domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Remove U2F support (#20141)

Browse source 
- Completely remove U2F support from 1.18.0, 1.17.0 will be the last
release that U2F is somewhat supported. Users who used U2F would already
be warned about using U2F for a while now and should hopefully already
be migrated. But starting 1.18 definitely remove it.
This commit is contained in:
Gusted 2022-06-27 04:20:58 +02:00 committed by GitHub
parent 5d3f99c7c6
commit 0048595811
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 4 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

5
routers/web/auth/auth.go
View file

@ -266,7 +266,7 @@ func SignInPost(ctx *context.Context) {
}
if hasTOTPtwofa {
// User will need to use U2F, save data
// User will need to use WebAuthn, save data
if err := ctx.Session.Set("totpEnrolled", u.ID); err != nil {
ctx.ServerError("UserSignIn: Unable to set WebAuthn Enrolled in session", err)
return
@ -278,7 +278,7 @@ func SignInPost(ctx *context.Context) {
return
}
// If we have U2F redirect there first
// If we have WebAuthn redirect there first
if hasWebAuthnTwofa {
ctx.Redirect(setting.AppSubURL + "/user/webauthn")
return
@ -317,7 +317,6 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
_ = ctx.Session.Delete("openid_determined_username")
_ = ctx.Session.Delete("twofaUid")
_ = ctx.Session.Delete("twofaRemember")
_ = ctx.Session.Delete("u2fChallenge")
_ = ctx.Session.Delete("linkAccount")
if err := ctx.Session.Set("uid", u.ID); err != nil {
log.Error("Error setting uid %d in session: %v", u.ID, err)