mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

20231129 webauthn attestation (#2351)

Browse source 
This adds full support for attestation of webauthn/passkeys.
This commit is contained in:
Firstyear 2023-12-03 16:13:52 +10:00 committed by GitHub
parent 85022e5e8a
commit 76269f9de2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
52 changed files with 2815 additions and 921 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
Cargo.lock generated
View file

@ -459,7 +459,7 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
[[package]] [[package]]
name = "base64urlsafedata" name = "base64urlsafedata"
version = "0.1.3" version = "0.1.3"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64 0.21.5", "base64 0.21.5",
"paste 1.0.14", "paste 1.0.14",
@ -2830,9 +2830,9 @@ dependencies = [
[[package]] [[package]]
name = "implicit-clone" name = "implicit-clone"
version = "0.3.6" version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c6ecbd987bb94f1f3c76c6787879756cf4b6f73bfff48d79308e8c56b46f65f" checksum = "cfd6201e7c30ccb24773cac7efa6fec1e06189d414b7439ce756a481c8bfbf53"
dependencies = [ dependencies = [
"indexmap 1.9.3", "indexmap 1.9.3",
] ]
@ -5550,7 +5550,7 @@ checksum = "3b9b39299b249ad65f3b7e96443bad61c02ca5cd3589f46cb6d610a0fd6c0d6a"
[[package]] [[package]]
name = "sshkey-attest" name = "sshkey-attest"
version = "0.5.0-dev" version = "0.5.0-dev"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64urlsafedata", "base64urlsafedata",
"nom", "nom",
@ -6466,9 +6466,9 @@ dependencies = [
[[package]] [[package]]
name = "web-sys" name = "web-sys"
version = "0.3.65" version = "0.3.66"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85" checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f"
dependencies = [ dependencies = [
"js-sys", "js-sys",
"wasm-bindgen", "wasm-bindgen",
@ -6477,7 +6477,7 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-attestation-ca" name = "webauthn-attestation-ca"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64urlsafedata", "base64urlsafedata",
"openssl", "openssl",
@ -6489,7 +6489,7 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-authenticator-rs" name = "webauthn-authenticator-rs"
version = "0.5.0-dev" version = "0.5.0-dev"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"async-stream", "async-stream",
"async-trait", "async-trait",
@ -6521,7 +6521,7 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-rs" name = "webauthn-rs"
version = "0.5.0-dev" version = "0.5.0-dev"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64urlsafedata", "base64urlsafedata",
"serde", "serde",
@ -6534,7 +6534,7 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-rs-core" name = "webauthn-rs-core"
version = "0.5.0-dev" version = "0.5.0-dev"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64 0.21.5", "base64 0.21.5",
"base64urlsafedata", "base64urlsafedata",
@ -6558,7 +6558,7 @@ dependencies = [
[[package]] [[package]]
name = "webauthn-rs-proto" name = "webauthn-rs-proto"
version = "0.5.0-dev" version = "0.5.0-dev"
source = "git+https://github.com/kanidm/webauthn-rs.git?rev=2218d2055c0c900ef57b398423eee5e8d5521f4c#2218d2055c0c900ef57b398423eee5e8d5521f4c" source = "git+https://github.com/kanidm/webauthn-rs.git?rev=5f4db4172f8e22aedc68c282d177e98db2b1892f#5f4db4172f8e22aedc68c282d177e98db2b1892f"
dependencies = [ dependencies = [
"base64urlsafedata", "base64urlsafedata",
"js-sys", "js-sys",

12
Cargo.toml
View file

@ -61,12 +61,12 @@ repository = "https://github.com/kanidm/kanidm/"
# scim_proto = { path = "../scim/proto" } # scim_proto = { path = "../scim/proto" }
# scim_proto = { git = "https://github.com/kanidm/scim.git" } # scim_proto = { git = "https://github.com/kanidm/scim.git" }
base64urlsafedata = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } base64urlsafedata = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
webauthn-authenticator-rs = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } webauthn-authenticator-rs = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
webauthn-rs = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } webauthn-rs = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
webauthn-rs-core = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } webauthn-rs-core = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
webauthn-rs-proto = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } webauthn-rs-proto = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
sshkey-attest = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "2218d2055c0c900ef57b398423eee5e8d5521f4c" } sshkey-attest = { git = "https://github.com/kanidm/webauthn-rs.git", rev = "5f4db4172f8e22aedc68c282d177e98db2b1892f" }
# base64urlsafedata = { path = "../webauthn-rs/base64urlsafedata" } # base64urlsafedata = { path = "../webauthn-rs/base64urlsafedata" }
# webauthn-authenticator-rs = { path = "../webauthn-rs/webauthn-authenticator-rs" } # webauthn-authenticator-rs = { path = "../webauthn-rs/webauthn-authenticator-rs" }

12
libs/client/src/group.rs
View file

@ -56,4 +56,16 @@ impl KanidmClient {
) )
.await .await
} }
pub async fn group_account_policy_webauthn_attestation_set(
&self,
id: &str,
att_ca_list: &str,
) -> Result<(), ClientError> {
self.perform_put_request(
&format!("/v1/group/{}/_attr/webauthn_attestation_ca_list", id),
vec![att_ca_list.to_string()],
)
.await
}
} }

30
libs/client/src/lib.rs
View file

@ -1784,6 +1784,36 @@ impl KanidmClient {
.await .await
} }
pub async fn idm_account_credential_update_attested_passkey_init(
&self,
session_token: &CUSessionToken,
) -> Result<CUStatus, ClientError> {
let scr = CURequest::AttestedPasskeyInit;
self.perform_simple_post_request("/v1/credential/_update", &(scr, &session_token))
.await
}
pub async fn idm_account_credential_update_attested_passkey_finish(
&self,
session_token: &CUSessionToken,
label: String,
registration: RegisterPublicKeyCredential,
) -> Result<CUStatus, ClientError> {
let scr = CURequest::AttestedPasskeyFinish(label, registration);
self.perform_simple_post_request("/v1/credential/_update", &(scr, &session_token))
.await
}
pub async fn idm_account_credential_update_attested_passkey_remove(
&self,
session_token: &CUSessionToken,
uuid: Uuid,
) -> Result<CUStatus, ClientError> {
let scr = CURequest::AttestedPasskeyRemove(uuid);
self.perform_simple_post_request("/v1/credential/_update", &(scr, &session_token))
.await
}
pub async fn idm_account_credential_update_commit( pub async fn idm_account_credential_update_commit(
&self, &self,
session_token: &CUSessionToken, session_token: &CUSessionToken,

3
proto/src/constants.rs
View file

@ -52,6 +52,7 @@ pub const ATTR_ACP_RECEIVER: &str = "acp_receiver";
pub const ATTR_ACP_SEARCH_ATTR: &str = "acp_search_attr"; pub const ATTR_ACP_SEARCH_ATTR: &str = "acp_search_attr";
pub const ATTR_ACP_TARGET_SCOPE: &str = "acp_targetscope"; pub const ATTR_ACP_TARGET_SCOPE: &str = "acp_targetscope";
pub const ATTR_API_TOKEN_SESSION: &str = "api_token_session"; pub const ATTR_API_TOKEN_SESSION: &str = "api_token_session";
pub const ATTR_ATTESTED_PASSKEYS: &str = "attested_passkeys";
pub const ATTR_ATTR: &str = "attr"; pub const ATTR_ATTR: &str = "attr";
pub const ATTR_ATTRIBUTENAME: &str = "attributename"; pub const ATTR_ATTRIBUTENAME: &str = "attributename";
pub const ATTR_ATTRIBUTETYPE: &str = "attributetype"; pub const ATTR_ATTRIBUTETYPE: &str = "attributetype";
@ -67,7 +68,6 @@ pub const ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: &str = "credential_update_intent_
pub const ATTR_CREDENTIAL_TYPE_MINIMUM: &str = "credential_type_minimum"; pub const ATTR_CREDENTIAL_TYPE_MINIMUM: &str = "credential_type_minimum";
pub const ATTR_DENIED_NAME: &str = "denied_name"; pub const ATTR_DENIED_NAME: &str = "denied_name";
pub const ATTR_DESCRIPTION: &str = "description"; pub const ATTR_DESCRIPTION: &str = "description";
pub const ATTR_DEVICEKEYS: &str = "devicekeys";
pub const ATTR_DIRECTMEMBEROF: &str = "directmemberof"; pub const ATTR_DIRECTMEMBEROF: &str = "directmemberof";
pub const ATTR_DISPLAYNAME: &str = "displayname"; pub const ATTR_DISPLAYNAME: &str = "displayname";
pub const ATTR_DN: &str = "dn"; pub const ATTR_DN: &str = "dn";
@ -176,6 +176,7 @@ pub const ATTR_USERID: &str = "userid";
pub const ATTR_USERPASSWORD: &str = "userpassword"; pub const ATTR_USERPASSWORD: &str = "userpassword";
pub const ATTR_UUID: &str = "uuid"; pub const ATTR_UUID: &str = "uuid";
pub const ATTR_VERSION: &str = "version"; pub const ATTR_VERSION: &str = "version";
pub const ATTR_WEBAUTHN_ATTESTATION_CA_LIST: &str = "webauthn_attestation_ca_list";
pub const OAUTH2_SCOPE_EMAIL: &str = ATTR_EMAIL; pub const OAUTH2_SCOPE_EMAIL: &str = ATTR_EMAIL;
pub const OAUTH2_SCOPE_GROUPS: &str = "groups"; pub const OAUTH2_SCOPE_GROUPS: &str = "groups";

19
proto/src/v1.rs
View file

@ -289,6 +289,9 @@ pub enum OperationError {
/// When a name is denied by the system config /// When a name is denied by the system config
ValueDenyName, ValueDenyName,
// What about something like this for unique errors? // What about something like this for unique errors?
// Credential Update Errors
CU0001WebauthnAttestationNotTrusted,
CU0002WebauthnRegistrationError,
// ValueSet errors // ValueSet errors
VS0001IncomingReplSshPublicKey, VS0001IncomingReplSshPublicKey,
// Value Errors // Value Errors
@ -1161,6 +1164,9 @@ pub enum CURequest {
PasskeyInit, PasskeyInit,
PasskeyFinish(String, RegisterPublicKeyCredential), PasskeyFinish(String, RegisterPublicKeyCredential),
PasskeyRemove(Uuid), PasskeyRemove(Uuid),
AttestedPasskeyInit,
AttestedPasskeyFinish(String, RegisterPublicKeyCredential),
AttestedPasskeyRemove(Uuid),
} }
impl fmt::Debug for CURequest { impl fmt::Debug for CURequest {
@ -1178,6 +1184,9 @@ impl fmt::Debug for CURequest {
CURequest::PasskeyInit => "CURequest::PasskeyInit", CURequest::PasskeyInit => "CURequest::PasskeyInit",
CURequest::PasskeyFinish(_, _) => "CURequest::PasskeyFinish", CURequest::PasskeyFinish(_, _) => "CURequest::PasskeyFinish",
CURequest::PasskeyRemove(_) => "CURequest::PasskeyRemove", CURequest::PasskeyRemove(_) => "CURequest::PasskeyRemove",
CURequest::AttestedPasskeyInit => "CURequest::AttestedPasskeyInit",
CURequest::AttestedPasskeyFinish(_, _) => "CURequest::AttestedPasskeyFinish",
CURequest::AttestedPasskeyRemove(_) => "CURequest::AttestedPasskeyRemove",
}; };
writeln!(f, "{}", t) writeln!(f, "{}", t)
} }
@ -1192,6 +1201,7 @@ pub enum CURegState {
TotpInvalidSha1, TotpInvalidSha1,
BackupCodes(Vec<String>), BackupCodes(Vec<String>),
Passkey(CreationChallengeResponse), Passkey(CreationChallengeResponse),
AttestedPasskey(CreationChallengeResponse),
} }
#[derive(Debug, Clone, Serialize, Deserialize, ToSchema)] #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
@ -1201,9 +1211,10 @@ pub enum CUExtPortal {
Some(Url), Some(Url),
} }
#[derive(Debug, Clone, Copy, Serialize, Deserialize, ToSchema)] #[derive(Debug, Clone, Copy, Serialize, Deserialize, ToSchema, PartialEq)]
pub enum CUCredState { pub enum CUCredState {
Modifiable, Modifiable,
DeleteOnly,
AccessDeny, AccessDeny,
PolicyDeny, PolicyDeny,
// Disabled, // Disabled,
@ -1213,7 +1224,10 @@ pub enum CUCredState {
pub enum CURegWarning { pub enum CURegWarning {
MfaRequired, MfaRequired,
PasskeyRequired, PasskeyRequired,
AttestedPasskeyRequired,
AttestedResidentKeyRequired,
Unsatisfiable, Unsatisfiable,
WebauthnAttestationUnsatisfiable,
} }
#[derive(Debug, Clone, Serialize, Deserialize, ToSchema)] #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
@ -1231,6 +1245,9 @@ pub struct CUStatus {
pub primary_state: CUCredState, pub primary_state: CUCredState,
pub passkeys: Vec<PasskeyDetail>, pub passkeys: Vec<PasskeyDetail>,
pub passkeys_state: CUCredState, pub passkeys_state: CUCredState,
pub attested_passkeys: Vec<PasskeyDetail>,
pub attested_passkeys_state: CUCredState,
pub attested_passkeys_allowed_devices: Vec<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq, ToSchema)] #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq, ToSchema)]

