Support for passkey registration (#2885)

* support for fido2 auth * stub out registration implementations * stub out assertion steps and token issuance * verify token * webauthn tokenable * remove duplicate expiration set * revert sqlproj changes * update sqlproj target framework * update new validator signature * [PM-2014] Passkey registration (#2915) * [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository` * [PM-2014] fix: add missing service registration * [PM-2014] feat: add user verification when fetching options * [PM-2014] feat: create migration script for mssql * [PM-2014] chore: append to todo comment * [PM-2014] feat: add support for creation token * [PM-2014] feat: implement credential saving * [PM-2014] chore: add resident key TODO comment * [PM-2014] feat: implement passkey listing * [PM-2014] feat: implement deletion without user verification * [PM-2014] feat: add user verification to delete * [PM-2014] feat: implement passkey limit * [PM-2014] chore: clean up todo comments * [PM-2014] fix: add missing sql scripts Missed staging them when commiting * [PM-2014] feat: include options response model in swagger docs * [PM-2014] chore: move properties after ctor * [PM-2014] feat: use `Guid` directly as input paramter * [PM-2014] feat: use nullable guid in token * [PM-2014] chore: add new-line * [PM-2014] feat: add support for feature flag * [PM-2014] feat: start adding controller tests * [PM-2014] feat: add user verification test * [PM-2014] feat: add controller tests for token interaction * [PM-2014] feat: add tokenable tests * [PM-2014] chore: clean up commented premium check * [PM-2014] feat: add user service test for credential limit * [PM-2014] fix: run `dotnet format` * [PM-2014] chore: remove trailing comma * [PM-2014] chore: add `Async` suffix * [PM-2014] chore: move delay to constant * [PM-2014] chore: change `default` to `null` * [PM-2014] chore: remove autogenerated weirdness * [PM-2014] fix: lint * Added check for PasswordlessLogin feature flag on new controller and methods. (#3284) * Added check for PasswordlessLogin feature flag on new controller and methods. * fix: build error from missing constructor argument --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> * [PM-4171] Update DB to support PRF (#3321) * [PM-4171] feat: update database to support PRF * [PM-4171] feat: rename `DescriptorId` to `CredentialId` * [PM-4171] feat: add PRF felds to domain object * [PM-4171] feat: add `SupportsPrf` column * [PM-4171] fix: add missing comma * [PM-4171] fix: add comma * [PM-3263] fix identity server tests for passkey registration (#3331) * Added WebAuthnRepo to EF DI * updated config to match current grant types * Remove ExtensionGrantValidator (#3363) * Linting --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-06-30 15:42:48 -05:00 · 2023-10-30 08:40:06 -05:00
parent 330e41a6d9
commit 44c559c723
33 changed files with 1207 additions and 5 deletions
--- a/util/Migrator/DbScripts/2023-05-08-00_WebAuthnLoginCredentials.sql
+++ b/util/Migrator/DbScripts/2023-05-08-00_WebAuthnLoginCredentials.sql
@ -0,0 +1,188 @@
+CREATE TABLE [dbo].[WebAuthnCredential] (
+    [Id]                    UNIQUEIDENTIFIER NOT NULL,
+    [UserId]                UNIQUEIDENTIFIER NOT NULL,
+    [Name]                  NVARCHAR (50)    NOT NULL,
+    [PublicKey]             VARCHAR (256)    NOT NULL,
+    [CredentialId]          VARCHAR (256)    NOT NULL,
+    [Counter]               INT              NOT NULL,
+    [Type]                  VARCHAR (20)     NULL,
+    [AaGuid]                UNIQUEIDENTIFIER NOT NULL,
+    [EncryptedUserKey]      VARCHAR (MAX)    NULL,
