mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-14 19:57:31 +00:00
Code Activity

fix: delete WebAuthn registration session after use (#783)

Browse Source
This commit is contained in:
Alessandro (Ale) Segala
2025-07-27 01:45:54 +02:00
committed by GitHub
parent 28d93b00a3
commit c8478d75be
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
backend/internal/service/webauthn_service.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/protocol"
"github.com/go-webauthn/webauthn/webauthn" "github.com/go-webauthn/webauthn/webauthn"
"gorm.io/gorm" "gorm.io/gorm"
"gorm.io/gorm/clause"
"github.com/pocket-id/pocket-id/backend/internal/common" "github.com/pocket-id/pocket-id/backend/internal/common"
"github.com/pocket-id/pocket-id/backend/internal/model" "github.com/pocket-id/pocket-id/backend/internal/model"
@@ -70,8 +71,7 @@ func (s *WebAuthnService) BeginRegistration(ctx context.Context, userID string)
Find(&user, "id = ?", userID). Find(&user, "id = ?", userID).
Error Error
if err != nil { if err != nil {
tx.Rollback() return nil, fmt.Errorf("failed to load user: %w", err)
return nil, err
} }
options, session, err := s.webAuthn.BeginRegistration( options, session, err := s.webAuthn.BeginRegistration(
@@ -80,7 +80,7 @@ func (s *WebAuthnService) BeginRegistration(ctx context.Context, userID string)
webauthn.WithExclusions(user.WebAuthnCredentialDescriptors()), webauthn.WithExclusions(user.WebAuthnCredentialDescriptors()),
) )
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("failed to begin WebAuthn registration: %w", err)
} }
sessionToStore := &model.WebauthnSession{ sessionToStore := &model.WebauthnSession{
@@ -94,12 +94,12 @@ func (s *WebAuthnService) BeginRegistration(ctx context.Context, userID string)
Create(&sessionToStore). Create(&sessionToStore).
Error Error
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("failed to save WebAuthn session: %w", err)
} }
err = tx.Commit().Error err = tx.Commit().Error
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("failed to commit transaction: %w", err)
} }
return &model.PublicKeyCredentialCreationOptions{ return &model.PublicKeyCredentialCreationOptions{
@@ -115,13 +115,15 @@ func (s *WebAuthnService) VerifyRegistration(ctx context.Context, sessionID, use
tx.Rollback() tx.Rollback()
}() }()
// Load & delete the session row
var storedSession model.WebauthnSession var storedSession model.WebauthnSession
err := tx. err := tx.
WithContext(ctx). WithContext(ctx).
First(&storedSession, "id = ?", sessionID). Clauses(clause.Returning{}).
Delete(&storedSession, "id = ?", sessionID).
Error Error
if err != nil { if err != nil {
return model.WebauthnCredential{}, err return model.WebauthnCredential{}, fmt.Errorf("failed to load WebAuthn session: %w", err)
} }
session := webauthn.SessionData{ session := webauthn.SessionData{
@@ -136,12 +138,12 @@ func (s *WebAuthnService) VerifyRegistration(ctx context.Context, sessionID, use
Find(&user, "id = ?", userID). Find(&user, "id = ?", userID).
Error Error
if err != nil { if err != nil {
return model.WebauthnCredential{}, err return model.WebauthnCredential{}, fmt.Errorf("failed to load user: %w", err)
} }
credential, err := s.webAuthn.FinishRegistration(&user, session, r) credential, err := s.webAuthn.FinishRegistration(&user, session, r)
if err != nil { if err != nil {
return model.WebauthnCredential{}, err return model.WebauthnCredential{}, fmt.Errorf("failed to finish WebAuthn registration: %w", err)
} }
// Determine passkey name using AAGUID and User-Agent // Determine passkey name using AAGUID and User-Agent
@@ -162,12 +164,12 @@ func (s *WebAuthnService) VerifyRegistration(ctx context.Context, sessionID, use
Create(&credentialToStore). Create(&credentialToStore).
Error Error
if err != nil { if err != nil {
return model.WebauthnCredential{}, err return model.WebauthnCredential{}, fmt.Errorf("failed to store WebAuthn credential: %w", err)
} }
err = tx.Commit().Error err = tx.Commit().Error
if err != nil { if err != nil {
return model.WebauthnCredential{}, err return model.WebauthnCredential{}, fmt.Errorf("failed to commit transaction: %w", err)
} }
return credentialToStore, nil return credentialToStore, nil