From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/3] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo"
Date: Mon, 22 Feb 2021 10:43:00 +0100 [thread overview]
Message-ID: <20210222094301.13858-3-d.csapak@proxmox.com> (raw)
In-Reply-To: <20210222094301.13858-1-d.csapak@proxmox.com>
even if the options *could* be set in the frontend, the backend
actually has to do validation of those settings, thus we should not
make that a browser setting
additionally, having the value 'preferred' does not actually make sense,
since it does not add any security (the backend currently skips the
user verification check then)
This reverts commit aca4c2b5a9de23f7cafab92da0f88123f4ca5d8c.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
www/LoginView.js | 5 -----
www/window/AddWebauthn.js | 7 -------
www/window/Settings.js | 30 +-----------------------------
3 files changed, 1 insertion(+), 41 deletions(-)
diff --git a/www/LoginView.js b/www/LoginView.js
index a3ffec77..1c7a977c 100644
--- a/www/LoginView.js
+++ b/www/LoginView.js
@@ -390,11 +390,6 @@ Ext.define('PBS.login.TfaWindow', {
// Byte array fixup, keep challenge string:
challenge.string = challenge.publicKey.challenge;
challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string);
- let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
- if (userVerification !== undefined) {
- challenge.publicKey.userVerification = userVerification;
- }
-
for (const cred of challenge.publicKey.allowCredentials) {
cred.id = PBS.Utils.base64url_to_bytes(cred.id);
}
diff --git a/www/window/AddWebauthn.js b/www/window/AddWebauthn.js
index d2434f2c..16731a63 100644
--- a/www/window/AddWebauthn.js
+++ b/www/window/AddWebauthn.js
@@ -79,13 +79,6 @@ Ext.define('PBS.window.AddWebauthn', {
// string to pass in the response:
let challenge_str = challenge_obj.publicKey.challenge;
challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
- let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
- if (userVerification !== undefined) {
- challenge_obj.publicKey.authenticatorSelection = {
- userVerification,
- };
- }
-
challenge_obj.publicKey.user.id =
PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id);
diff --git a/www/window/Settings.js b/www/window/Settings.js
index 7059605c..ee8464be 100644
--- a/www/window/Settings.js
+++ b/www/window/Settings.js
@@ -30,9 +30,6 @@ Ext.define('PBS.window.Settings', {
let username = sp.get('login-username') || Proxmox.Utils.noneText;
me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));
- let userverification= sp.get('webauthn-user-verification') || '__default__';
- me.lookupReference('webauthnUserVerification').setValue(userverification);
-
let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight'];
settings.forEach(function(setting) {
let val = localStorage.getItem('pve-xterm-' + setting);
@@ -94,7 +91,7 @@ Ext.define('PBS.window.Settings', {
},
'button[name=reset]': {
click: function() {
- let blacklist = ['login-username', 'webauthn-user-verification'];
+ let blacklist = ['login-username'];
let sp = Ext.state.Manager.getProvider();
for (const state of Object.values(sp.state)) {
if (blacklist.indexOf(state) !== -1) {
@@ -117,14 +114,6 @@ Ext.define('PBS.window.Settings', {
sp.clear('login-username');
},
},
- 'field[reference=webauthnUserVerification]': {
- change: function(e, v) {
- if (v === '__default__') {
- v = undefined;
- }
- Ext.state.Manager.getProvider().set('webauthn-user-verification', v);
- },
- },
},
},
@@ -185,23 +174,6 @@ Ext.define('PBS.window.Settings', {
},
],
},
- {
- xtype: 'box',
- autoEl: { tag: 'hr' },
- },
- {
- xtype: 'proxmoxKVComboBox',
- fieldLabel: gettext('WebAuthn User Verification') + ':',
- labelWidth: 150,
- stateId: 'webauthn-user-verification',
- reference: 'webauthnUserVerification',
- value: '__default__',
- comboItems: [
- ['__default__', Proxmox.Utils.defaultText],
- ['discouraged', gettext('Discouraged')],
- ['preferred', gettext('Preferred')],
- ],
- },
],
},
{
--
2.20.1
next prev parent reply other threads:[~2021-02-22 9:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-22 9:42 [pbs-devel] [PATCH proxmox-backup 0/3] improving webauthn handling Dominik Csapak
2021-02-22 9:42 ` [pbs-devel] [PATCH proxmox-backup 1/3] config/tfa: set UserVerificationPolicy to Discouraged Dominik Csapak
2021-02-22 9:43 ` Dominik Csapak [this message]
2021-02-22 9:43 ` [pbs-devel] [PATCH proxmox-backup 3/3] config/tfa: webauthn: disallow registering a token twice Dominik Csapak
2021-02-22 14:08 ` Thomas Lamprecht
2021-02-22 14:47 ` Dominik Csapak
2021-02-23 7:49 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210222094301.13858-3-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox