Fix bugs with WebAuthn preventing sign in and registration. (#22651)

This PR fixes two bugs with Webauthn support:

* There was a longstanding bug within webauthn due to the backend using
URLEncodedBase64 but the javascript using decoding using plain base64.
This causes intermittent issues with users reporting decoding errors.
* Following the recent upgrade to webauthn there was a change in the way
the library expects RPOrigins to be configured. This leads to the
Relying Party Origin not being configured and prevents registration.

Fix #22507

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

modules/auth/webauthn/webauthn.go

@@ -28,7 +28,7 @@ func Init() {
 		Config: &webauthn.Config{
 			RPDisplayName: setting.AppName,
 			RPID:          setting.Domain,
-			RPOrigin:      appURL,
+			RPOrigins:     []string{appURL},
 			AuthenticatorSelection: protocol.AuthenticatorSelection{
 				UserVerification: "discouraged",
 			},

modules/auth/webauthn/webauthn_test.go

@@ -15,11 +15,11 @@ func TestInit(t *testing.T) {
 	setting.Domain = "domain"
 	setting.AppName = "AppName"
 	setting.AppURL = "https://domain/"
-	rpOrigin := "https://domain"
+	rpOrigin := []string{"https://domain"}
 
 	Init()
 
 	assert.Equal(t, setting.Domain, WebAuthn.Config.RPID)
 	assert.Equal(t, setting.AppName, WebAuthn.Config.RPDisplayName)
-	assert.Equal(t, rpOrigin, WebAuthn.Config.RPOrigin)
+	assert.Equal(t, rpOrigin, WebAuthn.Config.RPOrigins)
 }