Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-4171] Update DB to support PRF #3321

Merged
merged 6 commits into from
Oct 10, 2023
Merged

[PM-4171] Update DB to support PRF #3321

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e03089c
[PM-4171] feat: update database to support PRF
coroiu Oct 4, 2023
792a032
[PM-4171] feat: rename `DescriptorId` to `CredentialId`
coroiu Oct 4, 2023
d98df1b
[PM-4171] feat: add PRF felds to domain object
coroiu Oct 4, 2023
25a3403
[PM-4171] feat: add `SupportsPrf` column
coroiu Oct 4, 2023
5abf8c2
[PM-4171] fix: add missing comma
coroiu Oct 10, 2023
d62abae
[PM-4171] fix: add comma
coroiu Oct 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions src/Core/Auth/Entities/WebAuthnCredential.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,15 @@ public class WebAuthnCredential : ITableObject<Guid>
[MaxLength(256)]
public string PublicKey { get; set; }
[MaxLength(256)]
public string DescriptorId { get; set; }
public string CredentialId { get; set; }
public int Counter { get; set; }
[MaxLength(20)]
public string Type { get; set; }
public Guid AaGuid { get; set; }
public string UserKey { get; set; }
public string EncryptedUserKey { get; set; }
public string EncryptedPrivateKey { get; set; }
public string EncryptedPublicKey { get; set; }
public bool SupportsPrf { get; set; }
public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;

Expand Down
12 changes: 6 additions & 6 deletions src/Core/Services/Implementations/UserService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -524,13 +524,13 @@ public async Task<CredentialCreateOptions> StartWebAuthnLoginRegistrationAsync(U
// Get existing keys to exclude
var existingKeys = await _webAuthnCredentialRepository.GetManyByUserIdAsync(user.Id);
var excludeCredentials = existingKeys
.Select(k => new PublicKeyCredentialDescriptor(CoreHelpers.Base64UrlDecode(k.DescriptorId)))
.Select(k => new PublicKeyCredentialDescriptor(CoreHelpers.Base64UrlDecode(k.CredentialId)))
.ToList();

var authenticatorSelection = new AuthenticatorSelection
{
AuthenticatorAttachment = null,
RequireResidentKey = false, // TODO: This is using the old residentKey selection variant, we need to update our lib so that we can set this to preferred
RequireResidentKey = false, // TODO: This is using the old residentKey selection variant, we need to update our lib so that we can set this to preferred
UserVerification = UserVerificationRequirement.Preferred
};

Expand All @@ -552,15 +552,15 @@ public async Task<bool> CompleteWebAuthLoginRegistrationAsync(User user, string
return false;
}

var existingCredentialIds = existingCredentials.Select(c => c.DescriptorId);
var existingCredentialIds = existingCredentials.Select(c => c.CredentialId);
IsCredentialIdUniqueToUserAsyncDelegate callback = (args, cancellationToken) => Task.FromResult(!existingCredentialIds.Contains(CoreHelpers.Base64UrlEncode(args.CredentialId)));

var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, callback);

var credential = new WebAuthnCredential
{
Name = name,
DescriptorId = CoreHelpers.Base64UrlEncode(success.Result.CredentialId),
CredentialId = CoreHelpers.Base64UrlEncode(success.Result.CredentialId),
PublicKey = CoreHelpers.Base64UrlEncode(success.Result.PublicKey),
Type = success.Result.CredType,
AaGuid = success.Result.Aaguid,
Expand All @@ -577,7 +577,7 @@ public async Task<AssertionOptions> StartWebAuthnLoginAssertionAsync(User user)
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.WebAuthn);
var existingKeys = await _webAuthnCredentialRepository.GetManyByUserIdAsync(user.Id);
var existingCredentials = existingKeys
.Select(k => new PublicKeyCredentialDescriptor(CoreHelpers.Base64UrlDecode(k.DescriptorId)))
.Select(k => new PublicKeyCredentialDescriptor(CoreHelpers.Base64UrlDecode(k.CredentialId)))
.ToList();

if (existingCredentials.Count == 0)
Expand All @@ -604,7 +604,7 @@ public async Task<string> CompleteWebAuthLoginAssertionAsync(AuthenticatorAssert

var userCredentials = await _webAuthnCredentialRepository.GetManyByUserIdAsync(user.Id);
var assertionId = CoreHelpers.Base64UrlEncode(assertionResponse.Id);
var credential = userCredentials.FirstOrDefault(c => c.DescriptorId == assertionId);
var credential = userCredentials.FirstOrDefault(c => c.CredentialId == assertionId);
if (credential == null)
{
return null;
Expand Down
21 changes: 15 additions & 6 deletions src/Sql/dbo/Stored Procedures/WebAuthnCredential_Create.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,14 @@
@UserId UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@PublicKey VARCHAR (256),
@DescriptorId VARCHAR(256),
@CredentialId VARCHAR(256),
@Counter INT,
@Type VARCHAR(20),
@AaGuid UNIQUEIDENTIFIER,
@UserKey VARCHAR (MAX),
@EncryptedUserKey VARCHAR (MAX),
@EncryptedPrivateKey VARCHAR (MAX),
@EncryptedPublicKey VARCHAR (MAX),
@SupportsPrf BIT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
AS
Expand All @@ -20,11 +23,14 @@ BEGIN
[UserId],
[Name],
[PublicKey],
[DescriptorId],
[CredentialId],
[Counter],
[Type],
[AaGuid],
[UserKey],
[EncryptedUserKey],
[EncryptedPrivateKey],
[EncryptedPublicKey],
[SupportsPrf]
[CreationDate],
[RevisionDate]
)
Expand All @@ -34,11 +40,14 @@ BEGIN
@UserId,
@Name,
@PublicKey,
@DescriptorId,
@CredentialId,
@Counter,
@Type,
@AaGuid,
@UserKey,
@EncryptedUserKey,
@EncryptedPrivateKey,
@EncryptedPublicKey,
@SupportsPrf
@CreationDate,
@RevisionDate
)
Expand Down
16 changes: 11 additions & 5 deletions src/Sql/dbo/Stored Procedures/WebAuthnCredential_Update.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,14 @@
@UserId UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@PublicKey VARCHAR (256),
@DescriptorId VARCHAR(256),
@CredentialId VARCHAR(256),
@Counter INT,
@Type VARCHAR(20),
@AaGuid UNIQUEIDENTIFIER,
@UserKey VARCHAR (MAX),
@EncryptedUserKey VARCHAR (MAX),
@EncryptedPrivateKey VARCHAR (MAX),
@EncryptedPublicKey VARCHAR (MAX),
@SupportsPrf BIT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
AS
Expand All @@ -20,13 +23,16 @@ BEGIN
[UserId] = @UserId,
[Name] = @Name,
[PublicKey] = @PublicKey,
[DescriptorId] = @DescriptorId,
[CredentialId] = @CredentialId,
[Counter] = @Counter,
[Type] = @Type,
[AaGuid] = @AaGuid,
[UserKey] = @UserKey,
[EncryptedUserKey] = @EncryptedUserKey,
[EncryptedPrivateKey] = @EncryptedPrivateKey,
[EncryptedPublicKey] = @EncryptedPublicKey,
[SupportsPrf] = @SupportsPrf,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate
WHERE
[Id] = @Id
END
END
25 changes: 14 additions & 11 deletions src/Sql/dbo/Tables/WebAuthnCredential.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
CREATE TABLE [dbo].[WebAuthnCredential] (
[Id] UNIQUEIDENTIFIER NOT NULL,
[UserId] UNIQUEIDENTIFIER NOT NULL,
[Name] NVARCHAR (50) NOT NULL,
[PublicKey] VARCHAR (256) NOT NULL,
[DescriptorId] VARCHAR (256) NOT NULL,
[Counter] INT NOT NULL,
[Type] VARCHAR (20) NULL,
[AaGuid] UNIQUEIDENTIFIER NOT NULL,
[UserKey] VARCHAR (MAX) NULL,
[CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL,
[Id] UNIQUEIDENTIFIER NOT NULL,
[UserId] UNIQUEIDENTIFIER NOT NULL,
[Name] NVARCHAR (50) NOT NULL,
[PublicKey] VARCHAR (256) NOT NULL,
[CredentialId] VARCHAR (256) NOT NULL,
[Counter] INT NOT NULL,
[Type] VARCHAR (20) NULL,
[AaGuid] UNIQUEIDENTIFIER NOT NULL,
[EncryptedUserKey] VARCHAR (MAX) NULL,
[EncryptedPrivateKey] VARCHAR (MAX) NULL,
[EncryptedPublicKey] VARCHAR (MAX) NULL,
[SupportsPrf] BIT NOT NULL,
[CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL,
CONSTRAINT [PK_WebAuthnCredential] PRIMARY KEY CLUSTERED ([Id] ASC),
CONSTRAINT [FK_WebAuthnCredential_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])
);
Expand Down
62 changes: 40 additions & 22 deletions util/Migrator/DbScripts/2023-05-08-00_WebAuthnLoginCredentials.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
CREATE TABLE [dbo].[WebAuthnCredential] (
[Id] UNIQUEIDENTIFIER NOT NULL,
[UserId] UNIQUEIDENTIFIER NOT NULL,
[Name] NVARCHAR (50) NOT NULL,
[PublicKey] VARCHAR (256) NOT NULL,
[DescriptorId] VARCHAR (256) NOT NULL,
[Counter] INT NOT NULL,
[Type] VARCHAR (20) NULL,
[AaGuid] UNIQUEIDENTIFIER NOT NULL,
[UserKey] VARCHAR (MAX) NULL,
[CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL,
[Id] UNIQUEIDENTIFIER NOT NULL,
[UserId] UNIQUEIDENTIFIER NOT NULL,
[Name] NVARCHAR (50) NOT NULL,
[PublicKey] VARCHAR (256) NOT NULL,
[CredentialId] VARCHAR (256) NOT NULL,
[Counter] INT NOT NULL,
[Type] VARCHAR (20) NULL,
[AaGuid] UNIQUEIDENTIFIER NOT NULL,
[EncryptedUserKey] VARCHAR (MAX) NULL,
[EncryptedPrivateKey] VARCHAR (MAX) NULL,
[EncryptedPublicKey] VARCHAR (MAX) NULL,
[SupportsPrf] BIT NOT NULL,
[CreationDate] DATETIME2 (7) NOT NULL,
[RevisionDate] DATETIME2 (7) NOT NULL,
CONSTRAINT [PK_WebAuthnCredential] PRIMARY KEY CLUSTERED ([Id] ASC),
CONSTRAINT [FK_WebAuthnCredential_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])
);
Expand All @@ -32,11 +35,14 @@ CREATE PROCEDURE [dbo].[WebAuthnCredential_Create]
@UserId UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@PublicKey VARCHAR (256),
@DescriptorId VARCHAR(256),
@CredentialId VARCHAR(256),
@Counter INT,
@Type VARCHAR(20),
@AaGuid UNIQUEIDENTIFIER,
@UserKey VARCHAR (MAX),
@EncryptedUserKey VARCHAR (MAX),
@EncryptedPrivateKey VARCHAR (MAX),
@EncryptedPublicKey VARCHAR (MAX),
@SupportsPrf BIT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
AS
Expand All @@ -49,11 +55,14 @@ BEGIN
[UserId],
[Name],
[PublicKey],
[DescriptorId],
[CredentialId],
[Counter],
[Type],
[AaGuid],
[UserKey],
[EncryptedUserKey],
[EncryptedPrivateKey],
[EncryptedPublicKey],
[SupportsPrf],
[CreationDate],
[RevisionDate]
)
Expand All @@ -63,11 +72,14 @@ BEGIN
@UserId,
@Name,
@PublicKey,
@DescriptorId,
@CredentialId,
@Counter,
@Type,
@AaGuid,
@UserKey,
@EncryptedUserKey,
@EncryptedPrivateKey,
@EncryptedPublicKey,
@SupportsPrf,
@CreationDate,
@RevisionDate
)
Expand Down Expand Up @@ -123,11 +135,14 @@ CREATE PROCEDURE [dbo].[WebAuthnCredential_Update]
@UserId UNIQUEIDENTIFIER,
@Name NVARCHAR(50),
@PublicKey VARCHAR (256),
@DescriptorId VARCHAR(256),
@CredentialId VARCHAR(256),
@Counter INT,
@Type VARCHAR(20),
@AaGuid UNIQUEIDENTIFIER,
@UserKey VARCHAR (MAX),
@EncryptedUserKey VARCHAR (MAX),
@EncryptedPrivateKey VARCHAR (MAX),
@EncryptedPublicKey VARCHAR (MAX),
@SupportsPrf BIT,
@CreationDate DATETIME2(7),
@RevisionDate DATETIME2(7)
AS
Expand All @@ -140,11 +155,14 @@ BEGIN
[UserId] = @UserId,
[Name] = @Name,
[PublicKey] = @PublicKey,
[DescriptorId] = @DescriptorId,
[CredentialId] = @CredentialId,
[Counter] = @Counter,
[Type] = @Type,
[AaGuid] = @AaGuid,
[UserKey] = @UserKey,
[EncryptedUserKey] = @EncryptedUserKey,
[EncryptedPrivateKey] = @EncryptedPrivateKey,
[EncryptedPublicKey] = @EncryptedPublicKey,
[SupportsPrf] = @SupportsPrf,
[CreationDate] = @CreationDate,
[RevisionDate] = @RevisionDate
WHERE
Expand All @@ -167,4 +185,4 @@ BEGIN
[Id] = @Id
AND
[UserId] = @UserId
END
END