31
server/core/src/actors/v1_read.rs
View file

@ -1251,7 +1251,7 @@ impl QueryServerReadV1 {
.map_err(|e| { .map_err(|e| {
admin_error!( admin_error!(
err = ?e, err = ?e,
"Failed to begin credential_passkey_init", "Failed to begin credential_passkey_finish",
); );
e e
}), }),
@ -1260,7 +1260,34 @@ impl QueryServerReadV1 {
.map_err(|e| { .map_err(|e| {
admin_error!( admin_error!(
err = ?e, err = ?e,
"Failed to begin credential_passkey_init", "Failed to begin credential_passkey_remove",
);
e
}),
CURequest::AttestedPasskeyInit => idms_cred_update
.credential_attested_passkey_init(&session_token, ct)
.map_err(|e| {
admin_error!(
err = ?e,
"Failed to begin credential_attested_passkey_init",
);
e
}),
CURequest::AttestedPasskeyFinish(label, rpkc) => idms_cred_update
.credential_attested_passkey_finish(&session_token, ct, label, &rpkc)
.map_err(|e| {
admin_error!(
err = ?e,
"Failed to begin credential_attested_passkey_finish",
);
e
}),
CURequest::AttestedPasskeyRemove(uuid) => idms_cred_update
.credential_attested_passkey_remove(&session_token, ct, uuid)
.map_err(|e| {
admin_error!(
err = ?e,
"Failed to begin credential_attested_passkey_remove",
); );
e e
}), }),

22
server/lib/src/be/dbvalue.rs
View file

@ -8,7 +8,8 @@ use serde_with::skip_serializing_none;
use url::Url; use url::Url;
use uuid::Uuid; use uuid::Uuid;
use webauthn_rs::prelude::{ use webauthn_rs::prelude::{
AttestedPasskey as DeviceKeyV4, Passkey as PasskeyV4, SecurityKey as SecurityKeyV4, AttestationCaList, AttestedPasskey as AttestedPasskeyV4, Passkey as PasskeyV4,
SecurityKey as SecurityKeyV4,
}; };
use webauthn_rs_core::proto::{COSEKey, UserVerificationPolicy}; use webauthn_rs_core::proto::{COSEKey, UserVerificationPolicy};
@ -60,6 +61,8 @@ pub enum DbValueIntentTokenStateV1 {
#[serde(default)] #[serde(default)]
passkeys_can_edit: bool, passkeys_can_edit: bool,
#[serde(default)] #[serde(default)]
attested_passkeys_can_edit: bool,
#[serde(default)]
unixcred_can_edit: bool, unixcred_can_edit: bool,
#[serde(default)] #[serde(default)]
sshpubkey_can_edit: bool, sshpubkey_can_edit: bool,
@ -76,6 +79,8 @@ pub enum DbValueIntentTokenStateV1 {
#[serde(default)] #[serde(default)]
passkeys_can_edit: bool, passkeys_can_edit: bool,
#[serde(default)] #[serde(default)]
attested_passkeys_can_edit: bool,
#[serde(default)]
unixcred_can_edit: bool, unixcred_can_edit: bool,
#[serde(default)] #[serde(default)]
sshpubkey_can_edit: bool, sshpubkey_can_edit: bool,
@ -347,8 +352,12 @@ pub enum DbValuePasskeyV1 {
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
pub enum DbValueDeviceKeyV1 { pub enum DbValueAttestedPasskeyV1 {
V4 { u: Uuid, t: String, k: DeviceKeyV4 }, V4 {
u: Uuid,
t: String,
k: AttestedPasskeyV4,
},
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
@ -674,7 +683,7 @@ pub enum DbValueSetV2 {
#[serde(rename = "PK")] #[serde(rename = "PK")]
Passkey(Vec<DbValuePasskeyV1>), Passkey(Vec<DbValuePasskeyV1>),
#[serde(rename = "DK")] #[serde(rename = "DK")]
DeviceKey(Vec<DbValueDeviceKeyV1>), AttestedPasskey(Vec<DbValueAttestedPasskeyV1>),
#[serde(rename = "TE")] #[serde(rename = "TE")]
TrustedDeviceEnrollment(Vec<Uuid>), TrustedDeviceEnrollment(Vec<Uuid>),
#[serde(rename = "AS")] #[serde(rename = "AS")]
@ -699,6 +708,8 @@ pub enum DbValueSetV2 {
Image(Vec<DbValueImage>), Image(Vec<DbValueImage>),
#[serde(rename = "CT")] #[serde(rename = "CT")]
CredentialType(Vec<u16>), CredentialType(Vec<u16>),
#[serde(rename = "WC")]
WebauthnAttestationCaList { ca_list: AttestationCaList },
} }
impl DbValueSetV2 { impl DbValueSetV2 {
@ -732,7 +743,7 @@ impl DbValueSetV2 {
DbValueSetV2::RestrictedString(set) => set.len(), DbValueSetV2::RestrictedString(set) => set.len(),
DbValueSetV2::IntentToken(set) => set.len(), DbValueSetV2::IntentToken(set) => set.len(),
DbValueSetV2::Passkey(set) => set.len(), DbValueSetV2::Passkey(set) => set.len(),
DbValueSetV2::DeviceKey(set) => set.len(), DbValueSetV2::AttestedPasskey(set) => set.len(),
DbValueSetV2::TrustedDeviceEnrollment(set) => set.len(), DbValueSetV2::TrustedDeviceEnrollment(set) => set.len(),
DbValueSetV2::Session(set) => set.len(), DbValueSetV2::Session(set) => set.len(),
DbValueSetV2::ApiToken(set) => set.len(), DbValueSetV2::ApiToken(set) => set.len(),
@ -746,6 +757,7 @@ impl DbValueSetV2 {
DbValueSetV2::EcKeyPrivate(_key) => 1, // here we have to hard code it because the Vec<u8> DbValueSetV2::EcKeyPrivate(_key) => 1, // here we have to hard code it because the Vec<u8>
// represents the bytes of SINGLE(!) key // represents the bytes of SINGLE(!) key
DbValueSetV2::CredentialType(set) => set.len(), DbValueSetV2::CredentialType(set) => set.len(),
DbValueSetV2::WebauthnAttestationCaList { ca_list } => ca_list.len(),
} }
} }

27
server/lib/src/constants/acp.rs
View file

@ -208,7 +208,7 @@ lazy_static! {
Attribute::PrimaryCredential, Attribute::PrimaryCredential,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
], ],
..Default::default() ..Default::default()
}; };
@ -241,7 +241,7 @@ lazy_static! {
Attribute::SshPublicKey, Attribute::SshPublicKey,
Attribute::UnixPassword, Attribute::UnixPassword,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
], ],
modify_present_attrs: vec![ modify_present_attrs: vec![
@ -253,7 +253,7 @@ lazy_static! {
Attribute::SshPublicKey, Attribute::SshPublicKey,
Attribute::UnixPassword, Attribute::UnixPassword,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
], ],
..Default::default() ..Default::default()
}; };
@ -442,7 +442,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
], ],
create_classes: vec![EntryClass::Object, EntryClass::Account, EntryClass::Person,], create_classes: vec![EntryClass::Object, EntryClass::Account, EntryClass::Person,],
..Default::default() ..Default::default()
@ -695,7 +695,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
], ],
@ -729,7 +729,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
Attribute::IdVerificationEcKey, Attribute::IdVerificationEcKey,
@ -743,7 +743,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
], ],
..Default::default() ..Default::default()
@ -779,7 +779,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
], ],
create_classes: vec![ create_classes: vec![
EntryClass::Object, EntryClass::Object,
@ -895,7 +895,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
], ],
@ -925,7 +925,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
Attribute::UserAuthTokenSession, Attribute::UserAuthTokenSession,
Attribute::IdVerificationEcKey, Attribute::IdVerificationEcKey,
@ -938,7 +938,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
Attribute::ApiTokenSession, Attribute::ApiTokenSession,
], ],
..Default::default() ..Default::default()
@ -1275,6 +1275,7 @@ lazy_static! {
Attribute::AuthPasswordMinimumLength, Attribute::AuthPasswordMinimumLength,
Attribute::CredentialTypeMinimum, Attribute::CredentialTypeMinimum,
Attribute::PrivilegeExpiry, Attribute::PrivilegeExpiry,
Attribute::WebauthnAttestationCaList,
], ],
modify_removed_attrs: vec![ modify_removed_attrs: vec![
Attribute::Class, Attribute::Class,
@ -1282,6 +1283,7 @@ lazy_static! {
Attribute::AuthPasswordMinimumLength, Attribute::AuthPasswordMinimumLength,
Attribute::CredentialTypeMinimum, Attribute::CredentialTypeMinimum,
Attribute::PrivilegeExpiry, Attribute::PrivilegeExpiry,
Attribute::WebauthnAttestationCaList,
], ],
modify_present_attrs: vec![ modify_present_attrs: vec![
Attribute::Class, Attribute::Class,
@ -1289,6 +1291,7 @@ lazy_static! {
Attribute::AuthPasswordMinimumLength, Attribute::AuthPasswordMinimumLength,
Attribute::CredentialTypeMinimum, Attribute::CredentialTypeMinimum,
Attribute::PrivilegeExpiry, Attribute::PrivilegeExpiry,
Attribute::WebauthnAttestationCaList,
], ],
modify_classes: vec![ modify_classes: vec![
EntryClass::AccountPolicy, EntryClass::AccountPolicy,
@ -1329,7 +1332,7 @@ lazy_static! {
Attribute::AccountExpire, Attribute::AccountExpire,
Attribute::AccountValidFrom, Attribute::AccountValidFrom,
Attribute::PassKeys, Attribute::PassKeys,
Attribute::DeviceKeys, Attribute::AttestedPasskeys,
], ],
create_classes: vec![ create_classes: vec![
EntryClass::Object, EntryClass::Object,

