From 91a15a594cc901900c13ab821d9d1727b8720c50 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 08:03:03 +0000 Subject: [PATCH] fix(deps): update rust crate sqlx to 0.8 [security] (v1) (#1687) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: FabianLars Committed via a GitHub action: https://github.com/tauri-apps/plugins-workspace/actions/runs/10678936672 Co-authored-by: FabianLars --- README.md | 252 +++++++++++++++++++------------------- src/u2f_crate/messages.rs | 109 +++++++++-------- 2 files changed, 181 insertions(+), 180 deletions(-) diff --git a/README.md b/README.md index 43f3ee3..6095a5a 100644 --- a/README.md +++ b/README.md @@ -1,126 +1,126 @@ -![plugin-authenticator](https://github.com/tauri-apps/plugins-workspace/raw/v1/plugins/authenticator/banner.png) - -Use hardware security-keys in your Tauri App. - -## Install - -_This plugin requires a Rust version of at least **1.64**_ - -There are three general methods of installation that we can recommend. - -1. Use crates.io and npm (easiest and requires you to trust that our publishing pipeline worked) -2. Pull sources directly from Github using git tags / revision hashes (most secure) -3. Git submodule install this repo in your tauri project and then use the file protocol to ingest the source (most secure, but inconvenient to use) - -Install the authenticator plugin by adding the following lines to your `Cargo.toml` file: - -`src-tauri/Cargo.toml` - -```toml -[dependencies] -tauri-plugin-authenticator = "0.1" -# or through git -tauri-plugin-authenticator = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "v1" } -``` - -You can install the JavaScript Guest bindings using your preferred JavaScript package manager: - -> Note: Since most JavaScript package managers are unable to install packages from git monorepos we provide read-only mirrors of each plugin. This makes installation option 2 more ergonomic to use. - -```sh -pnpm add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 -# or -npm add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 -# or -yarn add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 -``` - -## Usage - -First, you need to register the authenticator plugin with Tauri: - -`src-tauri/src/main.rs` - -```rust -fn main() { - tauri::Builder::default() - .plugin(tauri_plugin_authenticator::init()) - .run(tauri::generate_context!()) - .expect("error while running tauri application"); -} -``` - -Afterwards, all the plugin's APIs are available through the JavaScript guest bindings: - -```javascript -import { Authenticator } from "tauri-plugin-authenticator-api"; - -const auth = new Authenticator(); -auth.init(); // initialize transports - -// generate a 32-bytes long random challenge -const arr = new Uint32Array(32); -window.crypto.getRandomValues(arr); -const b64 = btoa(String.fromCharCode.apply(null, arr)); -// web-safe base64 -const challenge = b64.replace(/\+/g, "-").replace(/\//g, "_"); - -const domain = "https://tauri.app"; - -// attempt to register with the security key -const json = await auth.register(challenge, domain); -const registerResult = JSON.parse(json); - -// verify the registration was successful -const r2 = await auth.verifyRegistration( - challenge, - app, - registerResult.registerData, - registerResult.clientData, -); -const j2 = JSON.parse(r2); - -// sign some data -const json = await auth.sign(challenge, app, keyHandle); -const signData = JSON.parse(json); - -// verify the signature again -const counter = await auth.verifySignature( - challenge, - app, - signData.signData, - clientData, - keyHandle, - pubkey, -); - -if (counter && counter > 0) { - console.log("SUCCESS!"); -} -``` - -## Contributing - -PRs accepted. Please make sure to read the Contributing Guide before making a pull request. - -## Partners - - - - - - - -
- - CrabNebula - -
- -For the complete list of sponsors please visit our [website](https://tauri.app#sponsors) and [Open Collective](https://opencollective.com/tauri). - -## License - -Code: (c) 2015 - Present - The Tauri Programme within The Commons Conservancy. - -MIT or MIT/Apache 2.0 where applicable. +![plugin-authenticator](https://github.com/tauri-apps/plugins-workspace/raw/v1/plugins/authenticator/banner.png) + +Use hardware security-keys in your Tauri App. + +## Install + +_This plugin requires a Rust version of at least **1.67**_ + +There are three general methods of installation that we can recommend. + +1. Use crates.io and npm (easiest and requires you to trust that our publishing pipeline worked) +2. Pull sources directly from Github using git tags / revision hashes (most secure) +3. Git submodule install this repo in your tauri project and then use the file protocol to ingest the source (most secure, but inconvenient to use) + +Install the authenticator plugin by adding the following lines to your `Cargo.toml` file: + +`src-tauri/Cargo.toml` + +```toml +[dependencies] +tauri-plugin-authenticator = "0.1" +# or through git +tauri-plugin-authenticator = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "v1" } +``` + +You can install the JavaScript Guest bindings using your preferred JavaScript package manager: + +> Note: Since most JavaScript package managers are unable to install packages from git monorepos we provide read-only mirrors of each plugin. This makes installation option 2 more ergonomic to use. + +```sh +pnpm add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 +# or +npm add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 +# or +yarn add https://github.com/tauri-apps/tauri-plugin-authenticator#v1 +``` + +## Usage + +First, you need to register the authenticator plugin with Tauri: + +`src-tauri/src/main.rs` + +```rust +fn main() { + tauri::Builder::default() + .plugin(tauri_plugin_authenticator::init()) + .run(tauri::generate_context!