Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/pkg/app/handler/authentication/webauthn/register.go
blob: 4e299b310c660a9c9f76642759f3c932fbb5db51 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

package webauthn

import (
	"glsamaker/pkg/app/handler/authentication/utils"
	"glsamaker/pkg/database/connection"
	"glsamaker/pkg/logger"
	"fmt"
	"github.com/duo-labs/webauthn/protocol"
	"log"
	"net/http"
)

func BeginRegistration(w http.ResponseWriter, r *http.Request) {
	user := utils.GetAuthenticatedUser(r)

	CreateWebAuthn()
	CreateSessionStore()

	if user == nil {
		JsonResponse(w, fmt.Errorf("must supply a valid username i.e. foo@bar.com"), http.StatusBadRequest)
		return
	}

	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
	}

	// generate PublicKeyCredentialCreationOptions, session data
	//var options *protocol.CredentialCreation
	//var err error
	options, sessionData, err := WebAuthn.BeginRegistration(
		user,
		registerOptions,
	)

	if err != nil {
		log.Println("Error begin register")
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// store session data as marshaled JSON
	err = SessionStore.SaveWebauthnSession("registration", sessionData, r, w)
	if err != nil {
		log.Println("Error store session")
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusInternalServerError)
		return
	}

	JsonResponse(w, options, http.StatusOK)
}

func FinishRegistration(w http.ResponseWriter, r *http.Request) {

	authname := getParams(r)
	user := utils.GetAuthenticatedUser(r)

	if user == nil {
		JsonResponse(w, "Cannot find User", http.StatusBadRequest)
		return
	}

	// load the session data
	sessionData, err := SessionStore.GetWebauthnSession("registration", r)
	if err != nil {
		log.Println("Error loading session")
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusBadRequest)
		return
	}

	credential, err := WebAuthn.FinishRegistration(user, sessionData, r)
	if err != nil {
		log.Println("Error finish session")
		log.Println(err)
		JsonResponse(w, err.Error(), http.StatusBadRequest)
		return
	}

	user.AddCredential(*credential, authname)

	_, err = connection.DB.Model(user).Column("webauthn_credentials").WherePK().Update()
	_, err = connection.DB.Model(user).Column("webauthn_credential_names").WherePK().Update()
	if err != nil {
		logger.Error.Println("Error adding WebAuthn credentials.")
		logger.Error.Println(err)
	}

	JsonResponse(w, "Registration Success", http.StatusOK)
}

func getParams(r *http.Request) string {

	keys, ok := r.URL.Query()["name"]

	if !ok || len(keys[0]) < 1 {
		logger.Info.Println("Url Param 'name' is missing")
		return "Unnamed Authenticator"
	}

	// we only want the single item.
	key := keys[0]

	if len(key) > 20 {
		key = key[0:20]
	}

	return key
}