9
server/lib/src/constants/entries.rs
View file

@ -50,6 +50,7 @@ pub enum Attribute {
AcpSearchAttr, AcpSearchAttr,
AcpTargetScope, AcpTargetScope,
ApiTokenSession, ApiTokenSession,
AttestedPasskeys,
Attr, Attr,
AttributeName, AttributeName,
AttributeType, AttributeType,
@ -65,7 +66,6 @@ pub enum Attribute {
CredentialTypeMinimum, CredentialTypeMinimum,
DeniedName, DeniedName,
Description, Description,
DeviceKeys,
DirectMemberOf, DirectMemberOf,
DisplayName, DisplayName,
Dn, Dn,
@ -173,6 +173,7 @@ pub enum Attribute {
UserPassword, UserPassword,
Uuid, Uuid,
Version, Version,
WebauthnAttestationCaList,
#[cfg(any(debug_assertions, test))] #[cfg(any(debug_assertions, test))]
NonExist, NonExist,
@ -232,6 +233,7 @@ impl TryFrom<String> for Attribute {
ATTR_ACP_SEARCH_ATTR => Attribute::AcpSearchAttr, ATTR_ACP_SEARCH_ATTR => Attribute::AcpSearchAttr,
ATTR_ACP_TARGET_SCOPE => Attribute::AcpTargetScope, ATTR_ACP_TARGET_SCOPE => Attribute::AcpTargetScope,
ATTR_API_TOKEN_SESSION => Attribute::ApiTokenSession, ATTR_API_TOKEN_SESSION => Attribute::ApiTokenSession,
ATTR_ATTESTED_PASSKEYS => Attribute::AttestedPasskeys,
ATTR_ATTR => Attribute::Attr, ATTR_ATTR => Attribute::Attr,
ATTR_ATTRIBUTENAME => Attribute::AttributeName, ATTR_ATTRIBUTENAME => Attribute::AttributeName,
ATTR_ATTRIBUTETYPE => Attribute::AttributeType, ATTR_ATTRIBUTETYPE => Attribute::AttributeType,
@ -247,7 +249,6 @@ impl TryFrom<String> for Attribute {
ATTR_CREDENTIAL_TYPE_MINIMUM => Attribute::CredentialTypeMinimum, ATTR_CREDENTIAL_TYPE_MINIMUM => Attribute::CredentialTypeMinimum,
ATTR_DENIED_NAME => Attribute::DeniedName, ATTR_DENIED_NAME => Attribute::DeniedName,
ATTR_DESCRIPTION => Attribute::Description, ATTR_DESCRIPTION => Attribute::Description,
ATTR_DEVICEKEYS => Attribute::DeviceKeys,
ATTR_DIRECTMEMBEROF => Attribute::DirectMemberOf, ATTR_DIRECTMEMBEROF => Attribute::DirectMemberOf,
ATTR_DISPLAYNAME => Attribute::DisplayName, ATTR_DISPLAYNAME => Attribute::DisplayName,
ATTR_DN => Attribute::Dn, ATTR_DN => Attribute::Dn,
@ -353,6 +354,7 @@ impl TryFrom<String> for Attribute {
ATTR_USERPASSWORD => Attribute::UserPassword, ATTR_USERPASSWORD => Attribute::UserPassword,
ATTR_UUID => Attribute::Uuid, ATTR_UUID => Attribute::Uuid,
ATTR_VERSION => Attribute::Version, ATTR_VERSION => Attribute::Version,
ATTR_WEBAUTHN_ATTESTATION_CA_LIST => Attribute::WebauthnAttestationCaList,
#[cfg(any(debug_assertions, test))] #[cfg(any(debug_assertions, test))]
TEST_ATTR_NON_EXIST => Attribute::NonExist, TEST_ATTR_NON_EXIST => Attribute::NonExist,
@ -390,6 +392,7 @@ impl From<Attribute> for &'static str {
Attribute::AcpSearchAttr => ATTR_ACP_SEARCH_ATTR, Attribute::AcpSearchAttr => ATTR_ACP_SEARCH_ATTR,
Attribute::AcpTargetScope => ATTR_ACP_TARGET_SCOPE, Attribute::AcpTargetScope => ATTR_ACP_TARGET_SCOPE,
Attribute::ApiTokenSession => ATTR_API_TOKEN_SESSION, Attribute::ApiTokenSession => ATTR_API_TOKEN_SESSION,
Attribute::AttestedPasskeys => ATTR_ATTESTED_PASSKEYS,
Attribute::Attr => ATTR_ATTR, Attribute::Attr => ATTR_ATTR,
Attribute::AttributeName => ATTR_ATTRIBUTENAME, Attribute::AttributeName => ATTR_ATTRIBUTENAME,
Attribute::AttributeType => ATTR_ATTRIBUTETYPE, Attribute::AttributeType => ATTR_ATTRIBUTETYPE,
@ -405,7 +408,6 @@ impl From<Attribute> for &'static str {
Attribute::CredentialTypeMinimum => ATTR_CREDENTIAL_TYPE_MINIMUM, Attribute::CredentialTypeMinimum => ATTR_CREDENTIAL_TYPE_MINIMUM,
Attribute::DeniedName => ATTR_DENIED_NAME, Attribute::DeniedName => ATTR_DENIED_NAME,
Attribute::Description => ATTR_DESCRIPTION, Attribute::Description => ATTR_DESCRIPTION,
Attribute::DeviceKeys => ATTR_DEVICEKEYS,
Attribute::DirectMemberOf => ATTR_DIRECTMEMBEROF, Attribute::DirectMemberOf => ATTR_DIRECTMEMBEROF,
Attribute::DisplayName => ATTR_DISPLAYNAME, Attribute::DisplayName => ATTR_DISPLAYNAME,
Attribute::Dn => ATTR_DN, Attribute::Dn => ATTR_DN,
@ -511,6 +513,7 @@ impl From<Attribute> for &'static str {
Attribute::UserPassword => ATTR_USERPASSWORD, Attribute::UserPassword => ATTR_USERPASSWORD,
Attribute::Uuid => ATTR_UUID, Attribute::Uuid => ATTR_UUID,
Attribute::Version => ATTR_VERSION, Attribute::Version => ATTR_VERSION,
Attribute::WebauthnAttestationCaList => ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
#[cfg(any(debug_assertions, test))] #[cfg(any(debug_assertions, test))]
Attribute::NonExist => TEST_ATTR_NON_EXIST, Attribute::NonExist => TEST_ATTR_NON_EXIST,

28
server/lib/src/constants/schema.rs
View file

@ -251,7 +251,7 @@ pub static ref SCHEMA_ATTR_LOGINSHELL: SchemaAttribute = SchemaAttribute {
pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute { pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD, uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD,
name: Attribute::UnixPassword.into(), name: Attribute::UnixPassword.into(),
description: "A POSIX user's UNIX login password.to_string().".to_string(), description: "A POSIX user's UNIX login password.".to_string(),
index: vec![IndexType::Presence], index: vec![IndexType::Presence],
syntax: SyntaxType::Credential, syntax: SyntaxType::Credential,
@ -273,7 +273,7 @@ pub static ref SCHEMA_ATTR_NSUNIQUEID: SchemaAttribute = SchemaAttribute {
pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute { pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE, uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE,
name: Attribute::AccountExpire.into(), name: Attribute::AccountExpire.into(),
description: "The datetime after which this account no longer may authenticate.to_string().".to_string(), description: "The datetime after which this account no longer may authenticate.".to_string(),
sync_allowed: true, sync_allowed: true,
syntax: SyntaxType::DateTime, syntax: SyntaxType::DateTime,
@ -283,13 +283,22 @@ pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute { pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM, uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
name: Attribute::AccountValidFrom.into(), name: Attribute::AccountValidFrom.into(),
description: "The datetime after which this account may commence authenticating.to_string().".to_string(), description: "The datetime after which this account may commence authenticating.".to_string(),
sync_allowed: true, sync_allowed: true,
syntax: SyntaxType::DateTime, syntax: SyntaxType::DateTime,
..Default::default() ..Default::default()
}; };
pub static ref SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
name: Attribute::WebauthnAttestationCaList.into(),
description: "A set of CA's that limit devices that can be used with webauthn.".to_string(),
syntax: SyntaxType::WebauthnAttestationCaList,
multivalue: true,
..Default::default()
};
pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute { pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME, uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME,
name: Attribute::OAuth2RsName.into(), name: Attribute::OAuth2RsName.into(),
@ -461,15 +470,15 @@ pub static ref SCHEMA_ATTR_PASSKEYS: SchemaAttribute = SchemaAttribute {
..Default::default() ..Default::default()
}; };
pub static ref SCHEMA_ATTR_DEVICEKEYS: SchemaAttribute = SchemaAttribute { pub static ref SCHEMA_ATTR_ATTESTED_PASSKEYS: SchemaAttribute = SchemaAttribute {
uuid: UUID_SCHEMA_ATTR_DEVICEKEYS, uuid: UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS,
name: Attribute::DeviceKeys.into(), name: Attribute::AttestedPasskeys.into(),
description: "A set of registered device keys".to_string(), description: "A set of registered device keys".to_string(),
index: vec![IndexType::Equality], index: vec![IndexType::Equality],
multivalue: true, multivalue: true,
sync_allowed: true, sync_allowed: true,
syntax: SyntaxType::DeviceKey, syntax: SyntaxType::AttestedPasskey,
..Default::default() ..Default::default()
}; };
@ -657,7 +666,8 @@ pub static ref SCHEMA_CLASS_ACCOUNT_POLICY: SchemaClass = SchemaClass {
Attribute::AuthSessionExpiry.into(), Attribute::AuthSessionExpiry.into(),
Attribute::PrivilegeExpiry.into(), Attribute::PrivilegeExpiry.into(),
Attribute::AuthPasswordMinimumLength.into(), Attribute::AuthPasswordMinimumLength.into(),
Attribute::CredentialTypeMinimum.into() Attribute::CredentialTypeMinimum.into(),
Attribute::WebauthnAttestationCaList.into(),
], ],
systemsupplements: vec![Attribute::Group.into()], systemsupplements: vec![Attribute::Group.into()],
..Default::default() ..Default::default()
@ -672,7 +682,7 @@ pub static ref SCHEMA_CLASS_ACCOUNT: SchemaClass = SchemaClass {
systemmay: vec![ systemmay: vec![
Attribute::PrimaryCredential.into(), Attribute::PrimaryCredential.into(),
Attribute::PassKeys.into(), Attribute::PassKeys.into(),
Attribute::DeviceKeys.into(), Attribute::AttestedPasskeys.into(),
Attribute::CredentialUpdateIntentToken.into(), Attribute::CredentialUpdateIntentToken.into(),
Attribute::SshPublicKey.into(), Attribute::SshPublicKey.into(),
Attribute::RadiusSecret.into(), Attribute::RadiusSecret.into(),

4
server/lib/src/constants/uuids.rs
View file

@ -184,7 +184,7 @@ pub const UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: Uuid =
pub const UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid = pub const UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000098"); uuid!("00000000-0000-0000-0000-ffff00000098");
pub const UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099"); pub const UUID_SCHEMA_ATTR_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000099");
pub const UUID_SCHEMA_ATTR_DEVICEKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100"); pub const UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000100");
pub const UUID_SCHEMA_ATTR_SYSTEMSUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000101"); pub const UUID_SCHEMA_ATTR_SYSTEMSUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000101");
pub const UUID_SCHEMA_ATTR_SUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000102"); pub const UUID_SCHEMA_ATTR_SUPPLEMENTS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000102");
@ -252,6 +252,8 @@ pub const UUID_SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM: Uuid =
pub const UUID_SCHEMA_ATTR_SUDOHOST: Uuid = uuid!("00000000-0000-0000-0000-ffff00000149"); pub const UUID_SCHEMA_ATTR_SUDOHOST: Uuid = uuid!("00000000-0000-0000-0000-ffff00000149");
pub const UUID_SCHEMA_ATTR_UID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000150"); pub const UUID_SCHEMA_ATTR_UID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000150");
pub const UUID_SCHEMA_ATTR_GECOS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000151"); pub const UUID_SCHEMA_ATTR_GECOS: Uuid = uuid!("00000000-0000-0000-0000-ffff00000151");
pub const UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: Uuid =
uuid!("00000000-0000-0000-0000-ffff00000152");
// System and domain infos // System and domain infos
// I'd like to strongly criticise william of the past for making poor choices about these allocations. // I'd like to strongly criticise william of the past for making poor choices about these allocations.

