3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: allow access to /.pomerium/webauthn when policy denies access (#4015)

Browse source
This commit is contained in:
Caleb Doxsey 2023-02-27 09:49:06 -07:00 committed by GitHub
parent 88915a79c1
commit 76a7ce3a6f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 55 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/urlutil/known.go
View file

@ -34,15 +34,21 @@ func SignOutURL(r *http.Request, authenticateURL *url.URL, key []byte) string {
return NewSignedURL(key, u).Sign().String()
}
// Device paths
const (
WebAuthnURLPath = "/.pomerium/webauthn"
DeviceEnrolledPath = "/.pomerium/device-enrolled"
)
// WebAuthnURL returns the /.pomerium/webauthn URL.
func WebAuthnURL(r *http.Request, authenticateURL *url.URL, key []byte, values url.Values) string {
u := authenticateURL.ResolveReference(&url.URL{
Path: "/.pomerium/webauthn",
Path: WebAuthnURLPath,
RawQuery: buildURLValues(values, url.Values{
QueryDeviceType: {DefaultDeviceType},
QueryEnrollmentToken: nil,
QueryRedirectURI: {authenticateURL.ResolveReference(&url.URL{
Path: "/.pomerium/device-enrolled",
Path: DeviceEnrolledPath,
}).String()},
}).Encode(),
})