Fix WebAuthn issues and some small updates

- Updated some packages - Updated code related to package updates. - Disabled User Verification enforcement when WebAuthn Key sends UV=1 This makes it compatible with upstream and resolves #1840 - Fixed a bug where removing an individual WebAuthn key deleted the wrong key.
2025-07-27 06:14:29 +00:00 · 2021-07-25 14:49:55 +02:00 · 2021-07-25 14:49:55 +02:00 · ffdcafa044
commit ffdcafa044
parent 56ffec40f4
4 changed files with 90 additions and 102 deletions
--- a/src/api/core/two_factor/webauthn.rs
+++ b/src/api/core/two_factor/webauthn.rs
@ -51,19 +51,12 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig {
    fn get_relying_party_id(&self) -> &str {
        &self.rpid
    }
-}

-impl webauthn_rs::WebauthnConfig for &WebauthnConfig {
-    fn get_relying_party_name(&self) -> &str {
-        &self.url
-    }
-
-    fn get_origin(&self) -> &str {
-        &self.url
-    }
-
-    fn get_relying_party_id(&self) -> &str {
-        &self.rpid
+    /// We have WebAuthn configured to discourage user verification
+    /// if we leave this enabled, it will cause verification issues when a keys send UV=1.
+    /// Upstream (the library they use) ignores this when set to discouraged, so we should too.
+    fn get_require_uv_consistency(&self) -> bool {
+        false
    }
 }

@ -289,15 +282,14 @@ fn delete_webauthn(data: JsonUpcase<DeleteU2FData>, headers: Headers, conn: DbCo
        err!("Invalid password");
    }

-    let type_ = TwoFactorType::Webauthn as i32;
-    let mut tf = match TwoFactor::find_by_user_and_type(&headers.user.uuid, type_, &conn) {
+    let mut tf = match TwoFactor::find_by_user_and_type(&headers.user.uuid, TwoFactorType::Webauthn as i32, &conn) {
        Some(tf) => tf,
        None => err!("Webauthn data not found!"),
    };

    let mut data: Vec<WebauthnRegistration> = serde_json::from_str(&tf.data)?;

-    let item_pos = match data.iter().position(|r| r.id != id) {
+    let item_pos = match data.iter().position(|r| r.id == id) {
        Some(p) => p,
        None => err!("Webauthn entry not found"),
    };
--- a/src/api/notifications.rs
+++ b/src/api/notifications.rs
@ -408,12 +408,10 @@ pub fn start_notification_server() -> WebSocketUsers {

    if CONFIG.websocket_enabled() {
        thread::spawn(move || {
-            let settings = ws::Settings {
-                max_connections: 500,
-                queue_size: 2,
-                panic_on_internal: false,
-                ..Default::default()
-            };
+            let mut settings = ws::Settings::default();
+            settings.max_connections = 500;
+            settings.queue_size = 2;
+            settings.panic_on_internal = false;

            ws::Builder::new()
                .with_settings(settings)