+    [EncryptedPrivateKey]   VARCHAR (MAX)    NULL,
+    [EncryptedPublicKey]    VARCHAR (MAX)    NULL,
+    [SupportsPrf]           BIT              NOT NULL,
+    [CreationDate]          DATETIME2 (7)    NOT NULL,
+    [RevisionDate]          DATETIME2 (7)    NOT NULL,
+    CONSTRAINT [PK_WebAuthnCredential] PRIMARY KEY CLUSTERED ([Id] ASC),
+    CONSTRAINT [FK_WebAuthnCredential_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])
+);
+
+GO
+CREATE NONCLUSTERED INDEX [IX_WebAuthnCredential_UserId]
+    ON [dbo].[WebAuthnCredential]([UserId] ASC);
+
+GO
+CREATE VIEW [dbo].[WebAuthnCredentialView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[WebAuthnCredential]
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @UserId UNIQUEIDENTIFIER,
+    @Name NVARCHAR(50),
+    @PublicKey VARCHAR (256),
+    @CredentialId VARCHAR(256),
+    @Counter INT,
+    @Type VARCHAR(20),
+    @AaGuid UNIQUEIDENTIFIER,
+    @EncryptedUserKey VARCHAR (MAX),
+    @EncryptedPrivateKey VARCHAR (MAX),
+    @EncryptedPublicKey VARCHAR (MAX),
+    @SupportsPrf BIT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[WebAuthnCredential]
+    (
+        [Id],
+        [UserId],
+        [Name],
+        [PublicKey],
+        [CredentialId],
+        [Counter],
+        [Type],
+        [AaGuid],
+        [EncryptedUserKey],
+        [EncryptedPrivateKey],
+        [EncryptedPublicKey],
+        [SupportsPrf],
+        [CreationDate],
+        [RevisionDate]
+    )
+    VALUES
+    (
+        @Id,
+        @UserId,
+        @Name,
+        @PublicKey,
+        @CredentialId,
+        @Counter,
+        @Type,
+        @AaGuid,
+        @EncryptedUserKey,
+        @EncryptedPrivateKey,
+        @EncryptedPublicKey,
+        @SupportsPrf,
+        @CreationDate,
+        @RevisionDate
+    )
+END
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_DeleteById]
+    @Id UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    DELETE
+    FROM
+        [dbo].[WebAuthnCredential]
+    WHERE
+        [Id] = @Id
+END
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_ReadById]
+    @Id UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[WebAuthnCredentialView]
+    WHERE
+        [Id] = @Id
+END
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_ReadByUserId]
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[WebAuthnCredentialView]
+    WHERE
+        [UserId] = @UserId
+END
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_Update]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER,
+    @Name NVARCHAR(50),
+    @PublicKey VARCHAR (256),
+    @CredentialId VARCHAR(256),
+    @Counter INT,
+    @Type VARCHAR(20),
+    @AaGuid UNIQUEIDENTIFIER,
+    @EncryptedUserKey VARCHAR (MAX),
+    @EncryptedPrivateKey VARCHAR (MAX),
+    @EncryptedPublicKey VARCHAR (MAX),
+    @SupportsPrf BIT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        [dbo].[WebAuthnCredential]
+    SET
+        [UserId] = @UserId,
+        [Name] = @Name,
+        [PublicKey] = @PublicKey,
+        [CredentialId] = @CredentialId,
+        [Counter] = @Counter,
+        [Type] = @Type,
+        [AaGuid] = @AaGuid,
+        [EncryptedUserKey] = @EncryptedUserKey,
+        [EncryptedPrivateKey] = @EncryptedPrivateKey,
+        [EncryptedPublicKey] = @EncryptedPublicKey,
+        [SupportsPrf] = @SupportsPrf,
+        [CreationDate] = @CreationDate,
+        [RevisionDate] = @RevisionDate
+    WHERE
+        [Id] = @Id
+END
+
+GO
+CREATE PROCEDURE [dbo].[WebAuthnCredential_ReadByIdUserId]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[WebAuthnCredentialView]
+    WHERE
+        [Id] = @Id
+    AND
+        [UserId] = @UserId
+END