sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 07:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix qube issues

Browse Source 
Signed-off-by: jnfrati <nicofrati@gmail.com>
This commit is contained in:
jnfrati
2026-04-08 16:50:54 +02:00
parent 2f87fbf8f3
commit fb2628223a
2 changed files with 66 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
idp/dex/config.go
View File

@@ -504,6 +504,29 @@ func (c *YAMLConfig) Validate() error {
return nil return nil
} }
func buildTotpConfig(auth MFAAuthenticator) (*server.TOTPProvider, error) {
var cfg TOTPConfig
if err := json.Unmarshal(auth.Config, &cfg); err != nil {
return nil, fmt.Errorf("failed to parse TOTP config id: %s - %w", auth.ID, err)
}
return server.NewTOTPProvider(cfg.Issuer, auth.ConnectorTypes), nil
}
func buildWebAuthnConfig(auth MFAAuthenticator, issuerURL string) (*server.WebAuthnProvider, error) {
var cfg WebAuthnConfig
if err := json.Unmarshal(auth.Config, &cfg); err != nil {
return nil, fmt.Errorf("failed to parse WebAuthn config id: %s - %w", auth.ID, err)
}
provider, err := server.NewWebAuthnProvider(cfg.RPDisplayName, cfg.RPID, cfg.RPOrigins,
cfg.AttestationPreference, cfg.Timeout, issuerURL, auth.ConnectorTypes)
if err != nil {
return nil, fmt.Errorf("failed to create WebAuthn provider id: %s - err: %w", auth.ID, err)
}
return provider, nil
}
func buildMFAProviders(authenticators []MFAAuthenticator, issuerURL string, logger *slog.Logger) map[string]server.MFAProvider { func buildMFAProviders(authenticators []MFAAuthenticator, issuerURL string, logger *slog.Logger) map[string]server.MFAProvider {
if len(authenticators) == 0 { if len(authenticators) == 0 {
return nil return nil
@@ -513,23 +536,17 @@ func buildMFAProviders(authenticators []MFAAuthenticator, issuerURL string, logg
for _, auth := range authenticators { for _, auth := range authenticators {
switch auth.Type { switch auth.Type {
case "TOTP": case "TOTP":
var cfg TOTPConfig provider, err := buildTotpConfig(auth)
if err := json.Unmarshal(auth.Config, &cfg); err != nil { if err != nil {
logger.Error("failed to parse TOTP config", "id", auth.ID, "err", err) logger.Error("failed to parse TOTP config", "id", auth.ID, "err", err)
continue continue
} }
providers[auth.ID] = server.NewTOTPProvider(cfg.Issuer, auth.ConnectorTypes) providers[auth.ID] = provider
logger.Info("MFA authenticator configured", "id", auth.ID, "type", auth.Type) logger.Info("MFA authenticator configured", "id", auth.ID, "type", auth.Type)
case "WebAuthn": case "WebAuthn":
var cfg WebAuthnConfig provider, err := buildWebAuthnConfig(auth, issuerURL)
if err := json.Unmarshal(auth.Config, &cfg); err != nil {
logger.Error("failed to parse WebAuthn config", "id", auth.ID, "err", err)
continue
}
provider, err := server.NewWebAuthnProvider(cfg.RPDisplayName, cfg.RPID, cfg.RPOrigins,
cfg.AttestationPreference, cfg.Timeout, issuerURL, auth.ConnectorTypes)
if err != nil { if err != nil {
logger.Error("failed to create WebAuthn provider", "id", auth.ID, "err", err) logger.Error("failed to parse WebAuthn config", "id", auth.ID, "err", err)
continue continue
} }
providers[auth.ID] = provider providers[auth.ID] = provider

69
management/server/idp/embedded.go
View File

@@ -177,37 +177,8 @@ func (c *EmbeddedIdPConfig) ToYAMLConfig() (*dex.YAMLConfig, error) {
} }
if c.EnableMFA { if c.EnableMFA {
totpConfig := dex.TOTPConfig{ if err := configureMFA(cfg); err != nil {
Issuer: "Netbird", return nil, err
}
rawTotpConfig, err := json.Marshal(totpConfig)
if err != nil {
return nil, fmt.Errorf("failed to marshal TOTP config: %v", err)
}
cfg.MFA.Authenticators = []dex.MFAAuthenticator{{
ID: "default-totp",
// Has to be caps otherwise it will fail
Type: "TOTP",
Config: rawTotpConfig,
ConnectorTypes: []string{},
}}
rememberMeEnabled := false
cfg.Sessions = &dex.Sessions{
CookieName: "netbird-session",
AbsoluteLifetime: "24h",
ValidIfNotUsedFor: "1h",
RememberMeCheckedByDefault: &rememberMeEnabled,
SSOSharedWithDefault: "",
}
// Absolutely required, otherwsise the dex server will omit the MFA configuration entirely
os.Setenv("DEX_SESSIONS_ENABLED", "true")
for i := range cfg.StaticClients {
cfg.StaticClients[i].MFAChain = []string{"default-totp"}
} }
} }
@@ -230,6 +201,42 @@ func (c *EmbeddedIdPConfig) ToYAMLConfig() (*dex.YAMLConfig, error) {
return cfg, nil return cfg, nil
} }
func configureMFA(cfg *dex.YAMLConfig) error {
totpConfig := dex.TOTPConfig{
Issuer: "Netbird",
}
rawTotpConfig, err := json.Marshal(totpConfig)
if err != nil {
return fmt.Errorf("failed to marshal TOTP config: %v", err)
}
cfg.MFA.Authenticators = []dex.MFAAuthenticator{{
ID: "default-totp",
// Has to be caps otherwise it will fail
Type: "TOTP",
Config: rawTotpConfig,
ConnectorTypes: []string{},
}}
rememberMeEnabled := false
cfg.Sessions = &dex.Sessions{
CookieName: "netbird-session",
AbsoluteLifetime: "24h",
ValidIfNotUsedFor: "1h",
RememberMeCheckedByDefault: &rememberMeEnabled,
SSOSharedWithDefault: "",
}
// Absolutely required, otherwsise the dex server will omit the MFA configuration entirely
os.Setenv("DEX_SESSIONS_ENABLED", "true")
for i := range cfg.StaticClients {
cfg.StaticClients[i].MFAChain = []string{"default-totp"}
}
return nil
}
// Compile-time check that EmbeddedIdPManager implements Manager interface // Compile-time check that EmbeddedIdPManager implements Manager interface
var _ Manager = (*EmbeddedIdPManager)(nil) var _ Manager = (*EmbeddedIdPManager)(nil)