From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 18F7E6C29C for ; Mon, 22 Feb 2021 10:43:05 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 13C192D31A for ; Mon, 22 Feb 2021 10:43:05 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id A1F402D306 for ; Mon, 22 Feb 2021 10:43:03 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 6F5F441B89 for ; Mon, 22 Feb 2021 10:43:03 +0100 (CET) From: Dominik Csapak To: pbs-devel@lists.proxmox.com Date: Mon, 22 Feb 2021 10:43:00 +0100 Message-Id: <20210222094301.13858-3-d.csapak@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210222094301.13858-1-d.csapak@proxmox.com> References: <20210222094301.13858-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.211 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 2/3] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo" X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2021 09:43:05 -0000 even if the options *could* be set in the frontend, the backend actually has to do validation of those settings, thus we should not make that a browser setting additionally, having the value 'preferred' does not actually make sense, since it does not add any security (the backend currently skips the user verification check then) This reverts commit aca4c2b5a9de23f7cafab92da0f88123f4ca5d8c. Signed-off-by: Dominik Csapak --- www/LoginView.js | 5 ----- www/window/AddWebauthn.js | 7 ------- www/window/Settings.js | 30 +----------------------------- 3 files changed, 1 insertion(+), 41 deletions(-) diff --git a/www/LoginView.js b/www/LoginView.js index a3ffec77..1c7a977c 100644 --- a/www/LoginView.js +++ b/www/LoginView.js @@ -390,11 +390,6 @@ Ext.define('PBS.login.TfaWindow', { // Byte array fixup, keep challenge string: challenge.string = challenge.publicKey.challenge; challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string); - let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification'); - if (userVerification !== undefined) { - challenge.publicKey.userVerification = userVerification; - } - for (const cred of challenge.publicKey.allowCredentials) { cred.id = PBS.Utils.base64url_to_bytes(cred.id); } diff --git a/www/window/AddWebauthn.js b/www/window/AddWebauthn.js index d2434f2c..16731a63 100644 --- a/www/window/AddWebauthn.js +++ b/www/window/AddWebauthn.js @@ -79,13 +79,6 @@ Ext.define('PBS.window.AddWebauthn', { // string to pass in the response: let challenge_str = challenge_obj.publicKey.challenge; challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str); - let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification'); - if (userVerification !== undefined) { - challenge_obj.publicKey.authenticatorSelection = { - userVerification, - }; - } - challenge_obj.publicKey.user.id = PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id); diff --git a/www/window/Settings.js b/www/window/Settings.js index 7059605c..ee8464be 100644 --- a/www/window/Settings.js +++ b/www/window/Settings.js @@ -30,9 +30,6 @@ Ext.define('PBS.window.Settings', { let username = sp.get('login-username') || Proxmox.Utils.noneText; me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username)); - let userverification= sp.get('webauthn-user-verification') || '__default__'; - me.lookupReference('webauthnUserVerification').setValue(userverification); - let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight']; settings.forEach(function(setting) { let val = localStorage.getItem('pve-xterm-' + setting); @@ -94,7 +91,7 @@ Ext.define('PBS.window.Settings', { }, 'button[name=reset]': { click: function() { - let blacklist = ['login-username', 'webauthn-user-verification']; + let blacklist = ['login-username']; let sp = Ext.state.Manager.getProvider(); for (const state of Object.values(sp.state)) { if (blacklist.indexOf(state) !== -1) { @@ -117,14 +114,6 @@ Ext.define('PBS.window.Settings', { sp.clear('login-username'); }, }, - 'field[reference=webauthnUserVerification]': { - change: function(e, v) { - if (v === '__default__') { - v = undefined; - } - Ext.state.Manager.getProvider().set('webauthn-user-verification', v); - }, - }, }, }, @@ -185,23 +174,6 @@ Ext.define('PBS.window.Settings', { }, ], }, - { - xtype: 'box', - autoEl: { tag: 'hr' }, - }, - { - xtype: 'proxmoxKVComboBox', - fieldLabel: gettext('WebAuthn User Verification') + ':', - labelWidth: 150, - stateId: 'webauthn-user-verification', - reference: 'webauthnUserVerification', - value: '__default__', - comboItems: [ - ['__default__', Proxmox.Utils.defaultText], - ['discouraged', gettext('Discouraged')], - ['preferred', gettext('Preferred')], - ], - }, ], }, { -- 2.20.1