Skip to content

Commit 555577e

Browse files
wxiaoguangwxiaoguang
committed
fix
1 parent 5eeac46 commit 555577e

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

routers/web/auth/webauthn.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,17 @@ func WebAuthnPasskeyLogin(ctx *context.Context) {
7676
}()
7777

7878
// Validate the parsed response.
79+
80+
// ParseCredentialRequestResponse+ValidateDiscoverableLogin equals to FinishDiscoverableLogin, but we need to ParseCredentialRequestResponse first to get flags
7981
var user *user_model.User
80-
cred, err := wa.WebAuthn.FinishDiscoverableLogin(func(rawID, userHandle []byte) (webauthn.User, error) {
82+
parsedResponse, err := protocol.ParseCredentialRequestResponse(ctx.Req)
83+
if err != nil {
84+
// Failed authentication attempt.
85+
log.Info("Failed authentication attempt for %s from %s: %v", user.Name, ctx.RemoteAddr(), err)
86+
ctx.Status(http.StatusForbidden)
87+
return
88+
}
89+
cred, err := wa.WebAuthn.ValidateDiscoverableLogin(func(rawID, userHandle []byte) (webauthn.User, error) {
8190
userID, n := binary.Varint(userHandle)
8291
if n <= 0 {
8392
return nil, errors.New("invalid rawID")
@@ -89,8 +98,8 @@ func WebAuthnPasskeyLogin(ctx *context.Context) {
8998
return nil, err
9099
}
91100

92-
return wa.NewWebAuthnUser(ctx, user), nil
93-
}, *sessionData, ctx.Req)
101+
return wa.NewWebAuthnUser(ctx, user, parsedResponse.Response.AuthenticatorData.Flags), nil
102+
}, *sessionData, parsedResponse)
94103
if err != nil {
95104
// Failed authentication attempt.
96105
log.Info("Failed authentication attempt for passkey from %s: %v", ctx.RemoteAddr(), err)

0 commit comments

Comments
 (0)