20
server/lib/src/entry.rs
View file

@ -43,7 +43,9 @@ use smartstring::alias::String as AttrString;
use time::OffsetDateTime; use time::OffsetDateTime;
use tracing::trace; use tracing::trace;
use uuid::Uuid; use uuid::Uuid;
use webauthn_rs::prelude::{AttestedPasskey as DeviceKeyV4, Passkey as PasskeyV4}; use webauthn_rs::prelude::{
AttestationCaList, AttestedPasskey as AttestedPasskeyV4, Passkey as PasskeyV4,
};
use crate::be::dbentry::{DbEntry, DbEntryVers}; use crate::be::dbentry::{DbEntry, DbEntryVers};
use crate::be::dbvalue::DbValueSetV2; use crate::be::dbvalue::DbValueSetV2;
@ -2733,13 +2735,13 @@ impl<VALID, STATE> Entry<VALID, STATE> {
#[inline(always)] #[inline(always)]
/// Get the set of devicekeys on this account, if any are present. /// Get the set of devicekeys on this account, if any are present.
pub fn get_ava_devicekeys( pub fn get_ava_attestedpasskeys(
&self, &self,
attr: Attribute, attr: Attribute,
) -> Option<&BTreeMap<Uuid, (String, DeviceKeyV4)>> { ) -> Option<&BTreeMap<Uuid, (String, AttestedPasskeyV4)>> {
self.attrs self.attrs
.get(attr.as_ref()) .get(attr.as_ref())
.and_then(|vs| vs.as_devicekey_map()) .and_then(|vs| vs.as_attestedpasskey_map())
} }
#[inline(always)] #[inline(always)]
@ -2851,6 +2853,16 @@ impl<VALID, STATE> Entry<VALID, STATE> {
.get(attr.as_ref()) .get(attr.as_ref())
.and_then(|vs| vs.to_eckey_public_single()) .and_then(|vs| vs.to_eckey_public_single())
} }
pub fn get_ava_webauthn_attestation_ca_list(
&self,
attr: Attribute,
) -> Option<&AttestationCaList> {
self.attrs
.get(attr.as_ref())
.and_then(|vs| vs.as_webauthn_attestation_ca_list())
}
#[inline(always)] #[inline(always)]
/// Return a single security principle name, if valid to transform this value. /// Return a single security principle name, if valid to transform this value.
pub(crate) fn generate_spn(&self, domain_name: &str) -> Option<Value> { pub(crate) fn generate_spn(&self, domain_name: &str) -> Option<Value> {

27
server/lib/src/idm/account.rs
View file

@ -8,7 +8,7 @@ use kanidm_proto::v1::{
use time::OffsetDateTime; use time::OffsetDateTime;
use uuid::Uuid; use uuid::Uuid;
use webauthn_rs::prelude::{ use webauthn_rs::prelude::{
AttestedPasskey as DeviceKeyV4, AuthenticationResult, CredentialID, Passkey as PasskeyV4, AttestedPasskey as AttestedPasskeyV4, AuthenticationResult, CredentialID, Passkey as PasskeyV4,
}; };
use super::accountpolicy::ResolvedAccountPolicy; use super::accountpolicy::ResolvedAccountPolicy;
@ -57,7 +57,7 @@ pub struct Account {
pub groups: Vec<Group>, pub groups: Vec<Group>,
pub primary: Option<Credential>, pub primary: Option<Credential>,
pub passkeys: BTreeMap<Uuid, (String, PasskeyV4)>, pub passkeys: BTreeMap<Uuid, (String, PasskeyV4)>,
pub devicekeys: BTreeMap<Uuid, (String, DeviceKeyV4)>, pub attested_passkeys: BTreeMap<Uuid, (String, AttestedPasskeyV4)>,
pub valid_from: Option<OffsetDateTime>, pub valid_from: Option<OffsetDateTime>,
pub expire: Option<OffsetDateTime>, pub expire: Option<OffsetDateTime>,
pub radius_secret: Option<String>, pub radius_secret: Option<String>,
@ -106,8 +106,8 @@ macro_rules! try_from_entry {
.cloned() .cloned()
.unwrap_or_default(); .unwrap_or_default();
let devicekeys = $value let attested_passkeys = $value
.get_ava_devicekeys(Attribute::DeviceKeys) .get_ava_attestedpasskeys(Attribute::AttestedPasskeys)
.cloned() .cloned()
.unwrap_or_default(); .unwrap_or_default();
@ -206,7 +206,7 @@ macro_rules! try_from_entry {
groups, groups,
primary, primary,
passkeys, passkeys,
devicekeys, attested_passkeys,
valid_from, valid_from,
expire, expire,
radius_secret, radius_secret,
@ -522,6 +522,21 @@ impl Account {
} }
}); });
// Is it an attested passkey?
self.attested_passkeys.iter_mut().for_each(|(u, (t, k))| {
if let Some(true) = k.update_credential(auth_result) {
ml.push(Modify::Removed(
Attribute::AttestedPasskeys.into(),
PartialValue::AttestedPasskey(*u),
));
ml.push(Modify::Present(
Attribute::AttestedPasskeys.into(),
Value::AttestedPasskey(*u, t.clone(), k.clone()),
));
}
});
if ml.is_empty() { if ml.is_empty() {
Ok(None) Ok(None)
} else { } else {
@ -641,6 +656,8 @@ impl Account {
true true
} }
(SessionState::RevokedAt(_), _) => { (SessionState::RevokedAt(_), _) => {
// William, if you have added a new type of credential, and end up here, you
// need to look at session consistency plugin.
security_info!("Session has been revoked"); security_info!("Session has been revoked");
false false
} }

119
server/lib/src/idm/accountpolicy.rs
View file

@ -1,5 +1,6 @@
use crate::prelude::*; use crate::prelude::*;
use crate::value::CredentialType; use crate::value::CredentialType;
use webauthn_rs::prelude::AttestationCaList;
// use crate::idm::server::IdmServerProxyWriteTransaction; // use crate::idm::server::IdmServerProxyWriteTransaction;
#[derive(Clone)] #[derive(Clone)]
@ -8,6 +9,7 @@ pub(crate) struct AccountPolicy {
authsession_expiry: u32, authsession_expiry: u32,
pw_min_length: u32, pw_min_length: u32,
credential_policy: CredentialType, credential_policy: CredentialType,
webauthn_att_ca_list: Option<AttestationCaList>,
} }
impl From<&EntrySealedCommitted> for Option<AccountPolicy> { impl From<&EntrySealedCommitted> for Option<AccountPolicy> {
@ -22,9 +24,11 @@ impl From<&EntrySealedCommitted> for Option<AccountPolicy> {
let authsession_expiry = val let authsession_expiry = val
.get_ava_single_uint32(Attribute::AuthSessionExpiry) .get_ava_single_uint32(Attribute::AuthSessionExpiry)
.unwrap_or(MAXIMUM_AUTH_SESSION_EXPIRY); .unwrap_or(MAXIMUM_AUTH_SESSION_EXPIRY);
let privilege_expiry = val let privilege_expiry = val
.get_ava_single_uint32(Attribute::PrivilegeExpiry) .get_ava_single_uint32(Attribute::PrivilegeExpiry)
.unwrap_or(MAXIMUM_AUTH_PRIVILEGE_EXPIRY); .unwrap_or(MAXIMUM_AUTH_PRIVILEGE_EXPIRY);
let pw_min_length = val let pw_min_length = val
.get_ava_single_uint32(Attribute::AuthPasswordMinimumLength) .get_ava_single_uint32(Attribute::AuthPasswordMinimumLength)
.unwrap_or(PW_MIN_LENGTH); .unwrap_or(PW_MIN_LENGTH);
@ -33,11 +37,16 @@ impl From<&EntrySealedCommitted> for Option<AccountPolicy> {
.get_ava_single_credential_type(Attribute::CredentialTypeMinimum) .get_ava_single_credential_type(Attribute::CredentialTypeMinimum)
.unwrap_or(CredentialType::Any); .unwrap_or(CredentialType::Any);
let webauthn_att_ca_list = val
.get_ava_webauthn_attestation_ca_list(Attribute::WebauthnAttestationCaList)
.cloned();
Some(AccountPolicy { Some(AccountPolicy {
privilege_expiry, privilege_expiry,
authsession_expiry, authsession_expiry,
pw_min_length, pw_min_length,
credential_policy, credential_policy,
webauthn_att_ca_list,
}) })
} }
} }
@ -49,6 +58,7 @@ pub(crate) struct ResolvedAccountPolicy {
authsession_expiry: u32, authsession_expiry: u32,
pw_min_length: u32, pw_min_length: u32,
credential_policy: CredentialType, credential_policy: CredentialType,
webauthn_att_ca_list: Option<AttestationCaList>,
} }
impl ResolvedAccountPolicy { impl ResolvedAccountPolicy {
@ -62,6 +72,7 @@ impl ResolvedAccountPolicy {
authsession_expiry: MAXIMUM_AUTH_SESSION_EXPIRY, authsession_expiry: MAXIMUM_AUTH_SESSION_EXPIRY,
pw_min_length: PW_MIN_LENGTH, pw_min_length: PW_MIN_LENGTH,
credential_policy: CredentialType::Any, credential_policy: CredentialType::Any,
webauthn_att_ca_list: None,
}; };
iter.for_each(|acc_pol| { iter.for_each(|acc_pol| {
@ -84,6 +95,14 @@ impl ResolvedAccountPolicy {
if acc_pol.credential_policy > accumulate.credential_policy { if acc_pol.credential_policy > accumulate.credential_policy {
accumulate.credential_policy = acc_pol.credential_policy accumulate.credential_policy = acc_pol.credential_policy
} }
if let Some(acc_pol_w_att_ca) = acc_pol.webauthn_att_ca_list {
if let Some(res_w_att_ca) = accumulate.webauthn_att_ca_list.as_mut() {
res_w_att_ca.intersection(&acc_pol_w_att_ca);
} else {
accumulate.webauthn_att_ca_list = Some(acc_pol_w_att_ca);
}
}
}); });
accumulate accumulate
@ -104,27 +123,107 @@ impl ResolvedAccountPolicy {
pub(crate) fn credential_policy(&self) -> CredentialType { pub(crate) fn credential_policy(&self) -> CredentialType {
self.credential_policy self.credential_policy
} }
pub(crate) fn webauthn_attestation_ca_list(&self) -> Option<&AttestationCaList> {
self.webauthn_att_ca_list.as_ref()
}
} }
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::{AccountPolicy, CredentialType, ResolvedAccountPolicy}; use super::{AccountPolicy, CredentialType, ResolvedAccountPolicy};
// use crate::prelude::*; use crate::prelude::*;
use webauthn_rs_core::proto::AttestationCaListBuilder;
#[test] #[test]
fn test_idm_account_policy_resolve() { fn test_idm_account_policy_resolve() {
sketching::test_init();
// Yubico U2F Root CA Serial 457200631
let ca_root_a: &[u8] = b"-----BEGIN CERTIFICATE-----
MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ
dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw
MDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290
IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk
5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep
8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbw
nebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT
9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXw
LvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJ
hjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAN
BgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4
MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kt
hX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2k
LVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1U
sG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqc
U9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw==
-----END CERTIFICATE-----";
// Defunct Apple WebAuthn Root CA
let ca_root_b: &[u8] = b"-----BEGIN CERTIFICATE-----
MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
1bWeT0vT
-----END CERTIFICATE-----";
let aaguid_a = Uuid::new_v4();
let aaguid_b = Uuid::new_v4();
let aaguid_c = Uuid::new_v4();
let aaguid_d = Uuid::new_v4();
let aaguid_e = Uuid::new_v4();
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(ca_root_a, aaguid_a, "A".to_string(), Default::default())
.unwrap();
att_ca_builder
.insert_device_pem(ca_root_a, aaguid_b, "B".to_string(), Default::default())
.unwrap();
att_ca_builder
.insert_device_pem(ca_root_a, aaguid_c, "C".to_string(), Default::default())
.unwrap();
att_ca_builder
.insert_device_pem(ca_root_b, aaguid_d, "D".to_string(), Default::default())
.unwrap();
let att_ca_list_a = att_ca_builder.build();
let policy_a = AccountPolicy { let policy_a = AccountPolicy {
privilege_expiry: 100, privilege_expiry: 100,
authsession_expiry: 100, authsession_expiry: 100,
pw_min_length: 11, pw_min_length: 11,
credential_policy: CredentialType::Mfa, credential_policy: CredentialType::Mfa,
webauthn_att_ca_list: Some(att_ca_list_a),
}; };
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(ca_root_a, aaguid_b, "B".to_string(), Default::default())
.unwrap();
att_ca_builder
.insert_device_pem(ca_root_b, aaguid_e, "E".to_string(), Default::default())
.unwrap();
let att_ca_list_b = att_ca_builder.build();
let policy_b = AccountPolicy { let policy_b = AccountPolicy {
privilege_expiry: 150, privilege_expiry: 150,
authsession_expiry: 50, authsession_expiry: 50,
pw_min_length: 15, pw_min_length: 15,
credential_policy: CredentialType::Passkey, credential_policy: CredentialType::Passkey,
webauthn_att_ca_list: Some(att_ca_list_b),
}; };
let rap = ResolvedAccountPolicy::fold_from([policy_a, policy_b].into_iter()); let rap = ResolvedAccountPolicy::fold_from([policy_a, policy_b].into_iter());
@ -133,15 +232,15 @@ mod tests {
assert_eq!(rap.authsession_expiry(), 50); assert_eq!(rap.authsession_expiry(), 50);
assert_eq!(rap.pw_min_length(), 15); assert_eq!(rap.pw_min_length(), 15);
assert_eq!(rap.credential_policy, CredentialType::Passkey); assert_eq!(rap.credential_policy, CredentialType::Passkey);
}
/* let mut att_ca_builder = AttestationCaListBuilder::new();
#[idm_test]
async fn test_idm_account_policy_load( att_ca_builder
idms: &IdmServer, .insert_device_pem(ca_root_a, aaguid_b, "B".to_string(), Default::default())
_idms_delayed: &mut IdmServerDelayed, .unwrap();
) {
todo!(); let att_ca_list_ex = att_ca_builder.build();
assert_eq!(rap.webauthn_att_ca_list, Some(att_ca_list_ex));
} }
*/
} }

