konevsa/proxmox.newest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tfa: webauthn: serialize OriginUrl following RFC6454

Browse Source 
We serialize `OriginUrl` using the ASCII serialization mentioned at
[RFC6454] section 6.2 or [1]. Note that the unicode serialization is not
used widely adopted [2].

Note that `url::Url` serialize with a trailign slash, e.g.
https://foo.bar serializes as https://foo.bar/ which is not the origin
for this domain.

[RFC6454] https://www.rfc-editor.org/rfc/rfc6454
[1] https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
[2] https://html.spec.whatwg.org/multipage/browsers.html#unicode-serialisation-of-an-origin

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
This commit is contained in:
Maximiliano Sandoval 2024-04-23 13:19:53 +02:00 committed by Wolfgang Bumiller
parent 0652d81977
commit 5079ff6a3c
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
proxmox-tfa/src/api/webauthn.rs
View File

@ -10,10 +10,19 @@ use proxmox_schema::{api, Updater, UpdaterType};
use super::IsExpired;
#[derive(Clone, Deserialize, Serialize)]
#[derive(Clone, Deserialize)]
/// Origin URL for WebauthnConfig
pub struct OriginUrl(Url);
impl serde::Serialize for OriginUrl {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
serializer.serialize_str(&self.to_string())
}
}
#[cfg(feature = "api-types")]
impl UpdaterType for OriginUrl {
type Updater = Option<Self>;
@ -27,23 +36,15 @@ impl std::str::FromStr for OriginUrl {
}
}
impl std::ops::Deref for OriginUrl {
type Target = Url;
fn deref(&self) -> &Url {
&self.0
}
}
impl std::ops::DerefMut for OriginUrl {
fn deref_mut(&mut self) -> &mut Url {
&mut self.0
}
}
impl From<OriginUrl> for String {
fn from(url: OriginUrl) -> String {
url.0.into()
url.to_string()
}
}
impl OriginUrl {
fn to_string(&self) -> String {
self.0.origin().ascii_serialization()
}
}
@ -90,7 +91,7 @@ impl WebauthnConfig {
pub fn digest(&self) -> [u8; 32] {
let mut data = format!("rp={:?}\nid={:?}\n", self.rp, self.id,);
if let Some(origin) = &self.origin {
data.push_str(&format!("origin={:?}\n", origin.as_str()));
data.push_str(&format!("origin={}\n", origin.to_string()));
}
openssl::sha::sha256(data.as_bytes())
}