[Web] Some fido2 fixes, table view for fido2 keys, fix renaming keys with the same subject

data/web/admin.php

@@ -71,7 +71,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
           <div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['tfa'];?>:</div>
           <div class="col-sm-9 col-xs-7">
             <p id="tfa_pretty"><?=$tfa_data['pretty'];?></p>
-              <div id="tfa_additional">
+              <div id="tfa_keys">
                 <?php
                 if (!empty($tfa_data['additional'])) {
                   foreach ($tfa_data['additional'] as $key_info) {
@@ -112,30 +112,35 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
         <div class="row">
           <div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['known_ids'];?>:</div>
           <div class="col-sm-9 col-xs-7">
-              <div id="tfa_additional">
+              <div class="table-responsive">
+              <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+                <tr>
+                  <th>ID</th>
+                  <th style="min-width:240px;text-align: right"><?=$lang['admin']['action'];?></th>
+                </tr>
                 <?php
                 if (!empty($fido2_data)) {
                   foreach ($fido2_data as $key_info) {
                 ?>
-                <form style="display:inline;" method="post">
-                  <input type="hidden" name="unset_fido2_key" value="<?=$key_info['subject'];?>" />
-                  <p><div data-toggle="tooltip" data-placement="top" title="<?=$key_info['subject'];?>" class="label label-keys label-<?=($_SESSION['fido2_subject'] == $key_info['subject']) ? 'success' : 'default'; ?>">
-                    <?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
-                    <a href="#" class="key-action" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";'>
-                      [<?=strtolower($lang['admin']['remove']);?>]
-                    </a>
-                    <a href="#" class="key-action" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn">
-                      [<?=strtolower($lang['fido2']['rename']);?>]
-                    </a>
-                  </div></p>
-                </form>
+                <tr>
+                  <td>
+                    <?=($_SESSION['fido2_cid'] == $key_info['cid']) ? '→ ' : NULL; ?><?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
+                  </td>
+                  <td style="min-width:240px;text-align: right">
+                    <form style="display:inline;" method="post">
+                    <input type="hidden" name="unset_fido2_key" value="<?=$key_info['cid'];?>" />
+                    <div class="btn-group">
+                    <a href="#" class="btn btn-xs btn-default" data-cid="<?=$key_info['cid'];?>" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn"><span class="glyphicon glyphicon-pencil"></span> <?=strtolower($lang['fido2']['rename']);?></a>
+                    <a href="#" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";' class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=strtolower($lang['admin']['remove']);?></a>
+                    </form>
+                    </div>
+                  </td>
+                </tr>
                 <?php
                   }
                 }
-                else {
-                  echo "-";
-                }
                 ?>
+              </table>
               </div>
               <br>
           </div>

data/web/inc/functions.inc.php

@@ -1037,11 +1037,11 @@ function fido2($_data) {
       }
       return $cids;
 		break;
-    case "get_pub_key":
+    case "get_by_b64cid":
       if (!isset($_data['cid']) || empty($_data['cid'])) {
         return false;
       }
-      $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
+      $stmt = $pdo->prepare("SELECT `certificateSubject`, `username`, `credentialPublicKey`, SHA2(`credentialId`, 256) AS `cid` FROM `fido2` WHERE TO_BASE64(`credentialId`) = :cid");
       $stmt->execute(array(':cid' => $_data['cid']));
       $row = $stmt->fetch(PDO::FETCH_ASSOC);
       if (empty($row) || empty($row['credentialPublicKey']) || empty($row['username'])) {
@@ -1049,7 +1049,8 @@ function fido2($_data) {
       }
       $data['pub_key'] = $row['credentialPublicKey'];
       $data['username'] = $row['username'];
-      $data['key_id'] = $row['certificateSubject'];
+      $data['subject'] = $row['certificateSubject'];
+      $data['cid'] = $row['cid'];
       return $data;
 		break;
 		case "get_friendly_names":
@@ -1058,11 +1059,15 @@ function fido2($_data) {
         $_SESSION['mailcow_cc_role'] != "admin") {
           return false;
       }
-      $stmt = $pdo->prepare("SELECT `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
+      $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
       $stmt->execute(array(':username' => $username));
       $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
       while($row = array_shift($rows)) {
-        $fns[] = array("subject" => $row['certificateSubject'], "fn" => $row['friendlyName']);
+        $fns[] = array(
+          "subject" => $row['certificateSubject'],
+          "fn" => $row['friendlyName'],
+          "cid" => $row['cid']
+        );
       }
       return $fns;
 		break;
@@ -1077,8 +1082,11 @@ function fido2($_data) {
           );
           return false;
       }
-      $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND `certificateSubject` = :certificateSubject");
-      $stmt->execute(array(':username' => $username, ':certificateSubject' => $_data['post_data']['unset_fido2_key']));
+      $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username AND SHA2(`credentialId`, 256) = :cid");
+      $stmt->execute(array(
+        ':username' => $username,
+        ':cid' => $_data['post_data']['unset_fido2_key']
+      ));
 			$_SESSION['return'][] =  array(
 				'type' => 'success',
         'log' => array(__FUNCTION__, $_data_log),
@@ -1096,11 +1104,11 @@ function fido2($_data) {
           );
           return false;
       }
-      $stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE `certificateSubject` = :certificateSubject AND `username` = :username");
+      $stmt = $pdo->prepare("UPDATE `fido2` SET `friendlyName` = :friendlyName WHERE SHA2(`credentialId`, 256) = :cid AND `username` = :username");
       $stmt->execute(array(
         ':username' => $username,
         ':friendlyName' => $_data['fido2_attrs']['fido2_fn'],
-        ':certificateSubject' => base64_decode($_data['fido2_attrs']['fido2_subject'])
+        ':cid' => $_data['fido2_attrs']['fido2_cid']
       ));
 			$_SESSION['return'][] =  array(
 				'type' => 'success',