354
server/lib/src/idm/authsession.rs
View file

@ -15,10 +15,10 @@ use kanidm_proto::v1::{
use nonempty::{nonempty, NonEmpty}; use nonempty::{nonempty, NonEmpty};
use tokio::sync::mpsc::UnboundedSender as Sender; use tokio::sync::mpsc::UnboundedSender as Sender;
use uuid::Uuid; use uuid::Uuid;
use webauthn_rs::prelude::Passkey as PasskeyV4;
use webauthn_rs::prelude::{ use webauthn_rs::prelude::{
CredentialID, PasskeyAuthentication, RequestChallengeResponse, SecurityKeyAuthentication, AttestationCaList, AttestedPasskey as AttestedPasskeyV4, AttestedPasskeyAuthentication,
Webauthn, CredentialID, Passkey as PasskeyV4, PasskeyAuthentication, RequestChallengeResponse,
SecurityKeyAuthentication, Webauthn,
}; };
use crate::credential::totp::Totp; use crate::credential::totp::Totp;
@ -43,6 +43,7 @@ use super::accountpolicy::ResolvedAccountPolicy;
const BAD_PASSWORD_MSG: &str = "incorrect password"; const BAD_PASSWORD_MSG: &str = "incorrect password";
const BAD_TOTP_MSG: &str = "incorrect totp"; const BAD_TOTP_MSG: &str = "incorrect totp";
const BAD_WEBAUTHN_MSG: &str = "invalid webauthn authentication"; const BAD_WEBAUTHN_MSG: &str = "invalid webauthn authentication";
const BAD_ACCOUNT_POLICY: &str = "the credential no longer meets account policy requirements";
const BAD_BACKUPCODE_MSG: &str = "invalid backup code"; const BAD_BACKUPCODE_MSG: &str = "invalid backup code";
const BAD_AUTH_TYPE_MSG: &str = "invalid authentication method in this context"; const BAD_AUTH_TYPE_MSG: &str = "invalid authentication method in this context";
const BAD_CREDENTIALS: &str = "invalid credential message"; const BAD_CREDENTIALS: &str = "invalid credential message";
@ -56,6 +57,7 @@ pub enum AuthType {
GeneratedPassword, GeneratedPassword,
PasswordMfa, PasswordMfa,
Passkey, Passkey,
AttestedPasskey,
} }
impl fmt::Display for AuthType { impl fmt::Display for AuthType {
@ -66,6 +68,7 @@ impl fmt::Display for AuthType {
AuthType::GeneratedPassword => write!(f, "generatedpassword"), AuthType::GeneratedPassword => write!(f, "generatedpassword"),
AuthType::PasswordMfa => write!(f, "passwordmfa"), AuthType::PasswordMfa => write!(f, "passwordmfa"),
AuthType::Passkey => write!(f, "passkey"), AuthType::Passkey => write!(f, "passkey"),
AuthType::AttestedPasskey => write!(f, "attested_passkey"),
} }
} }
} }
@ -108,13 +111,21 @@ struct CredMfa {
} }
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
/// The state of a webauthn credential during authentication /// The state of a passkey during authentication
struct CredWebauthn { struct CredPasskey {
chal: RequestChallengeResponse, chal: RequestChallengeResponse,
wan_state: PasskeyAuthentication, wan_state: PasskeyAuthentication,
state: CredVerifyState, state: CredVerifyState,
} }
#[derive(Clone, Debug)]
/// The state of an attested passkey during authentication
struct CredAttestedPasskey {
chal: RequestChallengeResponse,
wan_state: AttestedPasskeyAuthentication,
state: CredVerifyState,
}
/// The current active handler for this authentication session. This is determined from what credentials /// The current active handler for this authentication session. This is determined from what credentials
/// are possible from the account, and what the user selected as the preferred authentication /// are possible from the account, and what the user selected as the preferred authentication
/// mechanism. /// mechanism.
@ -133,9 +144,16 @@ enum CredHandler {
cred_id: Uuid, cred_id: Uuid,
}, },
Passkey { Passkey {
c_wan: CredWebauthn, c_wan: CredPasskey,
cred_ids: BTreeMap<CredentialID, Uuid>, cred_ids: BTreeMap<CredentialID, Uuid>,
}, },
AttestedPasskey {
c_wan: CredAttestedPasskey,
// To verify the attestation post auth
att_ca_list: AttestationCaList,
// AP does `PartialEq` on cred_id
creds: BTreeMap<AttestedPasskeyV4, Uuid>,
},
} }
impl TryFrom<(&Credential, &Webauthn)> for CredHandler { impl TryFrom<(&Credential, &Webauthn)> for CredHandler {
@ -205,7 +223,7 @@ impl TryFrom<(&Credential, &Webauthn)> for CredHandler {
webauthn webauthn
.start_passkey_authentication(&pks) .start_passkey_authentication(&pks)
.map(|(chal, wan_state)| CredHandler::Passkey { .map(|(chal, wan_state)| CredHandler::Passkey {
c_wan: CredWebauthn { c_wan: CredPasskey {
chal, chal,
wan_state, wan_state,
state: CredVerifyState::Init, state: CredVerifyState::Init,
@ -221,31 +239,32 @@ impl TryFrom<(&Credential, &Webauthn)> for CredHandler {
} }
} }
impl TryFrom<(&BTreeMap<Uuid, (String, PasskeyV4)>, &Webauthn)> for CredHandler { impl CredHandler {
type Error = ();
/// Given a credential and some external configuration, Generate the credential handler /// Given a credential and some external configuration, Generate the credential handler
/// that will be used for this session. This credential handler is a "self contained" /// that will be used for this session. This credential handler is a "self contained"
/// unit that defines what is possible to use during this authentication session to prevent /// unit that defines what is possible to use during this authentication session to prevent
/// inconsistency. /// inconsistency.
fn try_from( fn build_from_set_passkey(
(wan, webauthn): (&BTreeMap<Uuid, (String, PasskeyV4)>, &Webauthn), wan: impl Iterator<Item = (Uuid, PasskeyV4)>,
) -> Result<Self, Self::Error> { webauthn: &Webauthn,
if wan.is_empty() { ) -> Result<Self, ()> {
security_info!("Account does not have any passkeys"); let mut pks = Vec::with_capacity(wan.size_hint().0);
return Err(()); let mut cred_ids = BTreeMap::default();
for (uuid, pk) in wan {
cred_ids.insert(pk.cred_id().clone(), uuid);
pks.push(pk);
} }
let pks: Vec<_> = wan.values().map(|(_, k)| k).cloned().collect(); if pks.is_empty() {
let cred_ids: BTreeMap<_, _> = wan security_info!("Account does not have any passkeys");
.iter() return Err(());
.map(|(u, (_, k))| (k.cred_id().clone(), *u)) };
.collect();
webauthn webauthn
.start_passkey_authentication(&pks) .start_passkey_authentication(&pks)
.map(|(chal, wan_state)| CredHandler::Passkey { .map(|(chal, wan_state)| CredHandler::Passkey {
c_wan: CredWebauthn { c_wan: CredPasskey {
chal, chal,
wan_state, wan_state,
state: CredVerifyState::Init, state: CredVerifyState::Init,
@ -260,20 +279,19 @@ impl TryFrom<(&BTreeMap<Uuid, (String, PasskeyV4)>, &Webauthn)> for CredHandler
// maps to unit. // maps to unit.
}) })
} }
}
impl TryFrom<(Uuid, &PasskeyV4, &Webauthn)> for CredHandler { fn build_from_single_passkey(
type Error = (); cred_id: Uuid,
fn try_from( pk: PasskeyV4,
(cred_id, pk, webauthn): (Uuid, &PasskeyV4, &Webauthn), webauthn: &Webauthn,
) -> Result<Self, Self::Error> { ) -> Result<Self, ()> {
let cred_ids = btreemap!((pk.cred_id().clone(), cred_id)); let cred_ids = btreemap!((pk.cred_id().clone(), cred_id));
let pks = vec![pk.clone()]; let pks = vec![pk];
webauthn webauthn
.start_passkey_authentication(pks.as_slice()) .start_passkey_authentication(pks.as_slice())
.map(|(chal, wan_state)| CredHandler::Passkey { .map(|(chal, wan_state)| CredHandler::Passkey {
c_wan: CredWebauthn { c_wan: CredPasskey {
chal, chal,
wan_state, wan_state,
state: CredVerifyState::Init, state: CredVerifyState::Init,
@ -288,9 +306,69 @@ impl TryFrom<(Uuid, &PasskeyV4, &Webauthn)> for CredHandler {
// maps to unit. // maps to unit.
}) })
} }
}
impl CredHandler { fn build_from_set_attested_pk(
wan: &BTreeMap<Uuid, (String, AttestedPasskeyV4)>,
att_ca_list: &AttestationCaList,
webauthn: &Webauthn,
) -> Result<Self, ()> {
if wan.is_empty() {
security_info!("Account does not have any attested passkeys");
return Err(());
};
let pks: Vec<_> = wan.values().map(|(_, k)| k).cloned().collect();
let creds: BTreeMap<_, _> = wan.iter().map(|(u, (_, k))| (k.clone(), *u)).collect();
webauthn
.start_attested_passkey_authentication(&pks)
.map(|(chal, wan_state)| CredHandler::AttestedPasskey {
c_wan: CredAttestedPasskey {
chal,
wan_state,
state: CredVerifyState::Init,
},
att_ca_list: att_ca_list.clone(),
creds,
})
.map_err(|e| {
security_info!(
?e,
"Unable to create attested passkey webauthn authentication challenge"
);
// maps to unit.
})
}
fn build_from_single_attested_pk(
cred_id: Uuid,
pk: &AttestedPasskeyV4,
att_ca_list: &AttestationCaList,
webauthn: &Webauthn,
) -> Result<Self, ()> {
let creds = btreemap!((pk.clone(), cred_id));
let pks = vec![pk.clone()];
webauthn
.start_attested_passkey_authentication(pks.as_slice())
.map(|(chal, wan_state)| CredHandler::AttestedPasskey {
c_wan: CredAttestedPasskey {
chal,
wan_state,
state: CredVerifyState::Init,
},
att_ca_list: att_ca_list.clone(),
creds,
})
.map_err(|e| {
security_info!(
?e,
"Unable to create attested passkey webauthn authentication challenge"
);
// maps to unit.
})
}
/// Determine if this password factor requires an upgrade of it's cryptographic type. If /// Determine if this password factor requires an upgrade of it's cryptographic type. If
/// so, send an asynchronous event into the queue that will allow the password to have it's /// so, send an asynchronous event into the queue that will allow the password to have it's
/// content upgraded later. /// content upgraded later.
@ -527,10 +605,10 @@ impl CredHandler {
// end CredHandler::PasswordMfa // end CredHandler::PasswordMfa
/// Validate a webauthn authentication attempt /// Validate a webauthn authentication attempt
pub fn validate_webauthn( pub fn validate_passkey(
cred: &AuthCredential, cred: &AuthCredential,
cred_ids: &BTreeMap<CredentialID, Uuid>, cred_ids: &BTreeMap<CredentialID, Uuid>,
wan_cred: &mut CredWebauthn, wan_cred: &mut CredPasskey,
webauthn: &Webauthn, webauthn: &Webauthn,
who: Uuid, who: Uuid,
async_tx: &Sender<DelayedAction>, async_tx: &Sender<DelayedAction>,
@ -591,6 +669,82 @@ impl CredHandler {
} }
} }
/// Validate a webauthn authentication attempt
pub fn validate_attested_passkey(
cred: &AuthCredential,
creds: &BTreeMap<AttestedPasskeyV4, Uuid>,
wan_cred: &mut CredAttestedPasskey,
webauthn: &Webauthn,
