diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2025-02-23 16:08:49 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-23 16:08:49 +1100 |
| commit | 197b45521f5e3799d0b9ef1ec0000d4f83abdee9 (patch) | |
| tree | 065752a305c6edccaca3d72dfe45868029df8c54 /internal/handlers/handler_webauthn_credentials_test.go | |
| parent | 8a5e96a342d28c00b7dcaa72d16f39ddfcdaec74 (diff) | |
feat(webauthn): passkeys (#7942)
Add support for passkeys, granular attachment modality, granular authenticator selection, and authenticator filtering which is commonly used in an enterprise environment. This also adds metadata verification elements utilizing the MDS3 to the project, including saving attestation statements, verification of attestation statements, etc. This also makes a significant change to the authentication level logic to purely use RFC8176 authentication method references to ensure the future-proof nature of the implementation. This change paves the way for the future of Authelia ensuring we can add custom policies in the future to allow administrators to very deliberately decide what authentication methods are sufficient for a given resource as well as the ability to clearly communicate these authentication methods to third parties via OpenID Connect 1.0 and SAML 2.0. It should be noted that at the time of this commit Passkey authentication is considered a single factor and we will at a later stage add the customizable policies described here to handle other use cases, though we've included a flag that considers properly implemented passkeys as if they were MFA.
Closes #2827, Closes #2761
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/handlers/handler_webauthn_credentials_test.go')
| -rw-r--r-- | internal/handlers/handler_webauthn_credentials_test.go | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/internal/handlers/handler_webauthn_credentials_test.go b/internal/handlers/handler_webauthn_credentials_test.go index 540494299..5a112d010 100644 --- a/internal/handlers/handler_webauthn_credentials_test.go +++ b/internal/handlers/handler_webauthn_credentials_test.go @@ -88,7 +88,7 @@ func TestWebAuthnCredentialsGET(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -115,7 +115,7 @@ func TestWebAuthnCredentialsGET(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -135,7 +135,7 @@ func TestWebAuthnCredentialsGET(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -155,7 +155,7 @@ func TestWebAuthnCredentialsGET(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -206,7 +206,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -238,7 +238,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -270,7 +270,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -300,7 +300,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -330,7 +330,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -358,7 +358,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -384,7 +384,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -418,7 +418,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -439,7 +439,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) }, @@ -458,7 +458,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) }, @@ -487,7 +487,7 @@ func TestWebAuthnCredentialsPUT(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -543,7 +543,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -574,7 +574,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -607,7 +607,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -637,7 +637,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -664,7 +664,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -688,7 +688,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) @@ -712,7 +712,7 @@ func TestWebAuthnCredentialsDELETE(t *testing.T) { require.NoError(t, err) us.Username = testUsername - us.AuthenticationLevel = authentication.OneFactor + us.AuthenticationMethodRefs.UsernameAndPassword = true require.NoError(t, mock.Ctx.SaveSession(us)) |