels
Type: Enhancement New feature (internally/planned) or enhancement of existing feature
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.

WebAuthn implementation
2 participants
@nilsbehlen @cornelinux