store flags to database

Author: hiifong

models/auth/webauthn.go

@@ -11,6 +11,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
+	"github.com/go-webauthn/webauthn/protocol"
 
 	"github.com/go-webauthn/webauthn/webauthn"
 )
@@ -50,6 +51,7 @@ type WebAuthnCredential struct {
 	PublicKey       []byte
 	AttestationType string
 	AAGUID          []byte
+	Flags           protocol.AuthenticatorFlags
 	SignCount       uint32 `xorm:"BIGINT"`
 	CloneWarning    bool
 	CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"`
@@ -103,7 +105,10 @@ func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential {
 				CloneWarning: cred.CloneWarning,
 			},
 			Flags: webauthn.CredentialFlags{
-				BackupEligible: true,
+				UserPresent:    cred.Flags.HasUserPresent(),
+				UserVerified:   cred.Flags.HasUserVerified(),
+				BackupEligible: cred.Flags.HasBackupEligible(),
+				BackupState:    cred.Flags.HasBackupState(),
 			},
 		})
 	}
@@ -161,13 +166,27 @@ func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []b
 
 // CreateCredential will create a new WebAuthnCredential from the given Credential
 func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error) {
+	var flags protocol.AuthenticatorFlags
+	if cred.Flags.UserPresent {
+		flags |= protocol.FlagUserPresent
+	}
+	if cred.Flags.UserVerified {
+		flags |= protocol.FlagUserVerified
+	}
+	if cred.Flags.BackupEligible {
+		flags |= protocol.FlagBackupEligible
+	}
+	if cred.Flags.BackupState {
+		flags |= protocol.FlagBackupState
+	}
 	c := &WebAuthnCredential{
 		UserID:          userID,
 		Name:            name,
 		CredentialID:    cred.ID,
 		PublicKey:       cred.PublicKey,
 		AttestationType: cred.AttestationType,
 		AAGUID:          cred.Authenticator.AAGUID,
+		Flags:           flags,
 		SignCount:       cred.Authenticator.SignCount,
 		CloneWarning:    false,
 	}

models/migrations/migrations.go

@@ -367,6 +367,7 @@ func prepareMigrationTasks() []*migration {
 		newMigration(307, "Fix milestone deadline_unix when there is no due date", v1_23.FixMilestoneNoDueDate),
 		newMigration(308, "Add index(user_id, is_deleted) for action table", v1_23.AddNewIndexForUserDashboard),
 		newMigration(309, "Improve Notification table indices", v1_23.ImproveNotificationTableIndices),
+		newMigration(310, "Add flags on table webauthn_credential", v1_23.AddFlagsOnWebAuthnCredential),
 	}
 	return preparedMigrations
 }

models/migrations/v1_23/v310.go

@@ -0,0 +1,20 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_23 //nolint
+
+import (
+	"github.com/go-webauthn/webauthn/protocol"
+	"xorm.io/xorm"
+)
+
+func AddFlagsOnWebAuthnCredential(x *xorm.Engine) error {
+	type WebAuthnCredential struct {
+		Flags protocol.AuthenticatorFlags
+	}
+	if err := x.Sync(new(WebAuthnCredential)); err != nil {
+		return err
+	}
+	_, err := x.Exec("UPDATE webauthn_credential SET flags = 29")
+	return err
+}