who: Uuid,
async_tx: &Sender<DelayedAction>,
att_ca_list: &AttestationCaList,
) -> CredState {
if wan_cred.state != CredVerifyState::Init {
security_error!("Handler::Webauthn -> Result::Denied - Internal State Already Fail");
return CredState::Denied(BAD_WEBAUTHN_MSG);
}
match cred {
AuthCredential::Passkey(resp) => {
// lets see how we go.
match webauthn.finish_attested_passkey_authentication(resp, &wan_cred.wan_state) {
Ok(auth_result) => {
if let Some((apk, cred_id)) = creds.get_key_value(auth_result.cred_id()) {
// Verify attestation of the key.
if let Err(webauthn_err) = apk.verify_attestation(att_ca_list) {
wan_cred.state = CredVerifyState::Fail;
// Denied.
debug!(?webauthn_err);
security_error!("Handler::Webauthn -> Result::Denied - webauthn credential fails attestation");
return CredState::Denied(BAD_ACCOUNT_POLICY);
}
wan_cred.state = CredVerifyState::Success;
// Success. Determine if we need to update the counter
// async from r.
if auth_result.needs_update() {
// Do async
if let Err(_e) =
async_tx.send(DelayedAction::WebauthnCounterIncrement(
WebauthnCounterIncrement {
target_uuid: who,
auth_result,
},
))
{
admin_warn!("unable to queue delayed webauthn property update, continuing ... ");
};
};
CredState::Success {
auth_type: AuthType::AttestedPasskey,
cred_id: *cred_id,
}
} else {
wan_cred.state = CredVerifyState::Fail;
// Denied.
security_error!("Handler::Webauthn -> Result::Denied - webauthn credential id not found");
CredState::Denied(BAD_WEBAUTHN_MSG)
}
}
Err(e) => {
wan_cred.state = CredVerifyState::Fail;
// Denied.
security_error!(?e, "Handler::Webauthn -> Result::Denied - webauthn error");
CredState::Denied(BAD_WEBAUTHN_MSG)
}
}
}
_ => {
security_error!(
"Handler::Webauthn -> Result::Denied - invalid cred type for handler"
);
CredState::Denied(BAD_AUTH_TYPE_MSG)
}
}
}
#[allow(clippy::too_many_arguments)] #[allow(clippy::too_many_arguments)]
/// Given the current handler, proceed to authenticate the attempted credential step. /// Given the current handler, proceed to authenticate the attempted credential step.
pub fn validate( pub fn validate(
@ -633,7 +787,20 @@ impl CredHandler {
CredHandler::Passkey { CredHandler::Passkey {
ref mut c_wan, ref mut c_wan,
cred_ids, cred_ids,
} => Self::validate_webauthn(cred, cred_ids, c_wan, webauthn, who, async_tx), } => Self::validate_passkey(cred, cred_ids, c_wan, webauthn, who, async_tx),
CredHandler::AttestedPasskey {
ref mut c_wan,
ref att_ca_list,
creds,
} => Self::validate_attested_passkey(
cred,
creds,
c_wan,
webauthn,
who,
async_tx,
att_ca_list,
),
} }
} }
@ -659,6 +826,9 @@ impl CredHandler {
) )
.collect(), .collect(),
CredHandler::Passkey { c_wan, .. } => vec![AuthAllowed::Passkey(c_wan.chal.clone())], CredHandler::Passkey { c_wan, .. } => vec![AuthAllowed::Passkey(c_wan.chal.clone())],
CredHandler::AttestedPasskey { c_wan, .. } => {
vec![AuthAllowed::Passkey(c_wan.chal.clone())]
}
} }
} }
@ -668,7 +838,8 @@ impl CredHandler {
(CredHandler::Anonymous { .. }, AuthMech::Anonymous) (CredHandler::Anonymous { .. }, AuthMech::Anonymous)
| (CredHandler::Password { .. }, AuthMech::Password) | (CredHandler::Password { .. }, AuthMech::Password)
| (CredHandler::PasswordMfa { .. }, AuthMech::PasswordMfa) | (CredHandler::PasswordMfa { .. }, AuthMech::PasswordMfa)
| (CredHandler::Passkey { .. }, AuthMech::Passkey) => true, | (CredHandler::Passkey { .. }, AuthMech::Passkey)
| (CredHandler::AttestedPasskey { .. }, AuthMech::Passkey) => true,
(_, _) => false, (_, _) => false,
} }
} }
@ -679,6 +850,7 @@ impl CredHandler {
CredHandler::Password { .. } => AuthMech::Password, CredHandler::Password { .. } => AuthMech::Password,
CredHandler::PasswordMfa { .. } => AuthMech::PasswordMfa, CredHandler::PasswordMfa { .. } => AuthMech::PasswordMfa,
CredHandler::Passkey { .. } => AuthMech::Passkey, CredHandler::Passkey { .. } => AuthMech::Passkey,
CredHandler::AttestedPasskey { .. } => AuthMech::Passkey,
} }
} }
} }
@ -767,9 +939,13 @@ impl AuthSession {
// What's valid to use in this context? // What's valid to use in this context?
let mut handlers = Vec::new(); let mut handlers = Vec::new();
// TODO: We can't yet fully enforce account policy on auth, there is a bit of work
// to do to be able to check for pw / mfa etc.
// A possible gotcha is service accounts which can't be affected by these policies?
// let cred_type_min = asd.account_policy.credential_policy();
if let Some(cred) = &asd.account.primary { if let Some(cred) = &asd.account.primary {
// TODO: Make it possible to have multiple creds.
// Probably means new authsession has to be failable
if let Ok(ch) = CredHandler::try_from((cred, asd.webauthn)) { if let Ok(ch) = CredHandler::try_from((cred, asd.webauthn)) {
handlers.push(ch); handlers.push(ch);
} else { } else {
@ -779,8 +955,33 @@ impl AuthSession {
} }
} }
if let Ok(ch) = CredHandler::try_from((&asd.account.passkeys, asd.webauthn)) { // Important - if attested is present, don't use passkeys
handlers.push(ch); if let Some(att_ca_list) = asd.account_policy.webauthn_attestation_ca_list() {
if let Ok(ch) = CredHandler::build_from_set_attested_pk(
&asd.account.attested_passkeys,
att_ca_list,
asd.webauthn,
) {
handlers.push(ch);
}
} else {
let credential_iter = asd
.account
.passkeys
.iter()
.map(|(u, (_, pk))| (*u, pk.clone()))
.chain(
asd.account
.attested_passkeys
.iter()
.map(|(u, (_, pk))| (*u, pk.into())),
);
if let Ok(ch) =
CredHandler::build_from_set_passkey(credential_iter, asd.webauthn)
{
handlers.push(ch);
}
}; };
if let Some(non_empty_handlers) = NonEmpty::collect(handlers) { if let Some(non_empty_handlers) = NonEmpty::collect(handlers) {
@ -847,6 +1048,9 @@ impl AuthSession {
// Do we need to double check for anon here? I don't think so since the // Do we need to double check for anon here? I don't think so since the
// anon cred_id won't ever exist on an account. // anon cred_id won't ever exist on an account.
// We can't yet fully enforce account policy on auth, there is a bit of work
// to do to be able to check the credential types match what we expect.
let mut cred_handler = None; let mut cred_handler = None;
if let Some(primary) = asd.account.primary.as_ref() { if let Some(primary) = asd.account.primary.as_ref() {
@ -863,13 +1067,51 @@ impl AuthSession {
} }
} }
if let Some(pk) = asd.account.passkeys.get(&cred_id).map(|(_, pk)| pk) { // Do we have an attestation ca list? If so, we only accept attested
if let Ok(ch) = CredHandler::try_from((cred_id, pk, asd.webauthn)) { // passkeys.
// Update it. if let Some(att_ca_list) = asd.account_policy.webauthn_attestation_ca_list() {
debug_assert!(cred_handler.is_none()); if let Some(pk) = asd
cred_handler = Some(ch); .account
} else { .attested_passkeys
security_critical!("corrupt credentials, unable to start primary credhandler"); .get(&cred_id)
.map(|(_, pk)| pk)
{
if let Ok(ch) = CredHandler::build_from_single_attested_pk(
cred_id,
pk,
att_ca_list,
asd.webauthn,
) {
// Update it.
debug_assert!(cred_handler.is_none());
cred_handler = Some(ch);
} else {
security_critical!(
"corrupt credentials, unable to start attested passkey credhandler"
);
}
}
} else {
// Scan both attested and passkeys for the possible credential.
let maybe_pk: Option<PasskeyV4> = asd
.account
.attested_passkeys
.get(&cred_id)
.map(|(_, apk)| apk.into())
.or_else(|| asd.account.passkeys.get(&cred_id).map(|(_, pk)| pk.clone()));
if let Some(pk) = maybe_pk {
if let Ok(ch) =
CredHandler::build_from_single_passkey(cred_id, pk, asd.webauthn)
{
// Update it.
debug_assert!(cred_handler.is_none());
cred_handler = Some(ch);
} else {
security_critical!(
"corrupt credentials, unable to start passkey credhandler"
);
}
} }
} }
@ -932,7 +1174,8 @@ impl AuthSession {
Ok(Some(*cred_id)) Ok(Some(*cred_id))
} }
AuthSessionState::InProgress(CredHandler::Anonymous { .. }) AuthSessionState::InProgress(CredHandler::Anonymous { .. })
| AuthSessionState::InProgress(CredHandler::Passkey { .. }) => Ok(None), | AuthSessionState::InProgress(CredHandler::Passkey { .. })
| AuthSessionState::InProgress(CredHandler::AttestedPasskey { .. }) => Ok(None),
_ => Err(OperationError::InvalidState), _ => Err(OperationError::InvalidState),
} }
} }
@ -1126,7 +1369,10 @@ impl AuthSession {
let scope = match auth_type { let scope = match auth_type {
AuthType::Anonymous => SessionScope::ReadOnly, AuthType::Anonymous => SessionScope::ReadOnly,
AuthType::GeneratedPassword => SessionScope::ReadWrite, AuthType::GeneratedPassword => SessionScope::ReadWrite,
AuthType::Password | AuthType::PasswordMfa | AuthType::Passkey => { AuthType::Password
| AuthType::PasswordMfa
| AuthType::Passkey
| AuthType::AttestedPasskey => {
if privileged { if privileged {
SessionScope::ReadWrite SessionScope::ReadWrite
} else { } else {
@ -1161,7 +1407,8 @@ impl AuthSession {
AuthType::Password AuthType::Password
| AuthType::GeneratedPassword | AuthType::GeneratedPassword
| AuthType::PasswordMfa | AuthType::PasswordMfa
| AuthType::Passkey => { | AuthType::Passkey
| AuthType::AttestedPasskey => {
trace!("⚠️ Queued AuthSessionRecord for {}", self.account.uuid); trace!("⚠️ Queued AuthSessionRecord for {}", self.account.uuid);
async_tx.send(DelayedAction::AuthSessionRecord(AuthSessionRecord { async_tx.send(DelayedAction::AuthSessionRecord(AuthSessionRecord {
target_uuid: self.account.uuid, target_uuid: self.account.uuid,
@ -1194,9 +1441,10 @@ impl AuthSession {
error!("AuthType used in Reauth is not valid for session re-issuance. Rejecting"); error!("AuthType used in Reauth is not valid for session re-issuance. Rejecting");
return Err(OperationError::InvalidState); return Err(OperationError::InvalidState);
} }
AuthType::Password | AuthType::PasswordMfa | AuthType::Passkey => { AuthType::Password
SessionScope::PrivilegeCapable | AuthType::PasswordMfa
} | AuthType::Passkey
| AuthType::AttestedPasskey => SessionScope::PrivilegeCapable,
}; };
let uat = self let uat = self

