finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

WebAuthn CredentialID field needs to be increased in size (#20530)

Browse source 
WebAuthn have updated their specification to set the maximum size of the
CredentialID to 1023 bytes. This is somewhat larger than our current
size and therefore we need to migrate.

The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string 
to the bytes field before another migration drops the old CredentialID field. Another migration
renames this field back.

Fix #20457

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2022-07-30 14:25:26 +01:00 committed by GitHub
parent 692707f145
commit e819da0837
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 363 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

3
routers/web/auth/webauthn.go
View file

@ -5,7 +5,6 @@
package auth
import (
"encoding/base32"
"errors"
"net/http"
@ -129,7 +128,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
}
// Success! Get the credential and update the sign count with the new value we received.
dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, base32.HexEncoding.EncodeToString(cred.ID))
dbCred, err := auth.GetWebAuthnCredentialByCredID(user.ID, cred.ID)
if err != nil {
ctx.ServerError("GetWebAuthnCredentialByCredID", err)
return