Updated defaults for webauthn

2024-12-27 02:10:52 +08:00 · 2022-03-07 09:58:22 +02:00 · 2022-03-07 09:58:22 +02:00 · 5be8f6eb7c
commit 5be8f6eb7c
parent 778dfac7ed
4 changed files with 11 additions and 11 deletions
--- a/config/default.toml
+++ b/config/default.toml
@ -25,9 +25,12 @@ processes=1
    #cipher="aes192" # only for decrypting legacy values (if there are any)

 [webauthn]
-    rpId="example.com" # origin domain
-    rpName="WildDuck Email Server"
-    challengeSize=64
+    rpId = "example.com" # origin domain
+    rpName = "WildDuck Email Server"
+
+    challengeSize = 64
+    attestation = "none"
+    authenticatorUserVerification = "discouraged"

 [attachments]
 # @include "attachments.toml"
--- a/lib/api/users.js
+++ b/lib/api/users.js
@ -220,7 +220,7 @@ module.exports = (db, server, userHandler, settingsHandler) => {
                        address: userData.address,
                        tags: userData.tags || [],
                        targets: userData.targets && userData.targets.map(t => t.value),
-                        enabled2fa: Array.isArray(userData.enabled2fa) ? userData.enabled2fa : [].concat(userData.enabled2fa ? 'totp' : []),
+                        enabled2fa: tools.getEnabled2fa(userData.enabled2fa),
                        autoreply: !!userData.autoreply,
                        encryptMessages: !!userData.encryptMessages,
                        encryptForwarded: !!userData.encryptForwarded,
@ -771,7 +771,7 @@ module.exports = (db, server, userHandler, settingsHandler) => {
                    language: userData.language,
                    retention: userData.retention || false,

-                    enabled2fa: Array.isArray(userData.enabled2fa) ? userData.enabled2fa : [].concat(userData.enabled2fa ? 'totp' : []),
+                    enabled2fa: tools.getEnabled2fa(userData.enabled2fa),
                    autoreply: !!userData.autoreply,

                    encryptMessages: userData.encryptMessages,
--- a/lib/tools.js
+++ b/lib/tools.js
@ -557,11 +557,13 @@ function formatFingerprint(fingerprint) {

 function getEnabled2fa(enabled2fa) {
    let list = Array.isArray(enabled2fa) ? enabled2fa : [].concat(enabled2fa ? 'totp' : []);
+
    if (list.includes('u2f')) {
        let listSet = new Set(list);
        listSet.delete('u2f'); // not supported anymore
        list = Array.from(listSet);
    }
+
    return list;
 }

--- a/lib/user-handler.js
+++ b/lib/user-handler.js
@ -2398,8 +2398,6 @@ class UserHandler {
        );
        const registrationOptions = await f2l.attestationOptions();

-        delete registrationOptions.attestation;
-
        registrationOptions.challenge = Buffer.from(registrationOptions.challenge).toString('hex');
        registrationOptions.user = {
            id: userData._id.toString(),
@ -2408,7 +2406,6 @@ class UserHandler {
        };

        registrationOptions.authenticatorSelection = Object.assign(registrationOptions.authenticatorSelection || {}, {
-            userVerification: 'discouraged',
            authenticatorAttachment: data.authenticatorAttachment
        });

@ -2612,9 +2609,7 @@ class UserHandler {

        authenticationOptions.challenge = Buffer.from(authenticationOptions.challenge).toString('hex');

-        authenticationOptions.authenticatorSelection = Object.assign(authenticationOptions.authenticatorSelection || {}, {
-            userVerification: 'discouraged'
-        });
+        authenticationOptions.authenticatorSelection = Object.assign(authenticationOptions.authenticatorSelection || {}, {});

        authenticationOptions.allowCredentials = userData.webauthn.credentials.map(credentialData => ({
            rawId: credentialData.rawId.toString('hex'),