858
server/lib/src/idm/credupdatesession.rs
View file

File diff suppressed because it is too large Load diff

1
server/lib/src/plugins/protected.rs
View file

@ -36,6 +36,7 @@ lazy_static! {
m.insert(Attribute::AuthSessionExpiry); m.insert(Attribute::AuthSessionExpiry);
m.insert(Attribute::PrivilegeExpiry); m.insert(Attribute::PrivilegeExpiry);
m.insert(Attribute::CredentialTypeMinimum); m.insert(Attribute::CredentialTypeMinimum);
m.insert(Attribute::WebauthnAttestationCaList);
m m
}; };
} }

7
server/lib/src/plugins/session.rs
View file

@ -64,7 +64,12 @@ impl SessionConsistency {
.chain( .chain(
entry.get_ava_passkeys(Attribute::PassKeys) entry.get_ava_passkeys(Attribute::PassKeys)
.iter() .iter()
.flat_map(|pks| pks.keys().copied() ) .flat_map(|pks| pks.keys().copied())
)
.chain(
entry.get_ava_attestedpasskeys(Attribute::AttestedPasskeys)
.iter()
.flat_map(|pks| pks.keys().copied())
) )
.collect(); .collect();

22
server/lib/src/repl/proto.rs
View file

@ -11,7 +11,8 @@ use serde::{Deserialize, Serialize};
use std::collections::{BTreeMap, BTreeSet}; use std::collections::{BTreeMap, BTreeSet};
use webauthn_rs::prelude::{ use webauthn_rs::prelude::{
AttestedPasskey as DeviceKeyV4, Passkey as PasskeyV4, SecurityKey as SecurityKeyV4, AttestationCaList, AttestedPasskey as AttestedPasskeyV4, Passkey as PasskeyV4,
SecurityKey as SecurityKeyV4,
}; };
// Re-export this for our own usage. // Re-export this for our own usage.
@ -156,6 +157,8 @@ pub enum ReplIntentTokenV1 {
#[serde(default)] #[serde(default)]
passkeys_can_edit: bool, passkeys_can_edit: bool,
#[serde(default)] #[serde(default)]
attested_passkeys_can_edit: bool,
#[serde(default)]
unixcred_can_edit: bool, unixcred_can_edit: bool,
#[serde(default)] #[serde(default)]
sshpubkey_can_edit: bool, sshpubkey_can_edit: bool,
@ -172,6 +175,8 @@ pub enum ReplIntentTokenV1 {
#[serde(default)] #[serde(default)]
passkeys_can_edit: bool, passkeys_can_edit: bool,
#[serde(default)] #[serde(default)]
attested_passkeys_can_edit: bool,
#[serde(default)]
unixcred_can_edit: bool, unixcred_can_edit: bool,
#[serde(default)] #[serde(default)]
sshpubkey_can_edit: bool, sshpubkey_can_edit: bool,
@ -212,15 +217,15 @@ impl PartialEq for ReplPasskeyV4V1 {
} }
#[derive(Serialize, Deserialize, Debug, Clone)] #[derive(Serialize, Deserialize, Debug, Clone)]
pub struct ReplDeviceKeyV4V1 { pub struct ReplAttestedPasskeyV4V1 {
pub uuid: Uuid, pub uuid: Uuid,
pub tag: String, pub tag: String,
pub key: DeviceKeyV4, pub key: AttestedPasskeyV4,
} }
impl Eq for ReplDeviceKeyV4V1 {} impl Eq for ReplAttestedPasskeyV4V1 {}
impl PartialEq for ReplDeviceKeyV4V1 { impl PartialEq for ReplAttestedPasskeyV4V1 {
fn eq(&self, other: &Self) -> bool { fn eq(&self, other: &Self) -> bool {
self.uuid == other.uuid && self.key.cred_id() == other.key.cred_id() self.uuid == other.uuid && self.key.cred_id() == other.key.cred_id()
} }
@ -325,8 +330,8 @@ pub enum ReplAttrV1 {
Passkey { Passkey {
set: Vec<ReplPasskeyV4V1>, set: Vec<ReplPasskeyV4V1>,
}, },
DeviceKey { AttestedPasskey {
set: Vec<ReplDeviceKeyV4V1>, set: Vec<ReplAttestedPasskeyV4V1>,
}, },
DateTime { DateTime {
set: Vec<String>, set: Vec<String>,
@ -415,6 +420,9 @@ pub enum ReplAttrV1 {
CredentialType { CredentialType {
set: Vec<u16>, set: Vec<u16>,
}, },
WebauthnAttestationCaList {
ca_list: AttestationCaList,
},
} }
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)] #[derive(Serialize, Deserialize, Debug, PartialEq, Eq)]

8
server/lib/src/schema.rs
View file

@ -216,7 +216,7 @@ impl SchemaAttribute {
SyntaxType::PrivateBinary => matches!(v, PartialValue::PrivateBinary), SyntaxType::PrivateBinary => matches!(v, PartialValue::PrivateBinary),
SyntaxType::IntentToken => matches!(v, PartialValue::IntentToken(_)), SyntaxType::IntentToken => matches!(v, PartialValue::IntentToken(_)),
SyntaxType::Passkey => matches!(v, PartialValue::Passkey(_)), SyntaxType::Passkey => matches!(v, PartialValue::Passkey(_)),
SyntaxType::DeviceKey => matches!(v, PartialValue::DeviceKey(_)), SyntaxType::AttestedPasskey => matches!(v, PartialValue::AttestedPasskey(_)),
// Allow refer types. // Allow refer types.
SyntaxType::Session => matches!(v, PartialValue::Refer(_)), SyntaxType::Session => matches!(v, PartialValue::Refer(_)),
SyntaxType::ApiToken => matches!(v, PartialValue::Refer(_)), SyntaxType::ApiToken => matches!(v, PartialValue::Refer(_)),
@ -231,6 +231,7 @@ impl SchemaAttribute {
SyntaxType::AuditLogString => matches!(v, PartialValue::Utf8(_)), SyntaxType::AuditLogString => matches!(v, PartialValue::Utf8(_)),
SyntaxType::Image => matches!(v, PartialValue::Utf8(_)), SyntaxType::Image => matches!(v, PartialValue::Utf8(_)),
SyntaxType::CredentialType => matches!(v, PartialValue::CredentialType(_)), SyntaxType::CredentialType => matches!(v, PartialValue::CredentialType(_)),
SyntaxType::WebauthnAttestationCaList => false,
}; };
if r { if r {
Ok(()) Ok(())
@ -272,7 +273,7 @@ impl SchemaAttribute {
SyntaxType::PrivateBinary => matches!(v, Value::PrivateBinary(_)), SyntaxType::PrivateBinary => matches!(v, Value::PrivateBinary(_)),
SyntaxType::IntentToken => matches!(v, Value::IntentToken(_, _)), SyntaxType::IntentToken => matches!(v, Value::IntentToken(_, _)),
SyntaxType::Passkey => matches!(v, Value::Passkey(_, _, _)), SyntaxType::Passkey => matches!(v, Value::Passkey(_, _, _)),
SyntaxType::DeviceKey => matches!(v, Value::DeviceKey(_, _, _)), SyntaxType::AttestedPasskey => matches!(v, Value::AttestedPasskey(_, _, _)),
SyntaxType::Session => matches!(v, Value::Session(_, _)), SyntaxType::Session => matches!(v, Value::Session(_, _)),
SyntaxType::ApiToken => matches!(v, Value::ApiToken(_, _)), SyntaxType::ApiToken => matches!(v, Value::ApiToken(_, _)),
SyntaxType::Oauth2Session => matches!(v, Value::Oauth2Session(_, _)), SyntaxType::Oauth2Session => matches!(v, Value::Oauth2Session(_, _)),
@ -284,6 +285,9 @@ impl SchemaAttribute {
SyntaxType::EcKeyPrivate => matches!(v, Value::EcKeyPrivate(_)), SyntaxType::EcKeyPrivate => matches!(v, Value::EcKeyPrivate(_)),
SyntaxType::Image => matches!(v, Value::Image(_)), SyntaxType::Image => matches!(v, Value::Image(_)),
SyntaxType::CredentialType => matches!(v, Value::CredentialType(_)), SyntaxType::CredentialType => matches!(v, Value::CredentialType(_)),
SyntaxType::WebauthnAttestationCaList => {
matches!(v, Value::WebauthnAttestationCaList(_))
}
}; };
if r { if r {
Ok(()) Ok(())

3
server/lib/src/server/migrations.rs
View file

@ -566,7 +566,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH.clone().into(), SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH.clone().into(),
SCHEMA_ATTR_BADLIST_PASSWORD.clone().into(), SCHEMA_ATTR_BADLIST_PASSWORD.clone().into(),
SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN.clone().into(), SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN.clone().into(),
SCHEMA_ATTR_DEVICEKEYS.clone().into(), SCHEMA_ATTR_ATTESTED_PASSKEYS.clone().into(),
SCHEMA_ATTR_DISPLAYNAME.clone().into(), SCHEMA_ATTR_DISPLAYNAME.clone().into(),
SCHEMA_ATTR_DOMAIN_DISPLAY_NAME.clone().into(), SCHEMA_ATTR_DOMAIN_DISPLAY_NAME.clone().into(),
SCHEMA_ATTR_DOMAIN_LDAP_BASEDN.clone().into(), SCHEMA_ATTR_DOMAIN_LDAP_BASEDN.clone().into(),
@ -613,6 +613,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION.clone().into(), SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION.clone().into(),
SCHEMA_ATTR_DENIED_NAME.clone().into(), SCHEMA_ATTR_DENIED_NAME.clone().into(),
SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM.clone().into(), SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM.clone().into(),
SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST.clone().into(),
]; ];
let r = idm_schema let r = idm_schema

