Add support for FIDO U2F #3971
Add support for FIDO U2F #3971
Conversation
Signed-off-by: Jonas Franz <[email protected]>
Add missing translations Signed-off-by: Jonas Franz <[email protected]>
techknowlogick
added
the
type/feature
Signed-off-by: Jonas Franz <[email protected]>
Codecov Report
@@ Coverage Diff @@
## master #3971 +/- ##
==========================================
- Coverage 20.08% 20.06% -0.02%
==========================================
Files 151 153 +2
Lines 29874 30122 +248
==========================================
+ Hits 6000 6044 +44
- Misses 22968 23168 +200
- Partials 906 910 +4
Continue to review full report at Codecov.
|
bkcsoft
added
the
lgtm/need 2
|
Test instance: https://try.h.jonasfranz.software/ |
… JS library Add U2F error handling Signed-off-by: Jonas Franz <[email protected]>
Signed-off-by: Jonas Franz <[email protected]>
# Conflicts: # routers/user/setting.go
Signed-off-by: Jonas Franz <[email protected]>
Renamed u2f table name Signed-off-by: Jonas Franz <[email protected]>
Signed-off-by: Jonas Franz <[email protected]>
|
Firefox support above is checked off however I'm using FF 60.0 (64-bit), on MacOS 10.13.4, and I receive the following message: The key I'm using is: https://www.yubico.com/product/yubikey-neo/ Is FF support just FF Mobile? (I see a similar message when trying to add this key to GitHub, so it is likely my browser just has issues with U2F) |
| @@ -570,6 +570,14 @@ MAX_RESPONSE_ITEMS = 50 | |||
| LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR | |||
| NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어 | |||
|
|
|||
| [U2F] | |||
There was a problem hiding this comment.
Could you add a U2F section to the "Config Cheatsheet" page in the docs?
|
@techknowlogick Do you enabled u2f via about:config ? |
Signed-off-by: Jonas Franz <[email protected]>
|
@JonasFranzDEV Ah yes. Thank you for pointing me in that direction. Seems FF has it disabled by default. Enabled it and it works flawlessly. LGTM |
bkcsoft
added
lgtm/need 1
custom/conf/app.ini.sample
Outdated
| [U2F] | ||
| ; Two Factor authentication with security keys | ||
| ; https://developers.yubico.com/U2F/App_ID.html | ||
| APP_ID = https://example.com |
There was a problem hiding this comment.
app.ini.sample should contain values that are same as default
public/js/index.js
Outdated
| u2fApi.ensureSupport() | ||
| .then(function () { | ||
| $.getJSON('/user/u2f/challenge').success(function(req) { | ||
| console.log(req); |
public/js/index.js
Outdated
| if(req.registeredKeys === null) { | ||
| req.registeredKeys = [] | ||
| } | ||
| console.log(req); |
| $.ajax({ | ||
| url:'/user/u2f/sign', | ||
| type:"POST", | ||
| headers: {"X-Csrf-Token": csrf}, |
There was a problem hiding this comment.
I would like X-CSRF-Token correct camelCase.
There was a problem hiding this comment.
We use this at many other places at index.js so I would propose to use the current solution.
public/js/index.js
Outdated
| if (checkError(resp)) { | ||
| return; | ||
| } | ||
| console.log(resp); |
public/js/index.js
Outdated
| $.ajax({ | ||
| url:'/user/settings/security/u2f/register', | ||
| type:"POST", | ||
| headers: {"X-Csrf-Token": csrf}, |
Signed-off-by: Jonas Franz <[email protected]>
Add FIDO U2F to comparison Signed-off-by: Jonas Franz <[email protected]>
|
I can not really test this but otherwise LGTM |
bkcsoft
added
lgtm/done
|
The default locale (english) for text (settings:u2f_desc): "Security keys are hardware devices containing cryptograhic keys. They could be used for two factor authentication. The security key must support the FIDO U2F standard." is incorrect in word "cryptograhic", correct is "cryptographic". |
|
Please create an issue for that
Am 21. Mai 2018 16:43:04 MESZ schrieb Joel da Rosa <[email protected]>:
…The default locale (english) for text (settings:u2f_desc): "Security
keys are hardware devices containing cryptograhic keys. They could be
used for two factor authentication. The security key must support the
<a href="https://fidoalliance.org/">FIDO U2F</a> standard." is
incorrect in word "cryptograhic", correct is "cryptographic".
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#3971 (comment)
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
|
|
Somebody already fixed it |
|
Can you tell when this feature will be released? |
|
We're trying to release 1.5 in the next days since we have only ~1-2 PRs which must be merged. |
* SECURITY * Limit uploaded avatar image-size to 4096x3072 by default (go-gitea#4353) * Do not allow to reuse TOTP passcode (go-gitea#3878) * FEATURE * Add cli commands to regen hooks & keys (go-gitea#3979) * Add support for FIDO U2F (go-gitea#3971) * Added user language setting (go-gitea#3875) * LDAP Public SSH Keys synchronization (go-gitea#1844) * Add topic support (go-gitea#3711) * Multiple assignees (go-gitea#3705) * Add protected branch whitelists for merging (go-gitea#3689) * Global code search support (go-gitea#3664) * Add label descriptions (go-gitea#3662) * Add issue search via API (go-gitea#3612) * Add repository setting to enable/disable health checks (go-gitea#3607) * Emoji Autocomplete (go-gitea#3433) * Implements generator cli for secrets (go-gitea#3531) * ENHANCEMENT * Add more webhooks support and refactor webhook templates directory (go-gitea#3929) * Add new option to allow only OAuth2/OpenID user registration (go-gitea#3910) * Add option to use paged LDAP search when synchronizing users (go-gitea#3895) * Symlink icons (go-gitea#1416) * Improve release page UI (go-gitea#3693) * Add admin dashboard option to run health checks (go-gitea#3606) * Add branch link in branch list (go-gitea#3576) * Reduce sql query times in retrieveFeeds (go-gitea#3547) * Option to enable or disable swagger endpoints (go-gitea#3502) * Add missing licenses (go-gitea#3497) * Reduce repo indexer disk usage (go-gitea#3452) * Enable caching on assets and avatars (go-gitea#3376) * Add repository search ordered by stars/forks. Forks column in admin repo list (go-gitea#3969) * Add Environment Variables to Docker template (go-gitea#4012) * LFS: make HTTP auth period configurable (go-gitea#4035) * Add config path as an optionial flag when changing pass via CLI (go-gitea#4184) * Refactor User Settings sections (go-gitea#3900) * Allow square brackets in external issue patterns (go-gitea#3408) * Add Attachment API (go-gitea#3478) * Add EnableTimetracking option to app settings (go-gitea#3719) * Add config option to enable or disable log executed SQL (go-gitea#3726) * Shows total tracked time in issue and milestone list (go-gitea#3341) * TRANSLATION * Improve English grammar and consistency (go-gitea#3614) * DEPLOYMENT * Allow Gitea to run as different USER in Docker (go-gitea#3961) * Provide compressed release binaries (go-gitea#3991) * Sign release binaries (go-gitea#4188)
Fixes #1024
Adds support for FIDO U2F as an addition to Two-Factor Authentication by Phone.
Currently it is only works with Chrome but I am trying to support Firefox and Android too.Requirements
Video example
TODO
iOS support (Hardware required)(no software support by iOS currently)iOS
I cannot test iOS at the moment because my security key does not support Bluetooth LE. If you want to provide me a BLE key, please contact me via Discord.Thanks to @techknowlogick for sponsoring a Bluetooth LE key.