Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo"

even if the options *could* be set in the frontend, the backend actually has to do validation of those settings, thus we should not make that a browser setting additionally, having the value 'preferred' does not actually make sense, since it does not add any security (the backend skips the userverification check then) This reverts commit aca4c2b5a9. Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-25 10:01:20 +01:00 · 2021-02-25 10:01:20 +01:00 · b452e2df74
parent 7f37cacfac
commit b452e2df74
3 changed files with 1 additions and 41 deletions
--- a/www/LoginView.js
+++ b/www/LoginView.js
@ -390,11 +390,6 @@ Ext.define('PBS.login.TfaWindow', {
 		// Byte array fixup, keep challenge string:
 		challenge.string = challenge.publicKey.challenge;
 		challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string);
-		let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
-		if (userVerification !== undefined) {
-		    challenge.publicKey.userVerification = userVerification;
-		}
-
 		for (const cred of challenge.publicKey.allowCredentials) {
 		    cred.id = PBS.Utils.base64url_to_bytes(cred.id);
 		}
--- a/www/window/AddWebauthn.js
+++ b/www/window/AddWebauthn.js
@ -79,13 +79,6 @@ Ext.define('PBS.window.AddWebauthn', {
 		// string to pass in the response:
 		let challenge_str = challenge_obj.publicKey.challenge;
 		challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
-		let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
-		if (userVerification !== undefined) {
-		    challenge_obj.publicKey.authenticatorSelection = {
-			userVerification,
-		    };
-		}
-
 		challenge_obj.publicKey.user.id =
 		    PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id);

--- a/www/window/Settings.js
+++ b/www/window/Settings.js
@ -30,9 +30,6 @@ Ext.define('PBS.window.Settings', {
 	    let username = sp.get('login-username') || Proxmox.Utils.noneText;
 	    me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));

-	    let userverification= sp.get('webauthn-user-verification') || '__default__';
-	    me.lookupReference('webauthnUserVerification').setValue(userverification);
-
 	    let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight'];
 	    settings.forEach(function(setting) {
 		let val = localStorage.getItem('pve-xterm-' + setting);
@ -94,7 +91,7 @@ Ext.define('PBS.window.Settings', {
 	    },
 	    'button[name=reset]': {
 		click: function() {
-		    let blacklist = ['login-username', 'webauthn-user-verification'];
+		    let blacklist = ['login-username'];
 		    let sp = Ext.state.Manager.getProvider();
 		    for (const state of Object.values(sp.state)) {
 			if (blacklist.indexOf(state) !== -1) {
@ -117,14 +114,6 @@ Ext.define('PBS.window.Settings', {
 		    sp.clear('login-username');
 		},
 	    },
-	    'field[reference=webauthnUserVerification]': {
-		change: function(e, v) {
-		    if (v === '__default__') {
-			v = undefined;
-		    }
-		    Ext.state.Manager.getProvider().set('webauthn-user-verification', v);
-		},
-	    },
 	},
    },

@ -185,23 +174,6 @@ Ext.define('PBS.window.Settings', {
 		    },
 		],
 	    },
-	    {
-		xtype: 'box',
-		autoEl: { tag: 'hr' },
-	    },
-	    {
-		xtype: 'proxmoxKVComboBox',
-		fieldLabel: gettext('WebAuthn User Verification') + ':',
-		labelWidth: 150,
-		stateId: 'webauthn-user-verification',
-		reference: 'webauthnUserVerification',
-		value: '__default__',
-		comboItems: [
-		    ['__default__', Proxmox.Utils.defaultText],
-		    ['discouraged', gettext('Discouraged')],
-		    ['preferred', gettext('Preferred')],
-		],
-	    },
 	],
    },
    {