From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>
Subject: [pbs-devel] applied-series: [PATCH proxmox-backup v2 0/4] improving webauthn handling
Date: Wed, 3 Mar 2021 14:05:57 +0100 [thread overview]
Message-ID: <7bb751c7-323c-ce76-f2a4-0c9980de28ad@proxmox.com> (raw)
In-Reply-To: <20210225090122.1094-1-d.csapak@proxmox.com>
On 25.02.21 10:01, Dominik Csapak wrote:
> it seems my gui patch for setting the userverification was a bit
> hasty, since the rust crate has some options for that
>
> this series reverts the gui part, and sets the backend
> to 'discourage' userVerification, since 'Preferred' is not more secure
> and makes logging in harder (on some devices)
>
> in the future (when [0] is solved), we could expose a server
> setting (either per instance or per user) that sets either always
> 'Discouraged' or 'Required'
>
> changes from v1:
> * show webauthn errors on login
> * explicitly handle register errors, and try to give a meaningful message
> for errors that indicate a duplicate authenticator
>
> 0: https://github.com/kanidm/webauthn-rs/pull/49
>
> Dominik Csapak (4):
> config/tfa: set UserVerificationPolicy to Discouraged
> Revert "ui: window/Settings / WebAuthn: add browser setting for
> userVerificationo"
> config/tfa: webauthn: disallow registering a token twice
> ui: LoginView: show webauthn errors in window
>
> src/config/tfa.rs | 19 ++++++++++++++++---
> www/LoginView.js | 19 ++++++++++++++-----
> www/window/AddWebauthn.js | 34 ++++++++++++++++++++++++++--------
> www/window/Settings.js | 30 +-----------------------------
> 4 files changed, 57 insertions(+), 45 deletions(-)
>
applied series, with a followup for the exception message as talked off-list, thanks!
prev parent reply other threads:[~2021-03-03 13:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 9:01 [pbs-devel] " Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 1/4] config/tfa: set UserVerificationPolicy to Discouraged Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 2/4] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo" Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 3/4] config/tfa: webauthn: disallow registering a token twice Dominik Csapak
2021-02-25 9:01 ` [pbs-devel] [PATCH proxmox-backup v2 4/4] ui: LoginView: show webauthn errors in window Dominik Csapak
2021-03-03 13:05 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bb751c7-323c-ce76-f2a4-0c9980de28ad@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox