From 0cdc0cb147e39a382a1e8345191f19ac69df6217 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Sun, 29 Aug 2021 15:35:25 -0700 Subject: [PATCH] Fix incorrect WebAuthn origin This mainly affects users running Vaultwarden under a subpath. Refs: * https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L941-L948 * https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L316 * https://w3c.github.io/webauthn/#dictionary-client-data --- src/api/core/two_factor/webauthn.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/api/core/two_factor/webauthn.rs b/src/api/core/two_factor/webauthn.rs index 03daf43b..1730d4f0 100644 --- a/src/api/core/two_factor/webauthn.rs +++ b/src/api/core/two_factor/webauthn.rs @@ -22,12 +22,14 @@ pub fn routes() -> Vec { struct WebauthnConfig { url: String, + origin: String, rpid: String, } impl WebauthnConfig { fn load() -> Webauthn { let domain = CONFIG.domain(); + let domain_origin = CONFIG.domain_origin(); Webauthn::new(Self { rpid: reqwest::Url::parse(&domain) .map(|u| u.domain().map(str::to_owned)) @@ -35,6 +37,7 @@ impl WebauthnConfig { .flatten() .unwrap_or_default(), url: domain, + origin: domain_origin, }) } } @@ -45,7 +48,7 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig { } fn get_origin(&self) -> &str { - &self.url + &self.origin } fn get_relying_party_id(&self) -> &str {