saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-11-01 14:15:16 +00:00
Code Activity

Fix incorrect WebAuthn origin

Browse source 
This mainly affects users running Vaultwarden under a subpath.

Refs:

* b2cbb34/src/core.rs (L941-L948)
* b2cbb34/src/core.rs (L316)
* https://w3c.github.io/webauthn/#dictionary-client-data
This commit is contained in:
Jeremy Lin 2021-08-29 15:35:25 -07:00
commit 0cdc0cb147
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/api/core/two_factor/webauthn.rs
View file

@ -22,12 +22,14 @@ pub fn routes() -> Vec<Route> {
struct WebauthnConfig { struct WebauthnConfig {
url: String, url: String,
origin: String,
rpid: String, rpid: String,
} }
impl WebauthnConfig { impl WebauthnConfig {
fn load() -> Webauthn<Self> { fn load() -> Webauthn<Self> {
let domain = CONFIG.domain(); let domain = CONFIG.domain();
let domain_origin = CONFIG.domain_origin();
Webauthn::new(Self { Webauthn::new(Self {
rpid: reqwest::Url::parse(&domain) rpid: reqwest::Url::parse(&domain)
.map(|u| u.domain().map(str::to_owned)) .map(|u| u.domain().map(str::to_owned))
@ -35,6 +37,7 @@ impl WebauthnConfig {
.flatten() .flatten()
.unwrap_or_default(), .unwrap_or_default(),
url: domain, url: domain,
origin: domain_origin,
}) })
} }
} }
@ -45,7 +48,7 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig {
} }
fn get_origin(&self) -> &str { fn get_origin(&self) -> &str {
&self.url &self.origin
} }
fn get_relying_party_id(&self) -> &str { fn get_relying_party_id(&self) -> &str {