[pbs-devel] [PATCH proxmox] tfa: webauthn: serialize OriginUrl following RFC6454
Wolfgang Bumiller
w.bumiller at proxmox.com
Mon Jun 3 11:24:15 CEST 2024
On Tue, Apr 23, 2024 at 01:19:53PM GMT, Maximiliano Sandoval wrote:
> We serialize `OriginUrl` using the ASCII serialization mentioned at
> [RFC6454] section 6.2 or [1]. Note that the unicode serialization is not
> used widely adopted [2].
>
> Note that `url::Url` serialize with a trailign slash, e.g.
> https://foo.bar serializes as https://foo.bar/ which is not the origin
> for this domain.
>
> [RFC6454] https://www.rfc-editor.org/rfc/rfc6454
> [1] https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
> [2] https://html.spec.whatwg.org/multipage/browsers.html#unicode-serialisation-of-an-origin
>
> Signed-off-by: Maximiliano Sandoval <m.sandoval at proxmox.com>
> ---
>
> I tested that existing hardware keys would still unlock the user after
> installing this patch.
>
> proxmox-tfa/src/api/webauthn.rs | 33 +++++++++++++++++----------------
> 1 file changed, 17 insertions(+), 16 deletions(-)
>
> diff --git a/proxmox-tfa/src/api/webauthn.rs b/proxmox-tfa/src/api/webauthn.rs
> index 0f908229..4c854011 100644
> --- a/proxmox-tfa/src/api/webauthn.rs
> +++ b/proxmox-tfa/src/api/webauthn.rs
> @@ -10,10 +10,19 @@ use proxmox_schema::{api, Updater, UpdaterType};
>
> use super::IsExpired;
>
> -#[derive(Clone, Deserialize, Serialize)]
> +#[derive(Clone, Deserialize)]
> /// Origin URL for WebauthnConfig
> pub struct OriginUrl(Url);
>
> +impl serde::Serialize for OriginUrl {
> + fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
> + where
> + S: serde::Serializer,
> + {
> + serializer.serialize_str(&self.to_string())
> + }
> +}
> +
> #[cfg(feature = "api-types")]
> impl UpdaterType for OriginUrl {
> type Updater = Option<Self>;
> @@ -27,23 +36,15 @@ impl std::str::FromStr for OriginUrl {
> }
> }
>
> -impl std::ops::Deref for OriginUrl {
This is an API break, do the Deref impls actually cause issues with
this? If not, I'd like to drop this and instead add a `TODO/FIXME`
comment to do this on the next major bump.
More information about the pbs-devel
mailing list