use json

Author: wxiaoguang

models/auth/webauthn.go

@@ -9,6 +9,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 
@@ -51,7 +53,7 @@ type WebAuthnCredential struct {
 	PublicKey       []byte
 	AttestationType string
 	AAGUID          []byte
-	Flags           protocol.AuthenticatorFlags
+	CredentialFlags string `xorm:"TEXT DEFAULT ''"`
 	SignCount       uint32 `xorm:"BIGINT"`
 	CloneWarning    bool
 	CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"`
@@ -95,6 +97,14 @@ type WebAuthnCredentialList []*WebAuthnCredential
 func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential {
 	creds := make([]webauthn.Credential, 0, len(list))
 	for _, cred := range list {
+		var flags webauthn.CredentialFlags
+		if cred.CredentialFlags != "" {
+			err := json.Unmarshal([]byte(cred.CredentialFlags), &flags)
+			if err != nil {
+				log.Error("Failed to unmarshal CredentialFlags, webauthn credential id:%d, err:%v", cred.ID, err)
+				continue
+			}
+		}
 		creds = append(creds, webauthn.Credential{
 			ID:              cred.CredentialID,
 			PublicKey:       cred.PublicKey,
@@ -104,12 +114,7 @@ func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential {
 				SignCount:    cred.SignCount,
 				CloneWarning: cred.CloneWarning,
 			},
-			Flags: webauthn.CredentialFlags{
-				UserPresent:    cred.Flags.HasUserPresent(),
-				UserVerified:   cred.Flags.HasUserVerified(),
-				BackupEligible: cred.Flags.HasBackupEligible(),
-				BackupState:    cred.Flags.HasBackupState(),
-			},
+			Flags: flags,
 		})
 	}
 	return creds
@@ -179,14 +184,18 @@ func CreateCredential(ctx context.Context, userID int64, name string, cred *weba
 	if cred.Flags.BackupState {
 		flags |= protocol.FlagBackupState
 	}
+	flagsJSON, err := json.Marshal(cred.Flags)
+	if err != nil {
+		return nil, err
+	}
 	c := &WebAuthnCredential{
 		UserID:          userID,
 		Name:            name,
 		CredentialID:    cred.ID,
 		PublicKey:       cred.PublicKey,
 		AttestationType: cred.AttestationType,
 		AAGUID:          cred.Authenticator.AAGUID,
-		Flags:           flags,
+		CredentialFlags: string(flagsJSON),
 		SignCount:       cred.Authenticator.SignCount,
 		CloneWarning:    false,
 	}

models/migrations/v1_23/v310.go

@@ -4,12 +4,14 @@
 package v1_23 //nolint
 
 import (
-	"github.com/go-webauthn/webauthn/protocol"
+	"code.gitea.io/gitea/modules/json"
+
+	"github.com/go-webauthn/webauthn/webauthn"
 	"xorm.io/xorm"
 )
 
 type WebAuthnCredential struct {
-	Flags protocol.AuthenticatorFlags
+	CredentialFlags string `xorm:"TEXT DEFAULT ''"`
 }
 
 func (cred WebAuthnCredential) TableName() string {
@@ -20,6 +22,14 @@ func AddFlagsOnWebAuthnCredential(x *xorm.Engine) error {
 	if err := x.Sync(new(WebAuthnCredential)); err != nil {
 		return err
 	}
-	_, err := x.Exec("UPDATE webauthn_credential SET flags = 29 WHERE id > 0")
+
+	defaultCredentialFlags := webauthn.CredentialFlags{
+		BackupEligible: true,
+	}
+	defaultCredentialFlagsJSON, err := json.Marshal(defaultCredentialFlags)
+	if err != nil {
+		return err
+	}
+	_, err = x.Exec("UPDATE webauthn_credential SET credential_flags = ? WHERE credential_flags = '' OR credential_flags IS NULL", string(defaultCredentialFlagsJSON))
 	return err
 }