From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>
Subject: [pbs-devel] applied-series: [PATCH proxmox-backup v2 0/4] improving webauthn handling
Date: Wed, 3 Mar 2021 14:05:57 +0100 [thread overview]
Message-ID: <7bb751c7-323c-ce76-f2a4-0c9980de28ad@proxmox.com> (raw)
In-Reply-To: <20210225090122.1094-1-d.csapak@proxmox.com>
On 25.02.21 10:01, Dominik Csapak wrote:
> it seems my gui patch for setting the userverification was a bit
> hasty, since the rust crate has some options for that
>
> this series reverts the gui part, and sets the backend
> to 'discourage' userVerification, since 'Preferred' is not more secure
> and makes logging in harder (on some devices)
>
> in the future (when [0] is solved), we could expose a server
> setting (either per instance or per user) that sets either always
> 'Discouraged' or 'Required'
>
> changes from v1:
> * show webauthn errors on login
> * explicitly handle register errors, and try to give a meaningful message
> for errors that indicate a duplicate authenticator
>
> 0: https://github.com/kanidm/webauthn-rs/pull/49
>
> Dominik Csapak (4):
> config/tfa: set UserVerificationPolicy to Discouraged
> Revert "ui: window/Settings / WebAuthn: add browser setting for
> userVerificationo"
> config/tfa: webauthn: disallow registering a token twice
> ui: LoginView: show webauthn errors in window
>
> src/config/tfa.rs | 19 ++++++++++++++++---
> www/LoginView.js | 19 ++++++++++++++-----
> www/window/AddWebauthn.js | 34 ++++++++++++++++++++++++++--------
> www/window/Settings.js | 30 +-----------------------------
> 4 files changed, 57 insertions(+), 45 deletions(-)
>
applied series, with a followup for the exception message as talked off-list, thanks!
prev parent reply other threads:[~2021-03-03 13:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 9:01 [pbs-devel] " Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 1/4] config/tfa: set UserVerificationPolicy to Discouraged Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 2/4] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo" Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 3/4] config/tfa: webauthn: disallow registering a token twice Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 4/4] ui: LoginView: show webauthn errors in window Dominik Csapak
2021-03-03 13:05 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bb751c7-323c-ce76-f2a4-0c9980de28ad@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal