feat(server): customizable authz endpoints (#4296)

This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
author: James Elliott <james-d-elliott@users.noreply.github.com> 2023-01-25 20:36:40 +1100
committer: GitHub <noreply@github.com> 2023-01-25 20:36:40 +1100
commit: 65705a646dfd31e4477af3ffb35c584eb49346a4 (patch)
tree: 882b5df73348c5fc6471e57ef6787c4b04cb68f4 /internal/handlers/handler_register_webauthn.go
parent: 78064dec2e9b48308b71ff8862b27e6f8ded5d56 (diff)
1 files changed, 21 insertions, 5 deletions
diff --git a/internal/handlers/handler_register_webauthn.go b/internal/handlers/handler_register_webauthn.go
index 8a3a8cfc0..a29802f2e 100644
--- a/internal/handlers/handler_register_webauthn.go
+++ b/internal/handlers/handler_register_webauthn.go
@@ -10,6 +10,7 @@ import (
 	"github.com/authelia/authelia/v4/internal/middlewares"
 	"github.com/authelia/authelia/v4/internal/model"
 	"github.com/authelia/authelia/v4/internal/regulation"
+	"github.com/authelia/authelia/v4/internal/session"
 )
 
 // WebauthnIdentityStart the handler for initiating the identity validation.
@@ -31,12 +32,19 @@ var WebauthnIdentityFinish = middlewares.IdentityVerificationFinish(
 // SecondFactorWebauthnAttestationGET returns the attestation challenge from the server.
 func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string) {
 	var (
-		w    *webauthn.WebAuthn
-		user *model.WebauthnUser
-		err  error
+		w           *webauthn.WebAuthn
+		user        *model.WebauthnUser
+		userSession session.UserSession
+		err         error
 	)
 
-	userSession := ctx.GetSession()
+	if userSession, err = ctx.GetSession(); err != nil {
+		ctx.Logger.WithError(err).Errorf("Error occurred retrieving session for %s attestation challenge", regulation.AuthTypeWebauthn)
+
+		respondUnauthorized(ctx, messageUnableToRegisterSecurityKey)
+
+		return
+	}
 
 	if w, err = newWebauthn(ctx); err != nil {
 		ctx.Logger.Errorf("Unable to create %s attestation challenge for user '%s': %+v", regulation.AuthTypeWebauthn, userSession.Username, err)
@@ -88,11 +96,19 @@ func WebauthnAttestationPOST(ctx *middlewares.AutheliaCtx) {
 		w    *webauthn.WebAuthn
 		user *model.WebauthnUser
 
+		userSession session.UserSession
+
 		attestationResponse *protocol.ParsedCredentialCreationData
 		credential          *webauthn.Credential
 	)
 
-	userSession := ctx.GetSession()
+	if userSession, err = ctx.GetSession(); err != nil {
+		ctx.Logger.WithError(err).Errorf("Error occurred retrieving session for %s attestation response", regulation.AuthTypeWebauthn)
+
+		respondUnauthorized(ctx, messageUnableToRegisterSecurityKey)
+
+		return
+	}
 
 	if userSession.Webauthn == nil {
 		ctx.Logger.Errorf("Webauthn session data is not present in order to handle attestation for user '%s'. This could indicate a user trying to POST to the wrong endpoint, or the session data is not present for the browser they used.", userSession.Username)
author	James Elliott <james-d-elliott@users.noreply.github.com>	2023-01-25 20:36:40 +1100
committer	GitHub <noreply@github.com>	2023-01-25 20:36:40 +1100
commit	65705a646dfd31e4477af3ffb35c584eb49346a4 (patch)
tree	882b5df73348c5fc6471e57ef6787c4b04cb68f4 /internal/handlers/handler_register_webauthn.go
parent	78064dec2e9b48308b71ff8862b27e6f8ded5d56 (diff)