From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Maximiliano Sandoval <m.sandoval@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH proxmox] tfa: webauthn: serialize OriginUrl following RFC6454
Date: Mon, 3 Jun 2024 11:24:15 +0200 [thread overview]
Message-ID: <hwaitps7xzyprzy4wba3bgxxcwikbojmd6brwrzyqfzw2e6fft@hn4qp7lbara6> (raw)
In-Reply-To: <20240423111953.323890-1-m.sandoval@proxmox.com>
On Tue, Apr 23, 2024 at 01:19:53PM GMT, Maximiliano Sandoval wrote:
> We serialize `OriginUrl` using the ASCII serialization mentioned at
> [RFC6454] section 6.2 or [1]. Note that the unicode serialization is not
> used widely adopted [2].
>
> Note that `url::Url` serialize with a trailign slash, e.g.
> https://foo.bar serializes as https://foo.bar/ which is not the origin
> for this domain.
>
> [RFC6454] https://www.rfc-editor.org/rfc/rfc6454
> [1] https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
> [2] https://html.spec.whatwg.org/multipage/browsers.html#unicode-serialisation-of-an-origin
>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
>
> I tested that existing hardware keys would still unlock the user after
> installing this patch.
>
> proxmox-tfa/src/api/webauthn.rs | 33 +++++++++++++++++----------------
> 1 file changed, 17 insertions(+), 16 deletions(-)
>
> diff --git a/proxmox-tfa/src/api/webauthn.rs b/proxmox-tfa/src/api/webauthn.rs
> index 0f908229..4c854011 100644
> --- a/proxmox-tfa/src/api/webauthn.rs
> +++ b/proxmox-tfa/src/api/webauthn.rs
> @@ -10,10 +10,19 @@ use proxmox_schema::{api, Updater, UpdaterType};
>
> use super::IsExpired;
>
> -#[derive(Clone, Deserialize, Serialize)]
> +#[derive(Clone, Deserialize)]
> /// Origin URL for WebauthnConfig
> pub struct OriginUrl(Url);
>
> +impl serde::Serialize for OriginUrl {
> + fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
> + where
> + S: serde::Serializer,
> + {
> + serializer.serialize_str(&self.to_string())
> + }
> +}
> +
> #[cfg(feature = "api-types")]
> impl UpdaterType for OriginUrl {
> type Updater = Option<Self>;
> @@ -27,23 +36,15 @@ impl std::str::FromStr for OriginUrl {
> }
> }
>
> -impl std::ops::Deref for OriginUrl {
This is an API break, do the Deref impls actually cause issues with
this? If not, I'd like to drop this and instead add a `TODO/FIXME`
comment to do this on the next major bump.
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-06-03 9:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-23 11:19 Maximiliano Sandoval
2024-06-03 9:24 ` Wolfgang Bumiller [this message]
2024-07-03 13:28 ` [pbs-devel] applied:] " Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=hwaitps7xzyprzy4wba3bgxxcwikbojmd6brwrzyqfzw2e6fft@hn4qp7lbara6 \
--to=w.bumiller@proxmox.com \
--cc=m.sandoval@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox