Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/pkg/app/handler/authentication/webauthn/login.go
blob: 7bf9c1d27b8614abd0721d912a60d9af147a5d44 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

package webauthn

import (
	"glsamaker/pkg/app/handler/authentication/auth_session"
	"glsamaker/pkg/app/handler/authentication/utils"
	"encoding/json"
	"fmt"
	"github.com/duo-labs/webauthn.io/session"
	webauthn_lib "github.com/duo-labs/webauthn/webauthn"
	"log"
	"net/http"
)

var (
	WebAuthn     *webauthn_lib.WebAuthn
	SessionStore *session.Store
)


func BeginLogin(w http.ResponseWriter, r *http.Request) {

	user := utils.GetAuthenticatedUser(r)

	CreateWebAuthn()
	CreateSessionStore()

	// user doesn't exist
	if user == nil {
		log.Println("Error fetching the user.")
		JsonResponse(w, "Error fetching the user.", http.StatusBadRequest)
		return
	}

	// generate PublicKeyCredentialRequestOptions, session data
	options, sessionData, err := WebAuthn.BeginLogin(user)
	if err != nil {
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// store session data as marshaled JSON
	err = SessionStore.SaveWebauthnSession("authentication", sessionData, r, w)
	if err != nil {
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusInternalServerError)
		return
	}

	JsonResponse(w, options, http.StatusOK)
}

func FinishLogin(w http.ResponseWriter, r *http.Request) {

	user := utils.GetAuthenticatedUser(r)

	// user doesn't exist
	if user == nil {
		log.Println("Error fetching the user.")
		JsonResponse(w, "Error fetching the user.", http.StatusBadRequest)
		return
	}

	// load the session data
	sessionData, err := SessionStore.GetWebauthnSession("authentication", r)
	if err != nil {
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusBadRequest)
		return
	}

	// in an actual implementation, we should perform additional checks on
	// the returned 'credential', i.e. check 'credential.Authenticator.CloneWarning'
	// and then increment the credentials counter
	_, err = WebAuthn.FinishLogin(user, sessionData, r)
	if err != nil {
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusBadRequest)
		return
	}

	// handle successful login
	// TODO handle bindLoginToIP correctly
	auth_session.Create(w, r, user, true, false)
	JsonResponse(w, "Login Success", http.StatusOK)
}

// from: https://github.com/duo-labs/webauthn.io/blob/3f03b482d21476f6b9fb82b2bf1458ff61a61d41/server/response.go#L15
func JsonResponse(w http.ResponseWriter, d interface{}, c int) {
	dj, err := json.Marshal(d)
	if err != nil {
		http.Error(w, "Error creating JSON response", http.StatusInternalServerError)
	}
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(c)
	fmt.Fprintf(w, "%s", dj)
}

func CreateWebAuthn() {

	if WebAuthn == nil {
		authn, _ := webauthn_lib.New(&webauthn_lib.Config{
			RPDisplayName: "Gentoo GLSAMaker",                               // Display Name for your site
			RPID:          "glsamakertest.gentoo.org",                       // Generally the domain name for your site
			RPOrigin:      "https://glsamakertest.gentoo.org",               // The origin URL for WebAuthn requests
			RPIcon:        "https://assets.gentoo.org/tyrian/site-logo.png", // Optional icon URL for your site
		})

		WebAuthn = authn
	}

}

func CreateSessionStore() {
	if SessionStore == nil {
		SessionStore, _ = session.NewStore()
	}
}