Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Web] increase mysql publicKey field length

Browse Source
This commit is contained in:
FreddleSpl0it 2022-03-14 09:29:07 +01:00
parent 49c506eed9
commit e7fe52a625
No known key found for this signature in database
GPG Key ID: F1B3BE8A3BBA3451
2 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/web/inc/init_db.inc.php
View File

@ -3,7 +3,7 @@ function init_db_schema() {
try {
global $pdo;
$db_version = "18012022_1020";
$db_version = "14032022_0921";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -699,7 +699,7 @@ function init_db_schema() {
"authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
"secret" => "VARCHAR(255) DEFAULT NULL",
"keyHandle" => "VARCHAR(255) DEFAULT NULL",
"publicKey" => "VARCHAR(255) DEFAULT NULL",
"publicKey" => "VARCHAR(4096) DEFAULT NULL",
"counter" => "INT NOT NULL DEFAULT '0'",
"certificate" => "TEXT",
"active" => "TINYINT(1) NOT NULL DEFAULT '0'"

21
data/web/json_api.php
View File

@ -175,15 +175,22 @@ if (isset($_GET['query'])) {
// parse post data
$post = trim(file_get_contents('php://input'));
if ($post) $post = json_decode($post);
// decode base64 strings
$clientDataJSON = base64_decode($post->clientDataJSON);
$attestationObject = base64_decode($post->attestationObject);
// process registration data from authenticator
try {
// decode base64 strings
$clientDataJSON = base64_decode($post->clientDataJSON);
$attestationObject = base64_decode($post->attestationObject);
// processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true)
$data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $_SESSION['challenge'], false, true);
// safe authenticator in mysql `tfa` table
$_data['tfa_method'] = $post->tfa_method;
$_data['key_id'] = $post->key_id;
$_data['confirm_password'] = $post->confirm_password;
$_data['registration'] = $data;
set_tfa($_data);
}
catch (Throwable $ex) {
// err
@ -194,12 +201,6 @@ if (isset($_GET['query'])) {
exit;
}
// safe authenticator in mysql `tfa` table
$_data['tfa_method'] = $post->tfa_method;
$_data['key_id'] = $post->key_id;
$_data['confirm_password'] = $post->confirm_password;
$_data['registration'] = $data;
set_tfa($_data);
// send response
$return = new stdClass();