diff options
| author | Satsuki Yanagi <17376330+u1-liquid@users.noreply.github.com> | 2019-07-07 01:38:36 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2019-07-07 01:38:36 +0900 |
| commit | 047a46d96689a97bee4c843fcd86e63b816846f1 (patch) | |
| tree | 6c5c2f8c06941c36207986c5adc0e1c7a23647b4 /src/server | |
| parent | Pages: ボタンを色付き表示できるように (diff) | |
| download | sharkey-047a46d96689a97bee4c843fcd86e63b816846f1.tar.gz sharkey-047a46d96689a97bee4c843fcd86e63b816846f1.tar.bz2 sharkey-047a46d96689a97bee4c843fcd86e63b816846f1.zip | |
Support password-less login with WebAuthn (#5112)
* Support password-less login with WebAuthn
* Fix initial value of usePasswordLessLogin
Diffstat (limited to 'src/server')
| -rw-r--r-- | src/server/api/endpoints/i/2fa/password-less.ts | 21 | ||||
| -rw-r--r-- | src/server/api/private/signin.ts | 36 |
2 files changed, 49 insertions, 8 deletions
diff --git a/src/server/api/endpoints/i/2fa/password-less.ts b/src/server/api/endpoints/i/2fa/password-less.ts new file mode 100644 index 0000000000..19e75ca1c5 --- /dev/null +++ b/src/server/api/endpoints/i/2fa/password-less.ts @@ -0,0 +1,21 @@ +import $ from 'cafy'; +import define from '../../../define'; +import { UserProfiles } from '../../../../../models'; + +export const meta = { + requireCredential: true, + + secure: true, + + params: { + value: { + validator: $.boolean + } + } +}; + +export default define(meta, async (ps, user) => { + await UserProfiles.update(user.id, { + usePasswordLessLogin: ps.value + }); +}); diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index bc9346d088..67afed760b 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -72,19 +72,25 @@ export default async (ctx: Koa.BaseContext) => { } } - if (!same) { - await fail(403, { - error: 'incorrect password' - }); - return; - } - if (!profile.twoFactorEnabled) { - signin(ctx, user); + if (same) { + signin(ctx, user); + } else { + await fail(403, { + error: 'incorrect password' + }); + } return; } if (token) { + if (!same) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const verified = (speakeasy as any).totp.verify({ secret: profile.twoFactorSecret, encoding: 'base32', @@ -101,6 +107,13 @@ export default async (ctx: Koa.BaseContext) => { return; } } else if (body.credentialId) { + if (!same && !profile.usePasswordLessLogin) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const clientDataJSON = Buffer.from(body.clientDataJSON, 'hex'); const clientData = JSON.parse(clientDataJSON.toString('utf-8')); const challenge = await AttestationChallenges.findOne({ @@ -163,6 +176,13 @@ export default async (ctx: Koa.BaseContext) => { return; } } else { + if (!same && !profile.usePasswordLessLogin) { + await fail(403, { + error: 'incorrect password' + }); + return; + } + const keys = await UserSecurityKeys.find({ userId: user.id }); |