data/web/js/site/admin.js

@@ -457,7 +457,7 @@ jQuery(function($){
   $('#fido2ChangeFn').on('show.bs.modal', function (e) {
     rename_link = $(e.relatedTarget)
     if (rename_link != null) {
-      $('#fido2_subject').val(rename_link.data('subject'));
+      $('#fido2_cid').val(rename_link.data('cid'));
       $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
     }
   })

data/web/js/site/user.js

@@ -296,6 +296,15 @@ jQuery(function($){
   draw_wl_policy_mailbox_table();
   draw_bl_policy_mailbox_table();
 
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+
   // Sieve data modal
   $('#userFilterModal').on('show.bs.modal', function(e) {
     $('#user_sieve_filter').text(lang.loading);

data/web/json_api.php

@@ -277,7 +277,7 @@ if (isset($_GET['query'])) {
           $signature = base64_decode($post->signature);
           $id = base64_decode($post->id);
           $challenge = $_SESSION['challenge'];
-          $process_fido2 = fido2(array("action" => "get_pub_key", "cid" => $post->id));
+          $process_fido2 = fido2(array("action" => "get_by_b64cid", "cid" => $post->id));
           if ($process_fido2['pub_key'] === false) {
             $return = new stdClass();
             $return->success = false;
@@ -296,7 +296,6 @@ if (isset($_GET['query'])) {
           }
           $return = new stdClass();
           $return->success = true;
-          $_SESSION["fido2_subject"] = $process_fido2['key_id'];
           $stmt = $pdo->prepare("SELECT `superadmin` FROM `admin` WHERE `username` = :username");
           $stmt->execute(array(':username' => $process_fido2['username']));
           $obj_props = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -307,6 +306,7 @@ if (isset($_GET['query'])) {
             $_SESSION["mailcow_cc_role"] = "domainadmin";
           }
           $_SESSION["mailcow_cc_username"] = $process_fido2['username'];
+          $_SESSION["fido2_cid"] = $process_fido2['cid'];
           $_SESSION['return'][] =  array(
             'type' => 'success',
             'log' => array("fido2_login"),

data/web/modals/admin.php

@@ -111,11 +111,11 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
         <h3 class="modal-title"><?=$lang['fido2']['set_fn'];?></h3>
-        <p class="help-block" id="fido2_subject_desc" data-fido2-subject=""></p>
+        <p class="help-block" style="word-break:break-all" id="fido2_subject_desc" data-fido2-subject=""></p>
       </div>
       <div class="modal-body">
         <form class="form-horizontal" data-cached-form="false" data-id="fido2ChangeFn" role="form" method="post" autocomplete="off">
-          <input type="hidden" class="form-control" name="fido2_subject" id="fido2_subject">
+          <input type="hidden" class="form-control" name="fido2_cid" id="fido2_cid">
           <div class="form-group">
             <label class="control-label col-sm-4" for="fido2_fn"><?=$lang['fido2']['fn'];?>:</label>
             <div class="col-sm-8">

data/web/modals/user.php

@@ -11,11 +11,11 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
         <h3 class="modal-title"><?=$lang['fido2']['set_fn'];?></h3>
-        <p class="help-block" id="fido2_subject_desc" data-fido2-subject=""></p>
+        <p class="help-block" style="word-break:break-all" id="fido2_subject_desc" data-fido2-subject=""></p>
       </div>
       <div class="modal-body">
         <form class="form-horizontal" data-cached-form="false" data-id="fido2ChangeFn" role="form" method="post" autocomplete="off">
-          <input type="hidden" class="form-control" name="fido2_subject" id="fido2_subject">
+          <input type="hidden" class="form-control" name="fido2_cid" id="fido2_cid">
           <div class="form-group">
             <label class="control-label col-sm-4" for="fido2_fn"><?=$lang['fido2']['fn'];?>:</label>
             <div class="col-sm-8">

data/web/user.php

@@ -41,7 +41,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
       <div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['tfa'];?></div>
         <div class="col-sm-9 col-xs-7">
           <p id="tfa_pretty"><?=$tfa_data['pretty'];?></p>
-            <div id="tfa_additional">
+            <table id="tfa_keys">
               <?php if (!empty($tfa_data['additional'])):
               foreach ($tfa_data['additional'] as $key_info): ?>
                 <form style="display:inline;" method="post">
@@ -50,7 +50,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
               </form>
               <?php endforeach;
               endif;?>
-            </div>
+            </table>
             <br />
         </div>
     </div>
@@ -66,56 +66,61 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
       </div>
     </div>
 
