Brijesh's Git Server — whodis @ master

built this as a refresher on handling webauthn

core/internal/models/credential.go (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 
package models

import (
	"github.com/go-webauthn/webauthn/protocol"
	"github.com/go-webauthn/webauthn/webauthn"
)

// Credential represents a WebAuthn credential
type Credential struct {
	ID             string // database record ID
	UserID         string // foreign key to users table
	PublicKey      []byte // stored public key
	CredentialID   []byte // WebAuthn credential ID
	SignCount      uint32
	AAGUID         []byte
	CloneWarning   bool
	Attachment     protocol.AuthenticatorAttachment
	BackupEligible bool
	BackupState    bool
}

type CredentialFlags struct {
	// Flag UP indicates the users presence.
	UserPresent bool `json:"userPresent"`

	// Flag UV indicates the user performed verification.
	UserVerified bool `json:"userVerified"`

	// Flag BE indicates the credential is able to be backed up and/or sync'd between devices. This should NEVER change.
	BackupEligible bool `json:"backupEligible"`

	// Flag BS indicates the credential has been backed up and/or sync'd. This value can change but it's recommended
	// that RP's keep track of this value.
	BackupState bool `json:"backupState"`
}

// ToWebauthnCredential converts our Credential to a webauthn.Credential
func (c *Credential) ToWebauthnCredential() webauthn.Credential {
	return webauthn.Credential{
		ID:        c.CredentialID,
		PublicKey: c.PublicKey,
		Flags: webauthn.CredentialFlags{
			UserPresent:    true,
			UserVerified:   true,
			BackupEligible: c.BackupEligible,
			BackupState:    c.BackupState,
		},
		Authenticator: webauthn.Authenticator{
			SignCount:    c.SignCount,
			AAGUID:       c.AAGUID,
			CloneWarning: c.CloneWarning,
			Attachment:   c.Attachment,
		},
	}
}