()) + .expect("error while running tauri application"); +} +``` + +Afterwards, all the plugin's APIs are available through the JavaScript guest bindings: + +```javascript +import { Authenticator } from "tauri-plugin-authenticator-api"; + +const auth = new Authenticator(); +auth.init(); // initialize transports + +// generate a 32-bytes long random challenge +const arr = new Uint32Array(32); +window.crypto.getRandomValues(arr); +const b64 = btoa(String.fromCharCode.apply(null, arr)); +// web-safe base64 +const challenge = b64.replace(/\+/g, "-").replace(/\//g, "_"); + +const domain = "https://tauri.app"; + +// attempt to register with the security key +const json = await auth.register(challenge, domain); +const registerResult = JSON.parse(json); + +// verify the registration was successful +const r2 = await auth.verifyRegistration( + challenge, + app, + registerResult.registerData, + registerResult.clientData, +); +const j2 = JSON.parse(r2); + +// sign some data +const json = await auth.sign(challenge, app, keyHandle); +const signData = JSON.parse(json); + +// verify the signature again +const counter = await auth.verifySignature( + challenge, + app, + signData.signData, + clientData, + keyHandle, + pubkey, +); + +if (counter && counter > 0) { + console.log("SUCCESS!"); +} +``` + +## Contributing + +PRs accepted. Please make sure to read the Contributing Guide before making a pull request. + +## Partners + + + + + + + +
+ + CrabNebula + +
+ +For the complete list of sponsors please visit our [website](https://tauri.app#sponsors) and [Open Collective](https://opencollective.com/tauri). + +## License + +Code: (c) 2015 - Present - The Tauri Programme within The Commons Conservancy. + +MIT or MIT/Apache 2.0 where applicable. diff --git a/src/u2f_crate/messages.rs b/src/u2f_crate/messages.rs index 6146c83..8e0cea7 100644 --- a/src/u2f_crate/messages.rs +++ b/src/u2f_crate/messages.rs @@ -1,54 +1,55 @@ -// Copyright 2021 Flavio Oliveira -// SPDX-License-Identifier: Apache-2.0 -// SPDX-License-Identifier: MIT - -// As defined by FIDO U2F Javascript API. -// https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#registration - -use serde::{Deserialize, Serialize}; - -#[derive(Serialize)] -#[serde(rename_all = "camelCase")] -pub struct U2fRegisterRequest { - pub app_id: String, - pub register_requests: Vec, - pub registered_keys: Vec, -} - -#[derive(Serialize)] -pub struct RegisterRequest { - pub version: String, - pub challenge: String, -} - -#[derive(Serialize)] -#[serde(rename_all = "camelCase")] -pub struct RegisteredKey { - pub version: String, - pub key_handle: Option, - pub app_id: String, -} - -#[derive(Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct RegisterResponse { - pub registration_data: String, - pub version: String, - pub client_data: String, -} - -#[derive(Serialize)] -#[serde(rename_all = "camelCase")] -pub struct U2fSignRequest { - pub app_id: String, - pub challenge: String, - pub registered_keys: Vec, -} - -#[derive(Clone, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct SignResponse { - pub key_handle: String, - pub signature_data: String, - pub client_data: String, -} +// Copyright 2021 Flavio Oliveira +// SPDX-License-Identifier: Apache-2.0 +// SPDX-License-Identifier: MIT + +// As defined by FIDO U2F Javascript API. +// https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#registration + +use serde::{Deserialize, Serialize}; + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct U2fRegisterRequest { + pub app_id: String, + pub register_requests: Vec, + pub registered_keys: Vec, +} + +#[derive(Serialize)] +pub struct RegisterRequest { + pub version: String, + pub challenge: String, +} + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct RegisteredKey { + pub version: String, + pub key_handle: Option, + pub app_id: String, +} + +#[derive(Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct RegisterResponse { + pub registration_data: String, + #[allow(dead_code)] + pub version: String, + pub client_data: String, +} + +#[derive(Serialize)] +#[serde(rename_all = "camelCase")] +pub struct U2fSignRequest { + pub app_id: String, + pub challenge: String, + pub registered_keys: Vec, +} + +#[derive(Clone, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct SignResponse { + pub key_handle: String, + pub signature_data: String, + pub client_data: String, +}