[pbs-devel] [PATCH proxmox-backup 2/3] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo"

Dominik Csapak d.csapak at proxmox.com
Mon Feb 22 10:43:00 CET 2021


even if the options *could* be set in the frontend, the backend
actually has to do validation of those settings, thus we should not
make that a browser setting

additionally, having the value 'preferred' does not actually make sense,
since it does not add any security (the backend currently skips the
user verification check then)

This reverts commit aca4c2b5a9de23f7cafab92da0f88123f4ca5d8c.

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 www/LoginView.js          |  5 -----
 www/window/AddWebauthn.js |  7 -------
 www/window/Settings.js    | 30 +-----------------------------
 3 files changed, 1 insertion(+), 41 deletions(-)

diff --git a/www/LoginView.js b/www/LoginView.js
index a3ffec77..1c7a977c 100644
--- a/www/LoginView.js
+++ b/www/LoginView.js
@@ -390,11 +390,6 @@ Ext.define('PBS.login.TfaWindow', {
 		// Byte array fixup, keep challenge string:
 		challenge.string = challenge.publicKey.challenge;
 		challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string);
-		let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
-		if (userVerification !== undefined) {
-		    challenge.publicKey.userVerification = userVerification;
-		}
-
 		for (const cred of challenge.publicKey.allowCredentials) {
 		    cred.id = PBS.Utils.base64url_to_bytes(cred.id);
 		}
diff --git a/www/window/AddWebauthn.js b/www/window/AddWebauthn.js
index d2434f2c..16731a63 100644
--- a/www/window/AddWebauthn.js
+++ b/www/window/AddWebauthn.js
@@ -79,13 +79,6 @@ Ext.define('PBS.window.AddWebauthn', {
 		// string to pass in the response:
 		let challenge_str = challenge_obj.publicKey.challenge;
 		challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
-		let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
-		if (userVerification !== undefined) {
-		    challenge_obj.publicKey.authenticatorSelection = {
-			userVerification,
-		    };
-		}
-
 		challenge_obj.publicKey.user.id =
 		    PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id);
 
diff --git a/www/window/Settings.js b/www/window/Settings.js
index 7059605c..ee8464be 100644
--- a/www/window/Settings.js
+++ b/www/window/Settings.js
@@ -30,9 +30,6 @@ Ext.define('PBS.window.Settings', {
 	    let username = sp.get('login-username') || Proxmox.Utils.noneText;
 	    me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));
 
-	    let userverification= sp.get('webauthn-user-verification') || '__default__';
-	    me.lookupReference('webauthnUserVerification').setValue(userverification);
-
 	    let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight'];
 	    settings.forEach(function(setting) {
 		let val = localStorage.getItem('pve-xterm-' + setting);
@@ -94,7 +91,7 @@ Ext.define('PBS.window.Settings', {
 	    },
 	    'button[name=reset]': {
 		click: function() {
-		    let blacklist = ['login-username', 'webauthn-user-verification'];
+		    let blacklist = ['login-username'];
 		    let sp = Ext.state.Manager.getProvider();
 		    for (const state of Object.values(sp.state)) {
 			if (blacklist.indexOf(state) !== -1) {
@@ -117,14 +114,6 @@ Ext.define('PBS.window.Settings', {
 		    sp.clear('login-username');
 		},
 	    },
-	    'field[reference=webauthnUserVerification]': {
-		change: function(e, v) {
-		    if (v === '__default__') {
-			v = undefined;
-		    }
-		    Ext.state.Manager.getProvider().set('webauthn-user-verification', v);
-		},
-	    },
 	},
     },
 
@@ -185,23 +174,6 @@ Ext.define('PBS.window.Settings', {
 		    },
 		],
 	    },
-	    {
-		xtype: 'box',
-		autoEl: { tag: 'hr' },
-	    },
-	    {
-		xtype: 'proxmoxKVComboBox',
-		fieldLabel: gettext('WebAuthn User Verification') + ':',
-		labelWidth: 150,
-		stateId: 'webauthn-user-verification',
-		reference: 'webauthnUserVerification',
-		value: '__default__',
-		comboItems: [
-		    ['__default__', Proxmox.Utils.defaultText],
-		    ['discouraged', gettext('Discouraged')],
-		    ['preferred', gettext('Preferred')],
-		],
-	    },
 	],
     },
     {
-- 
2.20.1






More information about the pbs-devel mailing list