From 344e35d988c479ea2a7c5469e447a1d4284cb8c7 Mon Sep 17 00:00:00 2001 From: bjoern-m <56024829+bjoern-m@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:16:13 +0200 Subject: [PATCH] feat: save the security key during login (#1629) --- ...on_webauthn_verify_attestation_response.go | 31 +++++++++++++++++-- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go b/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go index 4c37fcf83..9dea98f47 100644 --- a/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go +++ b/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go @@ -4,9 +4,12 @@ import ( "errors" "fmt" "github.com/gofrs/uuid" + auditlog "github.com/teamhanko/hanko/backend/audit_log" + "github.com/teamhanko/hanko/backend/dto/intern" "github.com/teamhanko/hanko/backend/flow_api/flow/shared" "github.com/teamhanko/hanko/backend/flow_api/services" "github.com/teamhanko/hanko/backend/flowpilot" + "github.com/teamhanko/hanko/backend/persistence/models" ) type WebauthnVerifyAttestationResponse struct { @@ -71,10 +74,32 @@ func (a WebauthnVerifyAttestationResponse) Execute(c flowpilot.ExecutionContext) return fmt.Errorf("failed to verify attestation response: %w", err) } - if c.Stash().Get(shared.StashPathMFAMethod).String() == "security_key" { - err = c.Stash().Set(shared.StashPathSecurityKey, credential) + if c.GetFlowName() == shared.FlowLogin { + credentialModel := intern.WebauthnCredentialToModel(credential, userID, false, false, true, deps.AuthenticatorMetadata) + err = deps.Persister.GetWebauthnCredentialPersisterWithConnection(deps.Tx).Create(*credentialModel) + if err != nil { + return fmt.Errorf("failed to persist the webauthn credential: %w", err) + } + + userModel, err := deps.Persister.GetUserPersisterWithConnection(deps.Tx).Get(userID) + if err != nil { + return fmt.Errorf("failed to user from db: %w", err) + } + + err = deps.AuditLogger.CreateWithConnection(deps.Tx, deps.HttpContext, models.AuditLogSecurityKeyCreated, + userModel, + nil, + auditlog.Detail("security_key", credential.ID), + ) + if err != nil { + return fmt.Errorf("failed to persist audit log entry: %w", err) + } } else { - err = c.Stash().Set(shared.StashPathWebauthnCredential, credential) + if c.Stash().Get(shared.StashPathMFAMethod).String() == "security_key" { + err = c.Stash().Set(shared.StashPathSecurityKey, credential) + } else { + err = c.Stash().Set(shared.StashPathWebauthnCredential, credential) + } } if err != nil {