|
|
@@ -465,11 +465,18 @@ if (isset($_GET['query'])) {
|
|
|
// webauthn two factor authentication
|
|
|
case "webauthn-tfa-registration":
|
|
|
if (isset($_SESSION["mailcow_cc_role"])) {
|
|
|
+ // Exclude existing CredentialIds, if any
|
|
|
+ $stmt = $pdo->prepare("SELECT `keyHandle` FROM `tfa` WHERE username = :username");
|
|
|
+ $stmt->execute(array(':username' => $_SESSION['mailcow_cc_username']));
|
|
|
+ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
+ while($row = array_shift($rows)) {
|
|
|
+ $excludeCredentialIds[] = base64_decode($row['keyHandle']);
|
|
|
+ }
|
|
|
// getCreateArgs($userId, $userName, $userDisplayName, $timeout=20, $requireResidentKey=false, $requireUserVerification=false, $crossPlatformAttachment=null, $excludeCredentialIds=array())
|
|
|
// cross-platform: true, if type internal is not allowed
|
|
|
// false, if only internal is allowed
|
|
|
// null, if internal and cross-platform is allowed
|
|
|
- $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, false, $GLOBALS['WEBAUTHN_UV_FLAG_REGISTER'], null);
|
|
|
+ $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, false, $GLOBALS['WEBAUTHN_UV_FLAG_REGISTER'], null, $excludeCredentialIds);
|
|
|
|
|
|
print(json_encode($createArgs));
|
|
|
$_SESSION['challenge'] = $WebAuthn->getChallenge();
|
FreddleSpl0it