mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #21917 from nextcloud/backport/21880/stable19 

[stable19] Discourage webauthn user interaction
This commit is contained in:
Morris Jobke 2020-07-20 14:16:22 +02:00 committed by GitHub
parent d2c152f46b 45108b087e
commit 8e0158f064
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/private/Authentication/WebAuthn/Manager.php
View File

@ -107,7 +107,11 @@ class Manager {
$excludedPublicKeyDescriptors = [
];
$authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria();
$authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(
null,
false,
AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
);
return new PublicKeyCredentialCreationOptions(
$rpEntity,
@ -186,7 +190,8 @@ class Manager {
random_bytes(32), // Challenge
60000, // Timeout
$this->stripPort($serverHost), // Relying Party ID
$registeredPublicKeyCredentialDescriptors // Registered PublicKeyCredentialDescriptor classes
$registeredPublicKeyCredentialDescriptors, // Registered PublicKeyCredentialDescriptor classes
AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
);
}