From 5be8f6eb7cf80ce9745f115a331376e0f080189f Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Mon, 7 Mar 2022 09:58:22 +0200 Subject: [PATCH] Updated defaults for webauthn --- config/default.toml | 9 ++++++--- lib/api/users.js | 4 ++-- lib/tools.js | 2 ++ lib/user-handler.js | 7 +------ 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/config/default.toml b/config/default.toml index 4638c7da..5b4169ce 100644 --- a/config/default.toml +++ b/config/default.toml @@ -25,9 +25,12 @@ processes=1 #cipher="aes192" # only for decrypting legacy values (if there are any) [webauthn] - rpId="example.com" # origin domain - rpName="WildDuck Email Server" - challengeSize=64 + rpId = "example.com" # origin domain + rpName = "WildDuck Email Server" + + challengeSize = 64 + attestation = "none" + authenticatorUserVerification = "discouraged" [attachments] # @include "attachments.toml" diff --git a/lib/api/users.js b/lib/api/users.js index 69ddb58a..cdd9e243 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -220,7 +220,7 @@ module.exports = (db, server, userHandler, settingsHandler) => { address: userData.address, tags: userData.tags || [], targets: userData.targets && userData.targets.map(t => t.value), - enabled2fa: Array.isArray(userData.enabled2fa) ? userData.enabled2fa : [].concat(userData.enabled2fa ? 'totp' : []), + enabled2fa: tools.getEnabled2fa(userData.enabled2fa), autoreply: !!userData.autoreply, encryptMessages: !!userData.encryptMessages, encryptForwarded: !!userData.encryptForwarded, @@ -771,7 +771,7 @@ module.exports = (db, server, userHandler, settingsHandler) => { language: userData.language, retention: userData.retention || false, - enabled2fa: Array.isArray(userData.enabled2fa) ? userData.enabled2fa : [].concat(userData.enabled2fa ? 'totp' : []), + enabled2fa: tools.getEnabled2fa(userData.enabled2fa), autoreply: !!userData.autoreply, encryptMessages: userData.encryptMessages, diff --git a/lib/tools.js b/lib/tools.js index 1b89122b..7ed7ffc1 100644 --- a/lib/tools.js +++ b/lib/tools.js @@ -557,11 +557,13 @@ function formatFingerprint(fingerprint) { function getEnabled2fa(enabled2fa) { let list = Array.isArray(enabled2fa) ? enabled2fa : [].concat(enabled2fa ? 'totp' : []); + if (list.includes('u2f')) { let listSet = new Set(list); listSet.delete('u2f'); // not supported anymore list = Array.from(listSet); } + return list; } diff --git a/lib/user-handler.js b/lib/user-handler.js index de5f5f1e..aa6f0b4c 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -2398,8 +2398,6 @@ class UserHandler { ); const registrationOptions = await f2l.attestationOptions(); - delete registrationOptions.attestation; - registrationOptions.challenge = Buffer.from(registrationOptions.challenge).toString('hex'); registrationOptions.user = { id: userData._id.toString(), @@ -2408,7 +2406,6 @@ class UserHandler { }; registrationOptions.authenticatorSelection = Object.assign(registrationOptions.authenticatorSelection || {}, { - userVerification: 'discouraged', authenticatorAttachment: data.authenticatorAttachment }); @@ -2612,9 +2609,7 @@ class UserHandler { authenticationOptions.challenge = Buffer.from(authenticationOptions.challenge).toString('hex'); - authenticationOptions.authenticatorSelection = Object.assign(authenticationOptions.authenticatorSelection || {}, { - userVerification: 'discouraged' - }); + authenticationOptions.authenticatorSelection = Object.assign(authenticationOptions.authenticatorSelection || {}, {}); authenticationOptions.allowCredentials = userData.webauthn.credentials.map(credentialData => ({ rawId: credentialData.rawId.toString('hex'),