Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Response timeout - unclear code #187

Closed
mitar opened this issue Dec 1, 2023 · 1 comment · Fixed by #188
Closed

Response timeout - unclear code #187

mitar opened this issue Dec 1, 2023 · 1 comment · Fixed by #188
Labels
status/in-progress In Progress type/bug Something isn't working

Comments

@mitar
Copy link
Contributor

mitar commented Dec 1, 2023
edited
Loading

Version

0.9.2

Description

I am reading code in BeginRegistration and I wonder why such code:

	if creation.Response.Timeout == 0 {
		switch {
		case creation.Response.AuthenticatorSelection.UserVerification == protocol.VerificationDiscouraged:
			creation.Response.Timeout = int(webauthn.Config.Timeouts.Registration.Timeout.Milliseconds())
		default:
			creation.Response.Timeout = int(webauthn.Config.Timeouts.Registration.Timeout.Milliseconds())
		}
	}

Shouldn't the first case be creation.Response.Timeout = int(webauthn.Config.Timeouts.Registration.TimeoutUVD.Milliseconds())?

Documentation

It says like that in documentation fro TimeoutConfig:

// TimeoutConfig represents the WebAuthn timeouts configuration for either registration or login..
type TimeoutConfig struct {
	// Enforce the timeouts at the Relying Party / Server. This means if enabled and the user takes too long that even
	// if the browser does not enforce the timeout the Relying Party / Server will.
	Enforce bool

	// Timeout is the timeout for logins/registrations when the UserVerificationRequirement is set to anything other
	// than discouraged.
	Timeout time.Duration

	// TimeoutUVD is the timeout for logins/registrations when the UserVerificationRequirement is set to discouraged.
	TimeoutUVD time.Duration
}
@mitar mitar added status/needs-triage Issues that need to be triaged. type/potential-bug Potential Bugs labels Dec 1, 2023
@james-d-elliott
Copy link
Member

You are correct, it should be utilizing that timeout. Thanks for finding this and reporting it, will fix it today.

@james-d-elliott james-d-elliott added type/bug Something isn't working status/in-progress In Progress and removed type/potential-bug Potential Bugs status/needs-triage Issues that need to be triaged. labels Dec 1, 2023
@james-d-elliott james-d-elliott mentioned this issue Dec 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/in-progress In Progress type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: timeout config not propagating go-webauthn/webauthn
2 participants
@mitar @james-d-elliott