diff --git a/webauthn-authenticator-rs/examples/authenticate.rs b/webauthn-authenticator-rs/examples/authenticate.rs index d74d4416..a48cbed7 100644 --- a/webauthn-authenticator-rs/examples/authenticate.rs +++ b/webauthn-authenticator-rs/examples/authenticate.rs @@ -4,7 +4,6 @@ extern crate tracing; #[cfg(feature = "softtoken")] use std::fs::OpenOptions; use std::io::{stdin, stdout, Write}; -use std::time::Duration; use clap::clap_derive::ValueEnum; #[cfg(any(feature = "cable", feature = "softtoken"))] @@ -237,7 +236,7 @@ async fn main() { "https://localhost:8080/auth", "localhost", vec![url::Url::parse("https://localhost:8080").unwrap()], - Some(Duration::from_millis(1)), + Some(1), None, None, ); diff --git a/webauthn-rs-core/src/constants.rs b/webauthn-rs-core/src/constants.rs index 0ba5661b..db188827 100644 --- a/webauthn-rs-core/src/constants.rs +++ b/webauthn-rs-core/src/constants.rs @@ -1,5 +1,4 @@ -use std::time::Duration; - // Can this ever change? pub const CHALLENGE_SIZE_BYTES: usize = 32; -pub const DEFAULT_AUTHENTICATOR_TIMEOUT: Duration = Duration::from_millis(60000); +// Allegedly this is milliseconds? +pub const AUTHENTICATOR_TIMEOUT: u32 = 60000; diff --git a/webauthn-rs-core/src/core.rs b/webauthn-rs-core/src/core.rs index 285a3eee..fb0e8ff1 100644 --- a/webauthn-rs-core/src/core.rs +++ b/webauthn-rs-core/src/core.rs @@ -18,7 +18,6 @@ use rand::prelude::*; use std::collections::BTreeSet; use std::convert::TryFrom; -use std::time::Duration; use url::Url; use crate::attestation::{ @@ -26,7 +25,7 @@ use crate::attestation::{ verify_apple_anonymous_attestation, verify_attestation_ca_chain, verify_fidou2f_attestation, verify_packed_attestation, verify_tpm_attestation, AttestationFormat, }; -use crate::constants::{CHALLENGE_SIZE_BYTES, DEFAULT_AUTHENTICATOR_TIMEOUT}; +use crate::constants::{AUTHENTICATOR_TIMEOUT, CHALLENGE_SIZE_BYTES}; use crate::crypto::compute_sha256; use crate::error::WebauthnError; use crate::internals::*; @@ -55,7 +54,7 @@ pub struct WebauthnCore { rp_id: String, rp_id_hash: [u8; 32], allowed_origins: Vec, - authenticator_timeout: Duration, + authenticator_timeout: u32, require_valid_counter_value: bool, #[allow(unused)] ignore_unsupported_attestation_formats: bool, @@ -85,7 +84,7 @@ impl WebauthnCore { rp_name: &str, rp_id: &str, allowed_origins: Vec, - authenticator_timeout: Option, + authenticator_timeout: Option, allow_subdomains_origin: Option, allow_any_port: Option, ) -> Self { @@ -95,7 +94,7 @@ impl WebauthnCore { rp_id: rp_id.to_string(), rp_id_hash, allowed_origins, - authenticator_timeout: authenticator_timeout.unwrap_or(DEFAULT_AUTHENTICATOR_TIMEOUT), + authenticator_timeout: authenticator_timeout.unwrap_or(AUTHENTICATOR_TIMEOUT), require_valid_counter_value: true, ignore_unsupported_attestation_formats: true, allow_cross_origin: false, @@ -214,9 +213,6 @@ impl WebauthnCore { Some(ResidentKeyRequirement::Discouraged) }; - let timeout_millis = - u32::try_from(self.authenticator_timeout.as_millis()).expect("Timeout too large"); - let c = CreationChallengeResponse { public_key: PublicKeyCredentialCreationOptions { rp: RelyingParty { @@ -236,7 +232,7 @@ impl WebauthnCore { alg: *alg as i64, }) .collect(), - timeout: Some(timeout_millis), + timeout: Some(self.authenticator_timeout), attestation: Some(attestation), exclude_credentials: exclude_credentials.as_ref().map(|creds| { creds @@ -939,15 +935,12 @@ impl WebauthnCore { // Extract the appid from the extensions to store it in the AuthenticationState let appid = extensions.as_ref().and_then(|e| e.appid.clone()); - let timeout_millis = - u32::try_from(self.authenticator_timeout.as_millis()).expect("Timeout too large"); - // Store the chal associated to the user. // Now put that into the correct challenge format let r = RequestChallengeResponse { public_key: PublicKeyCredentialRequestOptions { challenge: chal.clone().into(), - timeout: Some(timeout_millis), + timeout: Some(self.authenticator_timeout), rp_id: self.rp_id.clone(), allow_credentials: ac, user_verification: policy, diff --git a/webauthn-rs/src/lib.rs b/webauthn-rs/src/lib.rs index 034c0625..6e19dbc6 100644 --- a/webauthn-rs/src/lib.rs +++ b/webauthn-rs/src/lib.rs @@ -185,7 +185,6 @@ extern crate tracing; mod interface; -use std::time::Duration; use url::Url; use uuid::Uuid; use webauthn_rs_core::error::{WebauthnError, WebauthnResult}; @@ -226,7 +225,6 @@ pub struct WebauthnBuilder<'a> { allowed_origins: Vec, allow_subdomains: bool, allow_any_port: bool, - timeout: Option, algorithms: Vec, user_presence_only_security_keys: bool, } @@ -282,7 +280,6 @@ impl<'a> WebauthnBuilder<'a> { allowed_origins: vec![rp_origin.to_owned()], allow_subdomains: false, allow_any_port: false, - timeout: None, algorithms: COSEAlgorithm::secure_algs(), user_presence_only_security_keys: false, }) @@ -318,14 +315,6 @@ impl<'a> WebauthnBuilder<'a> { self } - /// Set the timeout value to use for credential creation and authentication challenges. - /// - /// If not set, defaults to [webauthn_rs_core::constants::DEFAULT_AUTHENTICATOR_TIMEOUT]. - pub fn timeout(mut self, timeout: Duration) -> Self { - self.timeout = Some(timeout); - self - } - /// Set the relying party name. This may be shown to the user. This value can be changed in /// the future without affecting credentials that have already registered. /// @@ -367,7 +356,7 @@ impl<'a> WebauthnBuilder<'a> { self.rp_name.unwrap_or(self.rp_id), self.rp_id, self.allowed_origins, - self.timeout, + None, Some(self.allow_subdomains), Some(self.allow_any_port), ),