From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 577401FF394 for ; Mon, 3 Jun 2024 11:23:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E50141E7E1; Mon, 3 Jun 2024 11:24:19 +0200 (CEST) Date: Mon, 3 Jun 2024 11:24:15 +0200 From: Wolfgang Bumiller To: Maximiliano Sandoval Message-ID: References: <20240423111953.323890-1-m.sandoval@proxmox.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240423111953.323890-1-m.sandoval@proxmox.com> X-SPAM-LEVEL: Spam detection results: 1 AWL -2.660 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years KAM_SOMETLD_ARE_BAD_TLD 5 .bar, .beauty, .buzz, .cam, .casa, .cfd, .club, .date, .guru, .link, .live, .monster, .online, .press, .pw, .quest, .rest, .sbs, .shop, .stream, .top, .trade, .wiki, .work, .xyz TLD abuse SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox] tfa: webauthn: serialize OriginUrl following RFC6454 X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Cc: pbs-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On Tue, Apr 23, 2024 at 01:19:53PM GMT, Maximiliano Sandoval wrote: > We serialize `OriginUrl` using the ASCII serialization mentioned at > [RFC6454] section 6.2 or [1]. Note that the unicode serialization is not > used widely adopted [2]. > > Note that `url::Url` serialize with a trailign slash, e.g. > https://foo.bar serializes as https://foo.bar/ which is not the origin > for this domain. > > [RFC6454] https://www.rfc-editor.org/rfc/rfc6454 > [1] https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin > [2] https://html.spec.whatwg.org/multipage/browsers.html#unicode-serialisation-of-an-origin > > Signed-off-by: Maximiliano Sandoval > --- > > I tested that existing hardware keys would still unlock the user after > installing this patch. > > proxmox-tfa/src/api/webauthn.rs | 33 +++++++++++++++++---------------- > 1 file changed, 17 insertions(+), 16 deletions(-) > > diff --git a/proxmox-tfa/src/api/webauthn.rs b/proxmox-tfa/src/api/webauthn.rs > index 0f908229..4c854011 100644 > --- a/proxmox-tfa/src/api/webauthn.rs > +++ b/proxmox-tfa/src/api/webauthn.rs > @@ -10,10 +10,19 @@ use proxmox_schema::{api, Updater, UpdaterType}; > > use super::IsExpired; > > -#[derive(Clone, Deserialize, Serialize)] > +#[derive(Clone, Deserialize)] > /// Origin URL for WebauthnConfig > pub struct OriginUrl(Url); > > +impl serde::Serialize for OriginUrl { > + fn serialize(&self, serializer: S) -> Result > + where > + S: serde::Serializer, > + { > + serializer.serialize_str(&self.to_string()) > + } > +} > + > #[cfg(feature = "api-types")] > impl UpdaterType for OriginUrl { > type Updater = Option; > @@ -27,23 +36,15 @@ impl std::str::FromStr for OriginUrl { > } > } > > -impl std::ops::Deref for OriginUrl { This is an API break, do the Deref impls actually cause issues with this? If not, I'd like to drop this and instead add a `TODO/FIXME` comment to do this on the next major bump. _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel