[pbs-devel] [PATCH proxmox-backup v2 0/4] improving webauthn handling

Dominik Csapak d.csapak at proxmox.com
Thu Feb 25 10:01:18 CET 2021


it seems my gui patch for setting the userverification was a bit
hasty, since the rust crate has some options for that

this series reverts the gui part, and sets the backend
to 'discourage' userVerification, since 'Preferred' is not more secure
and makes logging in harder (on some devices)

in the future (when [0] is solved), we could expose a server
setting (either per instance or per user) that sets either always
'Discouraged' or 'Required'

changes from v1:
* show webauthn errors on login
* explicitly handle register errors, and try to give a meaningful message
  for errors that indicate a duplicate authenticator

0: https://github.com/kanidm/webauthn-rs/pull/49

Dominik Csapak (4):
  config/tfa: set UserVerificationPolicy to Discouraged
  Revert "ui: window/Settings / WebAuthn: add browser setting for
    userVerificationo"
  config/tfa: webauthn: disallow registering a token twice
  ui: LoginView: show webauthn errors in window

 src/config/tfa.rs         | 19 ++++++++++++++++---
 www/LoginView.js          | 19 ++++++++++++++-----
 www/window/AddWebauthn.js | 34 ++++++++++++++++++++++++++--------
 www/window/Settings.js    | 30 +-----------------------------
 4 files changed, 57 insertions(+), 45 deletions(-)

-- 
2.20.1






More information about the pbs-devel mailing list