Allow WebAuthn in 2F manager API (#1411)

2022-02-11 18:25:24 +01:00 · 2022-02-11 18:25:24 +01:00 · 73046867e6
parent 0f565afb4d
commit 73046867e6
4 changed files with 25 additions and 10 deletions
--- a/doc/pages/manager-api/index.html
+++ b/doc/pages/manager-api/index.html
@ -1269,7 +1269,7 @@
    "type" : {
      "type" : "string",
      "description" : "The type of token in use",
-      "example" : "TOTP, U2F, UBK (Yubikey)"
+      "example" : "TOTP, U2F, UBK (Yubikey), WebAuthn"
    },
    "name" : {
      "type" : "string",
--- a/doc/sources/manager-api/openapi-spec.yaml
+++ b/doc/sources/manager-api/openapi-spec.yaml
@ -1417,7 +1417,7 @@ components:
        type:
          type: string
          description: "The type of token in use"
-          example: "TOTP, U2F, UBK (Yubikey)"
+          example: "TOTP, U2F, UBK (Yubikey), WebAuthn"
        name:
          type: string
          description: "A user-set description of the token"
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Api/2F.pm
@ -159,7 +159,7 @@ sub _get2F {
                type => $device->{type},
                name => $device->{name}
              }
-              unless ( ( defined $type and $type ne $device->{type} )
+              unless ( ( defined $type and uc($type) ne uc( $device->{type} ) )
                or ( defined $id and $id ne genId2F($device) ) );
        }
    }
@ -224,8 +224,12 @@ sub _delete2FFromSessions {
                my $element = shift @$devices;
                if (
                    ( defined $type or defined $id )
-                    and (  ( defined $type and $type ne $element->{type} )
-                        or ( defined $id and $id ne genId2F($element) ) )
+                    and ( (
+                            defined $type
+                            and uc($type) ne uc( $element->{type} )
+                        )
+                        or ( defined $id and $id ne genId2F($element) )
+                    )
                  )
                {
                    push @keep, $element;
@ -334,9 +338,9 @@ sub _checkType {
        res  => "ko",
        code => 400,
        msg =>
-"Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\" or \"UBK\""
+"Invalid input: Type \"$type\" does not exist. Allowed values for type are: \"U2F\", \"TOTP\", \"WebAuthn\" or \"UBK\""
      }
-      unless ( $type =~ /\b(?:U2F|TOTP|UBK)\b/ );
+      unless ( $type =~ /\b(?:U2F|TOTP|UBK|WebAuthn)\b/i );

    return { res => "ok" };
 }
--- a/lemonldap-ng-manager/t/04-2F-api.t
+++ b/lemonldap-ng-manager/t/04-2F-api.t
@ -241,7 +241,15 @@ $sfaDevices = [ {
        "type"    => "UBK",
        "_secret" => "123456",
        "epoch"   => time
-    }
+    },
+    {
+        "_credentialId"        => "abc",
+        "_credentialPublicKey" => "abc",
+        "_signCount"           => "65",
+        "epoch"                => "1643201784",
+        "name"                 => "MyFidoKey",
+        "type"                 => "WebAuthn"
+    },
 ];
 newSession( 'dwho', '127.10.0.1', 'SSO',        $sfaDevices );
 newSession( 'dwho', '127.10.0.1', 'Persistent', $sfaDevices );
@ -304,12 +312,15 @@ newSession( 'tof', '127.10.0.1', 'Persistent', $sfaDevices );
 checkGetList( 1, 'dwho', 'U2F' );
 checkGetList( 1, 'dwho', 'TOTP' );
 checkGetList( 1, 'dwho', 'UBK' );
+checkGetList( 1, 'dwho', 'WebAuthn' );
 checkGetBadType( 'dwho', 'UBKIKI' );
-$ret = checkGetList( 3, 'dwho' );
+$ret = checkGetList( 4, 'dwho' );
 checkGetOnIds( 'dwho', $ret );
 checkDelete( 'dwho', @$ret[0]->{id} );
 checkDelete404( 'dwho', @$ret[0]->{id} );
-checkGetList( 2, 'dwho' );
+checkGetList( 3, 'dwho' );
+checkDeleteList( 1, 'dwho', 'WebAuthn' );
+checkGetList( 0, 'dwho', 'WebAuthn' );
 checkDeleteList( 2, 'dwho' );
 checkGetList( 0, 'dwho' );
 checkDeleteList( 0, 'dwho' );