-        <? // FIDO2 ?>
-        <legend style="margin-top:20px">
-        <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" style="margin-bottom: -5px;">
-          <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"/>
-        </svg>
-        <?=$lang['fido2']['fido2_auth'];?></legend>
-        <div class="row">
-          <div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['known_ids'];?>:</div>
-          <div class="col-sm-9 col-xs-7">
-              <div id="tfa_additional">
-                <?php
-                if (!empty($fido2_data)) {
-                  foreach ($fido2_data as $key_info) {
-                ?>
+    <? // FIDO2 ?>
+    <legend style="margin-top:20px">
+    <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" style="margin-bottom: -5px;">
+      <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"/>
+    </svg>
+    <?=$lang['fido2']['fido2_auth'];?></legend>
+    <div class="row">
+      <div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['known_ids'];?>:</div>
+      <div class="col-sm-9 col-xs-7">
+          <div class="table-responsive">
+          <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+            <tr>
+              <th>ID</th>
+              <th style="min-width:240px;text-align: right"><?=$lang['admin']['action'];?></th>
+            </tr>
+            <?php
+            if (!empty($fido2_data)) {
+              foreach ($fido2_data as $key_info) {
+            ?>
+            <tr>
+              <td>
+                <?=($_SESSION['fido2_cid'] == $key_info['cid']) ? '→ ' : NULL; ?><?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
+              </td>
+              <td style="min-width:240px;text-align: right">
                 <form style="display:inline;" method="post">
-                  <input type="hidden" name="unset_fido2_key" value="<?=$key_info['subject'];?>" />
-                  <div data-toggle="tooltip" data-placement="top" title="<?=$key_info['subject'];?>" class="label label-keys label-<?=($_SESSION['fido2_subject'] == $key_info['subject']) ? 'success' : 'default'; ?>">
-                    <?=(!empty($key_info['fn']))?$key_info['fn']:$key_info['subject'];?>
-                    <a href="#" class="key-action" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";'>
-                      [<?=strtolower($lang['admin']['remove']);?>]
-                    </a>
-                    <a href="#" class="key-action" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn">
-                      [<?=strtolower($lang['fido2']['rename']);?>]
-                    </a>
-                  </div>
+                <input type="hidden" name="unset_fido2_key" value="<?=$key_info['cid'];?>" />
+                <div class="btn-group">
+                <a href="#" class="btn btn-xs btn-default" data-cid="<?=$key_info['cid'];?>" data-subject="<?=base64_encode($key_info['subject']);?>" data-toggle="modal" data-target="#fido2ChangeFn"><span class="glyphicon glyphicon-pencil"></span> <?=strtolower($lang['fido2']['rename']);?></a>
+                <a href="#" onClick='return confirm("<?=$lang['admin']['ays'];?>")?$(this).closest("form").submit():"";' class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=strtolower($lang['admin']['remove']);?></a>
                 </form>
-                <?php
-                  }
-                }
-                else {
-                  echo "-";
-                }
-                ?>
-              </div>
-              <br>
-          </div>
-        </div>
-        <div class="row">
-          <div class="col-sm-offset-3 col-sm-9">
-            <button class="btn btn-sm btn-primary" id="register-fido2"><?=$lang['fido2']['set_fido2'];?></button>
-          </div>
-        </div>
-        <br>
-        <div class="row" id="status-fido2">
-          <div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['register_status'];?>:</div>
-          <div class="col-sm-9 col-xs-7">
-            <div id="fido2-alerts">-</div>
+                </div>
+              </td>
+            </tr>
+            <?php
+              }
+            }
+            ?>
+          </table>
           </div>
           <br>
-        </div>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-sm-offset-3 col-sm-9">
+        <button class="btn btn-sm btn-primary" id="register-fido2"><?=$lang['fido2']['set_fido2'];?></button>
+      </div>
+    </div>
+    <br>
+    <div class="row" id="status-fido2">
+      <div class="col-sm-3 col-xs-5 text-right"><?=$lang['fido2']['register_status'];?>:</div>
+      <div class="col-sm-9 col-xs-7">
+        <div id="fido2-alerts">-</div>
+      </div>
+      <br>
+    </div>
 
   </div>
   </div>