login: add 'raw' webauthn challenge access

So we can get going on the wasm side where we don't yet have access to
the webauthn-rs crate.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-09-26 12:40:31 +02:00
parent c85b534837
commit e72528ca70
2 changed files with 16 additions and 1 deletions

View File

@ -26,6 +26,12 @@ pub struct TfaChallenge {
#[serde(skip_serializing_if = "Option::is_none")]
pub webauthn: Option<webauthn_rs::proto::RequestChallengeResponse>,
/// If the user has any webauthn credentials registered, this will contain the corresponding
/// challenge data as a json string.
/// This field is never serialized and is only meant to be informative.
#[serde(default, skip)]
pub webauthn_raw: Option<String>,
/// True if the user has yubico keys configured.
#[serde(skip_serializing_if = "bool_is_false", default)]
pub yubico: bool,

View File

@ -3,6 +3,7 @@
use std::fmt;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use crate::error::TicketError;
use crate::tfa::TfaChallenge;
@ -24,7 +25,15 @@ impl std::str::FromStr for TicketResponse {
Some(pos) => {
let challenge: std::borrow::Cow<[u8]> =
percent_encoding::percent_decode_str(&challenge[..pos]).into();
let challenge = serde_json::from_slice(&challenge).map_err(|_| TicketError)?;
let raw_challenge: Value =
serde_json::from_slice(&challenge).map_err(|_| TicketError)?;
let webauthn_raw = raw_challenge["webauthn"].clone();
let mut challenge: TfaChallenge =
serde_json::from_value(raw_challenge).map_err(|_| TicketError)?;
if !webauthn_raw.is_null() {
challenge.webauthn_raw =
Some(serde_json::to_string(&webauthn_raw).map_err(|_| TicketError)?);
}
Ok(TicketResponse::Tfa(ticket.to_string(), challenge))
}
None => Err(TicketError),