search

simplesamlphp / simplesamlphp-module-webauthn

A module implementing FIDO2 / WebAuthn as a second authentication factor
GNU Lesser General Public License v2.1
15 stars 8 forks source link

Twig Runtime Error: Variable "delURL" does not exist #58

Closed libregeek closed 11 months ago

libregeek commented 11 months ago

Installed and configured the webauthn module from the master branch and the following error occurred when trying for two-factor authentication:

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
2 src/SimpleSAML/Error/ExceptionHandler.php:32 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler)
1 vendor/symfony/error-handler/ErrorHandler.php:541 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: SimpleSAML\Error\Exception: Variable "delURL" does not exist in webauthn:webauthn.twig
Backtrace:
2 src/SimpleSAML/XHTML/Template.php:548 (SimpleSAML\XHTML\Template::getContents)
1 src/SimpleSAML/XHTML/Template.php:561 (SimpleSAML\XHTML\Template::send)
0 public/module.php:24 (N/A)
Caused by: Twig\Error\RuntimeError: Variable "delURL" does not exist.
Backtrace:
16 modules/webauthn/templates/webauthn.twig:19 (__TwigTemplate_2609d2d467762daa36c999e71c128437::{closure})
15 vendor/twig/twig/src/Environment.php(361) : eval()'d code:132 (__TwigTemplate_2609d2d467762daa36c999e71c128437::block_content)
14 vendor/twig/twig/src/Template.php:171 (Twig\Template::displayBlock)
13 vendor/twig/twig/src/Environment.php(361) : eval()'d code:144 (__TwigTemplate_cd98cc88b2893670a5413a4dd6020bed::block_contentwrapper)
12 vendor/twig/twig/src/Template.php:171 (Twig\Template::displayBlock)
11 vendor/twig/twig/src/Environment.php(361) : eval()'d code:96 (__TwigTemplate_cd98cc88b2893670a5413a4dd6020bed::doDisplay)
10 vendor/twig/twig/src/Template.php:394 (Twig\Template::displayWithErrorHandling)
9 vendor/twig/twig/src/Template.php:367 (Twig\Template::display)
8 vendor/twig/twig/src/Environment.php(361) : eval()'d code:46 (__TwigTemplate_2609d2d467762daa36c999e71c128437::doDisplay)
7 vendor/twig/twig/src/Template.php:394 (Twig\Template::displayWithErrorHandling)
6 vendor/twig/twig/src/Template.php:367 (Twig\Template::display)
5 vendor/twig/twig/src/Template.php:379 (Twig\Template::render)
4 vendor/twig/twig/src/TemplateWrapper.php:40 (Twig\TemplateWrapper::render)
3 vendor/twig/twig/src/Environment.php:280 (Twig\Environment::render)
2 src/SimpleSAML/XHTML/Template.php:546 (SimpleSAML\XHTML\Template::getContents)
1 src/SimpleSAML/XHTML/Template.php:561 (SimpleSAML\XHTML\Template::send)
0 public/module.php:24 (N/A)
restena-sw commented 11 months ago

How does your configuration look like - especially: do you use the separate registration page or inline?

libregeek commented 11 months ago

I used the default behaviour in the Webauthn plugin. Here are my configurations:

config/module_webauthn.php

use SimpleSAML\Module\webauthn\WebAuthn\WebAuthnRegistrationEvent;
$config = [
    /* Enable/disable Debug made */
     'debug' => false,

     /* required configuration parameters */
     'store' => [
         'webauthn:Database',
         'database.dsn' => 'mysql:host=localhost;port=3306;dbname=simplesaml',
         'database.username' => 'root',
         'database.password' => 'xxxxxxxx',
    ],
'identifyingAttribute' => 'uid',
'attrib_displayname' => 'urn:oid:2.5.4.3',
'scope' => 'example.net',

config/config.php

10 => array(
            'class' => 'webauthn:WebAuthn',
             //'%precondition' => 'return $state["mfa_option"] === "webauthn";',
            //'%precondition' => 'return false;',
            'default_enable' => true,
            'use_database' => true,
            //'force' => true,
            'attrib_toggle' => 'toggle'
   ),
restena-sw commented 11 months ago

In your paste, the part of config/modules_webauthn.php misses the entire array 'registration'? Is it like that in the actual config?

Particularly the entry 'registration' -> 'use_inflow_registration' is the interesting one.

libregeek commented 11 months ago

I didn't change anything else other than the above. The rest are basically the default config from the dist file.

'policy_2fa' => [
'minimum_certification_level' => WebAuthnRegistrationEvent::CERTIFICATION_NOT_REQUIRED,
'aaguid_whitelist' => [ ],
'attestation_format_whitelist' => [ ],
 ],
'use_inflow_registration' => true,
'auth_source' => 'default-sp'
restena-sw commented 11 months ago

Does the same error occur when you set use_inflow_registration to false?

libregeek commented 11 months ago

No. there is no error when use_inflow_registration is false

restena-sw commented 11 months ago

Okay, that makes it a pretty clear bug for the (less tested) inflow registration. I can look at this closer next week.

libregeek commented 11 months ago

For the time being, I did a blind workaround by initializing the delURL variable in the Controller/Webauthn.php:

$t->data['delURL'] = "";

restena-sw commented 11 months ago

I just pushed a candidate fix to master. Please confirm if this fixes the issue for you.

libregeek commented 11 months ago

I tested this with use_inflow_registration = true and no more error messages. Thanks

restena-sw commented 11 months ago

Thanks for confirming!