-
+
+
+
+ | ID |
+ |
+
-
+
+ |
+
+ |
+
+ |
+
+
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 1404db29..e9055744 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1037,11 +1037,11 @@ function fido2($_data) {
}
return $cids;
break;
- case "get_pub_key":
+ case "get_by_b64cid":
if (!isset($_data['cid']) || empty($_data['cid'])) {
return false;
}
- $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
+ $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey`, SHA2(`credentialId`, 256) AS `cid` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
$stmt->execute(array(':cid' => $_data['cid']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row) || empty($row['credentialPublicKey']) || empty($row['username'])) {
@@ -1049,7 +1049,8 @@ function fido2($_data) {
}
$data['pub_key'] = $row['credentialPublicKey'];
$data['username'] = $row['username'];
- $data['key_id'] = $row['certificateSubject'];
+ $data['subject'] = $row['certificateSubject'];
+ $data['cid'] = $row['cid'];
return $data;
break;
case "get_friendly_names":
@@ -1058,11 +1059,15 @@ function fido2($_data) {
$_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
- $stmt = $pdo->prepare("SELECT `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
+ $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
$stmt->execute(array(':username' => $username));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) {
- $fns[] = array("subject" => $row['certificateSubject'], "fn" => $row['friendlyName']);
+ $fns[] = array(
+ "subject" => $row['certificateSubject'],
+ "fn" => $row['friendlyName'],
+ "cid" => $row['cid']
+ );
}
return $fns;
break;
@@ -1077,8 +1082,11 @@ function fido2($_data) {
);
return false;
}
- $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND `certificateSubject` = :certificateSubject");
- $stmt->execute(array(':username' => $username, ':certificateSubject' => $_data['post_data']['unset_fido2_key']));
+ $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND SHA2(`credentialId`, 256) = :cid");
+ $stmt->execute(array(
+ ':username' => $username,
+ ':cid' => $_data['post_data']['unset_fido2_key']
+ ));
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_data_log),
@@ -1096,11 +1104,11 @@ function fido2($_data) {
);
return false;
}
- $stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE `certificateSubject` = :certificateSubject AND `username` = :username");
+ $stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE SHA2(`credentialId`, 256) = :cid AND `username` = :username");
$stmt->execute(array(
':username' => $username,
':friendlyName' => $_data['fido2_attrs']['fido2_fn'],
- ':certificateSubject' => base64_decode($_data['fido2_attrs']['fido2_subject'])
+ ':cid' => $_data['fido2_attrs']['fido2_cid']
));
$_SESSION['return'][] = array(
'type' => 'success',
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 34e11f44..bdb2eaa9 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -457,7 +457,7 @@ jQuery(function($){
$('#fido2ChangeFn').on('show.bs.modal', function (e) {
rename_link = $(e.relatedTarget)
if (rename_link != null) {
- $('#fido2_subject').val(rename_link.data('subject'));
+ $('#fido2_cid').val(rename_link.data('cid'));
$('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
}
})
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 83ee793e..0fdec8f9 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -296,6 +296,15 @@ jQuery(function($){
draw_wl_policy_mailbox_table();
draw_bl_policy_mailbox_table();
+ // FIDO2 friendly name modal
+ $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+ rename_link = $(e.relatedTarget)
+ if (rename_link != null) {
+ $('#fido2_cid').val(rename_link.data('cid'));
+ $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+ }
+ })
+
// Sieve data modal
$('#userFilterModal').on('show.bs.modal', function(e) {
$('#user_sieve_filter').text(lang.loading);
diff --git a/data/web/json_api.php b/data/web/json_api.php
index d7ac4f06..04616819 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -277,7 +277,7 @@ if (isset($_GET['query'])) {
$signature = base64_decode($post->signature);
$id = base64_decode($post->id);
$challenge = $_SESSION['challenge'];
- $process_fido2 = fido2(array("action" => "get_pub_key", "cid" => $post->id));
+ $process_fido2 = fido2(array("action" => "get_by_b64cid", "cid" => $post->id));
if ($process_fido2['pub_key'] === false) {
$return = new stdClass();
$return->success = false;
@@ -296,7 +296,6 @@ if (isset($_GET['query'])) {
}
$return = new stdClass();
$return->success = true;
- $_SESSION["fido2_subject"] = $process_fido2['key_id'];
$stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
$stmt->execute(array(':username' => $process_fido2['username']));
$obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -307,6 +306,7 @@ if (isset($_GET['query'])) {
$_SESSION["mailcow_cc_role"] = "domainadmin";
}
$_SESSION["mailcow_cc_username"] = $process_fido2['username'];
+ $_SESSION["fido2_cid"] = $process_fido2['cid'];
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array("fido2_login"),
diff --git a/data/web/modals/admin.php b/data/web/modals/admin.php
index 54eedc53..e796d2e1 100644
--- a/data/web/modals/admin.php
+++ b/data/web/modals/admin.php
@@ -111,11 +111,11 @@ if (!isset($_SESSION['mailcow_cc_role'])) {