Webauthn issues - Githubissues

Aeris1One commented 2 years ago

Describe the bug

Sur la v1.22.2~ynh1, j'ai exactement les problèmes qui ont été fix sur la v1.22.2 en rapport avec Webauthn (J'avais déjà une clé enregistrée en FIDO avant la mise à jour, aprés la mise à jour j'ai eu l'erreur https://github.com/dani-garcia/vaultwarden/issues/1840, en la supprimant pour la recréer j'ai eu https://github.com/dani-garcia/vaultwarden/issues/1803)

J'ai dû passer directement de la v1.21 à la v1.22.2~ynh1 parce que j'ai pas pensé à vérifier mes mises à jour.

Ils sont censé avoir été fix dans cette PR : https://github.com/dani-garcia/vaultwarden/pull/1869 pourtant pas sur la version Yunohost.

Context

Hardware: VPS
YunoHost version: v4.2.7
I have access to my server: SSH, webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: No
Using, or trying to install package version/branch: master

Steps to reproduce

Mettre à jour vers la v1.22.2~ynh1
Essayer d'ajouter une clé FIDO (perso j'ai une solo, je pense que c'est reproducible avec un téléphone utilisé comme clé Webauthn)
Impossible d'ajouter la clé
Si vous aviez déjà une clé ajoutée avant l'installation, elle ne fonctionne plus pour se connecter

Logs

Page diagnostic de l'admin Vaultwarden (quoique ça doit être la même pour toutes les installs yunohost)

### Your environment (Generated via diagnostics page) * Vaultwarden version: v * Web-vault version: v2.21.1 * Running within Docker: false * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.*****-***.**/", "domain_origin": "*****://*****.*****-***.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/var/log/vaultwarden/vaultwarden.log", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "***********-**@*****.*****-***.**", "smtp_from_name": "vaultwarden", "smtp_host": "***.*.*.*", "smtp_password": null, "smtp_port": 25, "smtp_ssl": false, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "127.0.0.1", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ```

La requête qui fail quand on ajoute une clé

` XHR PUT https://vault.aeris-one.fr/api/two-factor/webauthn [HTTP/2 400 Bad Request 235ms] PUT https://vault.mondomaine.fr/api/two-factor/webauthn État : 400 Bad Request Version : HTTP/2 Transfert : 1,32 Ko (taille 243 o) Politique de référent: same-origin access-control-allow-origin https://vault.mondomaine.fr cache-control no-cache, no-store, max-age=0 content-length 243 content-security-policy upgrade-insecure-requests content-security-policy-report-only default-src https: data: 'unsafe-inline' 'unsafe-eval' content-type application/json date Thu, 12 Aug 2021 10:22:23 GMT feature-policy accelerometer \'none\'; ambient-light-sensor \'none\'; autoplay \'none\'; camera \'none\'; encrypted-media \'none\'; fullscreen \'none\'; geolocation \'none\'; gyroscope \'none\'; magnetometer \'none\'; microphone \'none\'; midi \'none\'; payment \'none\'; picture-in-picture \'none\'; sync-xhr \'self\' https://haveibeenpwned.com https://2fa.directory; usb \'none\'; vr \'none\' permissions-policy interest-cohort=() referrer-policy same-origin server nginx strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-download-options noopen X-Firefox-Spdy h2 x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-sso-wat You've just been SSOed Accept application/json Accept-Encoding gzip, deflate, br Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 authorization Bearer azertyuiopqsdfghjklmwxcvbn Cache-Control no-cache Connection keep-alive Content-Length 880 content-type application/json; charset=utf-8 Cookie SSOwAuthUser=aeris; SSOwAuthHash=azertyuiop; SSOwAuthExpire=1629367432.22 device-type 10 Host vault.mondomaine.fr Origin https://vault.mondomaine.fr Pragma no-cache Referer https://vault.mondomaine.fr/ Sec-Fetch-Dest empty Sec-Fetch-Mode cors Sec-Fetch-Site same-origin TE trailers User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 `

Tagadda commented 10 months ago

@Aeris1One Est-ce toujours valable ?

Aeris1One commented 10 months ago

Je n'utilise plus Vaultwarden ni Yunohost donc je ne sais pas vraiment

YunoHost-Apps / vaultwarden_ynh

Webauthn issues #151

Describe the bug

Context

Steps to reproduce

Logs