all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATCH proxmox] tfa: webauthn: serialize OriginUrl following RFC6454
@ 2024-04-23 11:19 Maximiliano Sandoval
  2024-06-03  9:24 ` Wolfgang Bumiller
  2024-07-03 13:28 ` [pbs-devel] applied:] " Wolfgang Bumiller
  0 siblings, 2 replies; 3+ messages in thread
From: Maximiliano Sandoval @ 2024-04-23 11:19 UTC (permalink / raw)
  To: pbs-devel

We serialize `OriginUrl` using the ASCII serialization mentioned at
[RFC6454] section 6.2 or [1]. Note that the unicode serialization is not
used widely adopted [2].

Note that `url::Url` serialize with a trailign slash, e.g.
https://foo.bar serializes as https://foo.bar/ which is not the origin
for this domain.

[RFC6454] https://www.rfc-editor.org/rfc/rfc6454
[1] https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
[2] https://html.spec.whatwg.org/multipage/browsers.html#unicode-serialisation-of-an-origin

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---

I tested that existing hardware keys would still unlock the user after
installing this patch.

 proxmox-tfa/src/api/webauthn.rs | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/proxmox-tfa/src/api/webauthn.rs b/proxmox-tfa/src/api/webauthn.rs
index 0f908229..4c854011 100644
--- a/proxmox-tfa/src/api/webauthn.rs
+++ b/proxmox-tfa/src/api/webauthn.rs
@@ -10,10 +10,19 @@ use proxmox_schema::{api, Updater, UpdaterType};
 
 use super::IsExpired;
 
-#[derive(Clone, Deserialize, Serialize)]
+#[derive(Clone, Deserialize)]
 /// Origin URL for WebauthnConfig
 pub struct OriginUrl(Url);
 
+impl serde::Serialize for OriginUrl {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        serializer.serialize_str(&self.to_string())
+    }
+}
+
 #[cfg(feature = "api-types")]
 impl UpdaterType for OriginUrl {
     type Updater = Option<Self>;
@@ -27,23 +36,15 @@ impl std::str::FromStr for OriginUrl {
     }
 }
 
-impl std::ops::Deref for OriginUrl {
-    type Target = Url;
-
-    fn deref(&self) -> &Url {
-        &self.0
-    }
-}
-
-impl std::ops::DerefMut for OriginUrl {
-    fn deref_mut(&mut self) -> &mut Url {
-        &mut self.0
+impl From<OriginUrl> for String {
+    fn from(url: OriginUrl) -> String {
+        url.to_string()
     }
 }
 
-impl From<OriginUrl> for String {
-    fn from(url: OriginUrl) -> String {
-        url.0.into()
+impl OriginUrl {
+    fn to_string(&self) -> String {
+        self.0.origin().ascii_serialization()
     }
 }
 
@@ -90,7 +91,7 @@ impl WebauthnConfig {
     pub fn digest(&self) -> [u8; 32] {
         let mut data = format!("rp={:?}\nid={:?}\n", self.rp, self.id,);
         if let Some(origin) = &self.origin {
-            data.push_str(&format!("origin={:?}\n", origin.as_str()));
+            data.push_str(&format!("origin={}\n", origin.to_string()));
         }
         openssl::sha::sha256(data.as_bytes())
     }
-- 
2.39.2



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-07-03 13:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-23 11:19 [pbs-devel] [PATCH proxmox] tfa: webauthn: serialize OriginUrl following RFC6454 Maximiliano Sandoval
2024-06-03  9:24 ` Wolfgang Bumiller
2024-07-03 13:28 ` [pbs-devel] applied:] " Wolfgang Bumiller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal