Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Browse Source

Fixes #5156 - User login flow is interrupted when two-factor authentication method security keys is used.

Dusan Vuckovic 10 months ago
parent
fcd4e3987b
commit
336f823f1c
2 changed files with 43 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      lib/auth/two_factor/authentication_method/security_keys.rb
  2. 39 0
      spec/lib/auth/two_factor/authentication_method/security_keys_spec.rb

+ 4 - 3
lib/auth/two_factor/authentication_method/security_keys.rb
View File 

@@ -7,7 +7,7 @@ class Auth::TwoFactor::AuthenticationMethod::SecurityKeys < Auth::TwoFactor::Aut
 
 
     configure_webauthn
 
 
-    WebAuthn::Credential.options_for_get(allow: stored_credentials.pluck(:external_id))
 
+    WebAuthn::Credential.options_for_get(allow: stored_credentials.pluck(:external_id), user_verification: 'discouraged')
 
   end
 
 
   def verify(payload, configuration = user_two_factor_preference_configuration)
 
@@ -24,12 +24,13 @@ class Auth::TwoFactor::AuthenticationMethod::SecurityKeys < Auth::TwoFactor::Aut
 
     configure_webauthn
 
 
     WebAuthn::Credential.options_for_create(
 
-      user:    {
 
+      user:                    {
 
         id:           WebAuthn.generate_user_id,
 
         display_name: user.login,
 
         name:         user.login,
 
       },
 
-      exclude: stored_credentials.pluck(:external_id),
 
+      exclude:                 stored_credentials.pluck(:external_id),
 
+      authenticator_selection: { user_verification: 'discouraged' },
 
     )
 
   end

+ 39 - 0
spec/lib/auth/two_factor/authentication_method/security_keys_spec.rb
View File 

@@ -0,0 +1,39 @@
 
+# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
 
+
 
+require 'rails_helper'
 
+require 'rotp'
 
+
 
+RSpec.describe Auth::TwoFactor::AuthenticationMethod::SecurityKeys do
 
+  subject(:instance) { described_class.new(user) }
 
+
 
+  let(:user) { create(:user) }
 
+
 
+  shared_examples 'responding to provided instance method' do |method|
 
+    it "responds to '.#{method}'" do
 
+      expect(instance).to respond_to(method)
 
+    end
 
+  end
 
+
 
+  it_behaves_like 'responding to provided instance method', :verify
 
+  it_behaves_like 'responding to provided instance method', :initiate_configuration
 
+
 
+  describe '#initiate_configuration' do
 
+    it 'does not require user verification (#5156)' do
 
+      expect(instance.initiate_configuration.authenticator_selection).to include(user_verification: 'discouraged')
 
+    end
 
+  end
 
+
 
+  describe '#initiate_authentication' do
 
+    let(:two_factor_pref) { create(:user_two_factor_preference, :security_keys, user: user) }
 
+
 
+    before do
 
+      two_factor_pref
 
+      allow(WebAuthn::Credential).to receive(:options_for_get).with(any_args)
 
+      instance.initiate_authentication
 
+    end
 
+
 
+    it 'does not require user verification (#5156)' do
 
+      expect(WebAuthn::Credential).to have_received(:options_for_get).with(include(user_verification: 'discouraged'))
 
+    end
 
+  end
 
+end