Use json compatible struct for WebAuthn SessionData.

gravitational · Oct 30, 2024 · 75753c7 · 75753c7
1 parent f076604
commit 75753c7
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/lib/auth/webauthn/login.go b/lib/auth/webauthn/login.go
@@ -190,7 +190,11 @@ func (f *loginFlow) begin(ctx context.Context, user string, challengeExtensions
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	sd.ChallengeExtensions = challengeExtensions
+	sd.ChallengeExtensions = &wantypes.ChallengeExtensions{
+		Scope:                       challengeExtensions.Scope,
+		AllowReuse:                  challengeExtensions.AllowReuse,
+		UserVerificationRequirement: challengeExtensions.UserVerificationRequirement,
+	}
 
 	if err := f.sessionData.Upsert(ctx, user, sd); err != nil {
 		return nil, trace.Wrap(err)

diff --git a/lib/auth/webauthn/login_test.go b/lib/auth/webauthn/login_test.go
@@ -441,7 +441,7 @@ func TestPasswordlessFlow_BeginAndFinish(t *testing.T) {
 				AllowCredentials: [][]uint8{}, // aka unset
 				ResidentKey:      false,       // irrelevant for login
 				UserVerification: string(protocol.VerificationRequired),
-				ChallengeExtensions: &mfav1.ChallengeExtensions{
+				ChallengeExtensions: &wantypes.ChallengeExtensions{
 					Scope:      mfav1.ChallengeScope_CHALLENGE_SCOPE_PASSWORDLESS_LOGIN,
 					AllowReuse: mfav1.ChallengeAllowReuse_CHALLENGE_ALLOW_REUSE_NO,
 				},

diff --git a/lib/auth/webauthntypes/webauthn.go b/lib/auth/webauthntypes/webauthn.go
@@ -405,7 +405,14 @@ type SessionData struct {
 	// An empty value is treated equivalently to "discouraged".
 	UserVerification string `json:"userVerification,omitempty"`
 	// ChallengeExtensions are Teleport extensions that apply to this webauthn session.
-	ChallengeExtensions *mfav1.ChallengeExtensions `json:"challenge_extensions,omitempty"`
+	ChallengeExtensions *ChallengeExtensions `json:"challenge_extensions,omitempty"`
+}
+
+// ChallengeExtensions is a json struct for [mfav1.ChallengeExtensions].
+type ChallengeExtensions struct {
+	Scope                       mfav1.ChallengeScope      `json:"scope,omitempty"`
+	AllowReuse                  mfav1.ChallengeAllowReuse `json:"allow_reuse,omitempty"`
+	UserVerificationRequirement string                    `json:"user_verification_requirement,omitempty"`
 }
 
 // SessionDataFromProtocol converts a [webauthn.SessionData] struct to an