From 16fed5331e0653e52ba9cce512f98d3551341ffa Mon Sep 17 00:00:00 2001 From: Michael Farrell Date: Fri, 24 Nov 2023 10:05:28 +1000 Subject: [PATCH] Move `DEFAULT_AUTHENTICATOR_TIMEOUT` into `webauthn-rs`. This fixes a documentation build breakage caused by #385, and shifts default timeouts into our recommended interface. --- webauthn-rs-core/src/constants.rs | 3 --- webauthn-rs-core/src/core.rs | 6 +++--- webauthn-rs/src/lib.rs | 11 +++++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/webauthn-rs-core/src/constants.rs b/webauthn-rs-core/src/constants.rs index 0ba5661b..1ae36a88 100644 --- a/webauthn-rs-core/src/constants.rs +++ b/webauthn-rs-core/src/constants.rs @@ -1,5 +1,2 @@ -use std::time::Duration; - // Can this ever change? pub const CHALLENGE_SIZE_BYTES: usize = 32; -pub const DEFAULT_AUTHENTICATOR_TIMEOUT: Duration = Duration::from_millis(60000); diff --git a/webauthn-rs-core/src/core.rs b/webauthn-rs-core/src/core.rs index 285a3eee..8fe3c62d 100644 --- a/webauthn-rs-core/src/core.rs +++ b/webauthn-rs-core/src/core.rs @@ -26,7 +26,7 @@ use crate::attestation::{ verify_apple_anonymous_attestation, verify_attestation_ca_chain, verify_fidou2f_attestation, verify_packed_attestation, verify_tpm_attestation, AttestationFormat, }; -use crate::constants::{CHALLENGE_SIZE_BYTES, DEFAULT_AUTHENTICATOR_TIMEOUT}; +use crate::constants::CHALLENGE_SIZE_BYTES; use crate::crypto::compute_sha256; use crate::error::WebauthnError; use crate::internals::*; @@ -85,7 +85,7 @@ impl WebauthnCore { rp_name: &str, rp_id: &str, allowed_origins: Vec, - authenticator_timeout: Option, + authenticator_timeout: Duration, allow_subdomains_origin: Option, allow_any_port: Option, ) -> Self { @@ -95,7 +95,7 @@ impl WebauthnCore { rp_id: rp_id.to_string(), rp_id_hash, allowed_origins, - authenticator_timeout: authenticator_timeout.unwrap_or(DEFAULT_AUTHENTICATOR_TIMEOUT), + authenticator_timeout, require_valid_counter_value: true, ignore_unsupported_attestation_formats: true, allow_cross_origin: false, diff --git a/webauthn-rs/src/lib.rs b/webauthn-rs/src/lib.rs index 034c0625..f25b60f4 100644 --- a/webauthn-rs/src/lib.rs +++ b/webauthn-rs/src/lib.rs @@ -217,6 +217,9 @@ pub mod prelude { pub use webauthn_rs_core::AttestationFormat; } +/// The default authenticator interaction timeout, if none is otherwise specified. +pub const DEFAULT_AUTHENTICATOR_TIMEOUT: Duration = Duration::from_millis(60000); + /// A constructor for a new [Webauthn] instance. This accepts and configures a number of site-wide /// properties that apply to all webauthn operations of this service. #[derive(Debug)] @@ -226,7 +229,7 @@ pub struct WebauthnBuilder<'a> { allowed_origins: Vec, allow_subdomains: bool, allow_any_port: bool, - timeout: Option, + timeout: Duration, algorithms: Vec, user_presence_only_security_keys: bool, } @@ -282,7 +285,7 @@ impl<'a> WebauthnBuilder<'a> { allowed_origins: vec![rp_origin.to_owned()], allow_subdomains: false, allow_any_port: false, - timeout: None, + timeout: DEFAULT_AUTHENTICATOR_TIMEOUT, algorithms: COSEAlgorithm::secure_algs(), user_presence_only_security_keys: false, }) @@ -320,9 +323,9 @@ impl<'a> WebauthnBuilder<'a> { /// Set the timeout value to use for credential creation and authentication challenges. /// - /// If not set, defaults to [webauthn_rs_core::constants::DEFAULT_AUTHENTICATOR_TIMEOUT]. + /// If not set, defaults to [DEFAULT_AUTHENTICATOR_TIMEOUT]. pub fn timeout(mut self, timeout: Duration) -> Self { - self.timeout = Some(timeout); + self.timeout = timeout; self }