18
server/lib/src/server/mod.rs
View file

@ -577,11 +577,13 @@ pub trait QueryServerTransaction<'a> {
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Url (whatwg/url) syntax".to_string())), .ok_or_else(|| OperationError::InvalidAttribute("Invalid Url (whatwg/url) syntax".to_string())),
SyntaxType::OauthScope => Value::new_oauthscope(value) SyntaxType::OauthScope => Value::new_oauthscope(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Oauth Scope syntax".to_string())), .ok_or_else(|| OperationError::InvalidAttribute("Invalid Oauth Scope syntax".to_string())),
SyntaxType::WebauthnAttestationCaList => Value::new_webauthn_attestation_ca_list(value)
.ok_or_else(|| OperationError::InvalidAttribute("Invalid Webauthn Attestation CA List".to_string())),
SyntaxType::OauthScopeMap => Err(OperationError::InvalidAttribute("Oauth Scope Maps can not be supplied through modification - please use the IDM api".to_string())), SyntaxType::OauthScopeMap => Err(OperationError::InvalidAttribute("Oauth Scope Maps can not be supplied through modification - please use the IDM api".to_string())),
SyntaxType::PrivateBinary => Err(OperationError::InvalidAttribute("Private Binary Values can not be supplied through modification".to_string())), SyntaxType::PrivateBinary => Err(OperationError::InvalidAttribute("Private Binary Values can not be supplied through modification".to_string())),
SyntaxType::IntentToken => Err(OperationError::InvalidAttribute("Intent Token Values can not be supplied through modification".to_string())), SyntaxType::IntentToken => Err(OperationError::InvalidAttribute("Intent Token Values can not be supplied through modification".to_string())),
SyntaxType::Passkey => Err(OperationError::InvalidAttribute("Passkey Values can not be supplied through modification".to_string())), SyntaxType::Passkey => Err(OperationError::InvalidAttribute("Passkey Values can not be supplied through modification".to_string())),
SyntaxType::DeviceKey => Err(OperationError::InvalidAttribute("DeviceKey Values can not be supplied through modification".to_string())), SyntaxType::AttestedPasskey => Err(OperationError::InvalidAttribute("AttestedPasskey Values can not be supplied through modification".to_string())),
SyntaxType::Session => Err(OperationError::InvalidAttribute("Session Values can not be supplied through modification".to_string())), SyntaxType::Session => Err(OperationError::InvalidAttribute("Session Values can not be supplied through modification".to_string())),
SyntaxType::ApiToken => Err(OperationError::InvalidAttribute("ApiToken Values can not be supplied through modification".to_string())), SyntaxType::ApiToken => Err(OperationError::InvalidAttribute("ApiToken Values can not be supplied through modification".to_string())),
SyntaxType::JwsKeyEs256 => Err(OperationError::InvalidAttribute("JwsKeyEs256 Values can not be supplied through modification".to_string())), SyntaxType::JwsKeyEs256 => Err(OperationError::InvalidAttribute("JwsKeyEs256 Values can not be supplied through modification".to_string())),
@ -634,7 +636,7 @@ pub trait QueryServerTransaction<'a> {
.map(PartialValue::CredentialType) .map(PartialValue::CredentialType)
.map_err(|()| { .map_err(|()| {
OperationError::InvalidAttribute( OperationError::InvalidAttribute(
"Invalid CredentialType syntax".to_string(), "Invalid credentialtype syntax".to_string(),
) )
}), }),
SyntaxType::Uuid => { SyntaxType::Uuid => {
@ -694,13 +696,12 @@ pub trait QueryServerTransaction<'a> {
SyntaxType::Passkey => PartialValue::new_passkey_s(value).ok_or_else(|| { SyntaxType::Passkey => PartialValue::new_passkey_s(value).ok_or_else(|| {
OperationError::InvalidAttribute("Invalid Passkey UUID syntax".to_string()) OperationError::InvalidAttribute("Invalid Passkey UUID syntax".to_string())
}), }),
SyntaxType::DeviceKey => { SyntaxType::AttestedPasskey => PartialValue::new_attested_passkey_s(value)
PartialValue::new_devicekey_s(value).ok_or_else(|| { .ok_or_else(|| {
OperationError::InvalidAttribute( OperationError::InvalidAttribute(
"Invalid DeviceKey UUID syntax".to_string(), "Invalid AttestedPasskey UUID syntax".to_string(),
) )
}) }),
}
SyntaxType::UiHint => UiHint::from_str(value) SyntaxType::UiHint => UiHint::from_str(value)
.map(PartialValue::UiHint) .map(PartialValue::UiHint)
.map_err(|()| { .map_err(|()| {
@ -709,6 +710,9 @@ pub trait QueryServerTransaction<'a> {
SyntaxType::AuditLogString => Ok(PartialValue::new_utf8s(value)), SyntaxType::AuditLogString => Ok(PartialValue::new_utf8s(value)),
SyntaxType::EcKeyPrivate => Ok(PartialValue::SecretValue), SyntaxType::EcKeyPrivate => Ok(PartialValue::SecretValue),
SyntaxType::Image => Ok(PartialValue::new_utf8s(value)), SyntaxType::Image => Ok(PartialValue::new_utf8s(value)),
SyntaxType::WebauthnAttestationCaList => Err(OperationError::InvalidAttribute(
"Invalid - unable to query attestation CA list".to_string(),
)),
} }
} }
None => { None => {

39
server/lib/src/value.rs
View file

@ -27,7 +27,9 @@ use sshkey_attest::proto::PublicKey as SshPublicKey;
use time::OffsetDateTime; use time::OffsetDateTime;
use url::Url; use url::Url;
use uuid::Uuid; use uuid::Uuid;
use webauthn_rs::prelude::{AttestedPasskey as DeviceKeyV4, Passkey as PasskeyV4}; use webauthn_rs::prelude::{
AttestationCaList, AttestedPasskey as AttestedPasskeyV4, Passkey as PasskeyV4,
};
use crate::be::dbentry::DbIdentSpn; use crate::be::dbentry::DbIdentSpn;
use crate::credential::{totp::Totp, Credential}; use crate::credential::{totp::Totp, Credential};
@ -124,6 +126,7 @@ pub struct CredUpdateSessionPerms {
pub ext_cred_portal_can_view: bool, pub ext_cred_portal_can_view: bool,
pub primary_can_edit: bool, pub primary_can_edit: bool,
pub passkeys_can_edit: bool, pub passkeys_can_edit: bool,
pub attested_passkeys_can_edit: bool,
pub unixcred_can_edit: bool, pub unixcred_can_edit: bool,
pub sshpubkey_can_edit: bool, pub sshpubkey_can_edit: bool,
} }
@ -248,7 +251,7 @@ pub enum SyntaxType {
PrivateBinary = 21, PrivateBinary = 21,
IntentToken = 22, IntentToken = 22,
Passkey = 23, Passkey = 23,
DeviceKey = 24, AttestedPasskey = 24,
Session = 25, Session = 25,
JwsKeyEs256 = 26, JwsKeyEs256 = 26,
JwsKeyRs256 = 27, JwsKeyRs256 = 27,
@ -260,6 +263,7 @@ pub enum SyntaxType {
EcKeyPrivate = 33, EcKeyPrivate = 33,
Image = 34, Image = 34,
CredentialType = 35, CredentialType = 35,
WebauthnAttestationCaList = 36,
} }
impl TryFrom<&str> for SyntaxType { impl TryFrom<&str> for SyntaxType {
@ -293,7 +297,7 @@ impl TryFrom<&str> for SyntaxType {
"PRIVATE_BINARY" => Ok(SyntaxType::PrivateBinary), "PRIVATE_BINARY" => Ok(SyntaxType::PrivateBinary),
"INTENT_TOKEN" => Ok(SyntaxType::IntentToken), "INTENT_TOKEN" => Ok(SyntaxType::IntentToken),
"PASSKEY" => Ok(SyntaxType::Passkey), "PASSKEY" => Ok(SyntaxType::Passkey),
"DEVICEKEY" => Ok(SyntaxType::DeviceKey), "ATTESTED_PASSKEY" => Ok(SyntaxType::AttestedPasskey),
"SESSION" => Ok(SyntaxType::Session), "SESSION" => Ok(SyntaxType::Session),
"JWS_KEY_ES256" => Ok(SyntaxType::JwsKeyEs256), "JWS_KEY_ES256" => Ok(SyntaxType::JwsKeyEs256),
"JWS_KEY_RS256" => Ok(SyntaxType::JwsKeyRs256), "JWS_KEY_RS256" => Ok(SyntaxType::JwsKeyRs256),
@ -304,6 +308,7 @@ impl TryFrom<&str> for SyntaxType {
"AUDIT_LOG_STRING" => Ok(SyntaxType::AuditLogString), "AUDIT_LOG_STRING" => Ok(SyntaxType::AuditLogString),
"EC_KEY_PRIVATE" => Ok(SyntaxType::EcKeyPrivate), "EC_KEY_PRIVATE" => Ok(SyntaxType::EcKeyPrivate),
"CREDENTIAL_TYPE" => Ok(SyntaxType::CredentialType), "CREDENTIAL_TYPE" => Ok(SyntaxType::CredentialType),
"WEBAUTHN_ATTESTATION_CA_LIST" => Ok(SyntaxType::WebauthnAttestationCaList),
_ => Err(()), _ => Err(()),
} }
} }
@ -336,7 +341,7 @@ impl fmt::Display for SyntaxType {
SyntaxType::PrivateBinary => "PRIVATE_BINARY", SyntaxType::PrivateBinary => "PRIVATE_BINARY",
SyntaxType::IntentToken => "INTENT_TOKEN", SyntaxType::IntentToken => "INTENT_TOKEN",
SyntaxType::Passkey => "PASSKEY", SyntaxType::Passkey => "PASSKEY",
SyntaxType::DeviceKey => "DEVICEKEY", SyntaxType::AttestedPasskey => "ATTESTED_PASSKEY",
SyntaxType::Session => "SESSION", SyntaxType::Session => "SESSION",
SyntaxType::JwsKeyEs256 => "JWS_KEY_ES256", SyntaxType::JwsKeyEs256 => "JWS_KEY_ES256",
SyntaxType::JwsKeyRs256 => "JWS_KEY_RS256", SyntaxType::JwsKeyRs256 => "JWS_KEY_RS256",
@ -348,6 +353,7 @@ impl fmt::Display for SyntaxType {
SyntaxType::EcKeyPrivate => "EC_KEY_PRIVATE", SyntaxType::EcKeyPrivate => "EC_KEY_PRIVATE",
SyntaxType::Image => "IMAGE", SyntaxType::Image => "IMAGE",
SyntaxType::CredentialType => "CREDENTIAL_TYPE", SyntaxType::CredentialType => "CREDENTIAL_TYPE",
SyntaxType::WebauthnAttestationCaList => "WEBAUTHN_ATTESTATION_CA_LIST",
}) })
} }
} }
@ -461,7 +467,7 @@ pub enum PartialValue {
IntentToken(String), IntentToken(String),
UiHint(UiHint), UiHint(UiHint),
Passkey(Uuid), Passkey(Uuid),
DeviceKey(Uuid), AttestedPasskey(Uuid),
/// We compare on the value hash /// We compare on the value hash
Image(String), Image(String),
CredentialType(CredentialType), CredentialType(CredentialType),
@ -776,8 +782,8 @@ impl PartialValue {
Uuid::parse_str(us).map(PartialValue::Passkey).ok() Uuid::parse_str(us).map(PartialValue::Passkey).ok()
} }
pub fn new_devicekey_s(us: &str) -> Option<Self> { pub fn new_attested_passkey_s(us: &str) -> Option<Self> {
Uuid::parse_str(us).map(PartialValue::DeviceKey).ok() Uuid::parse_str(us).map(PartialValue::AttestedPasskey).ok()
} }
pub fn new_image(input: &str) -> Self { pub fn new_image(input: &str) -> Self {
@ -809,7 +815,7 @@ impl PartialValue {
| PartialValue::EmailAddress(s) | PartialValue::EmailAddress(s)
| PartialValue::RestrictedString(s) => s.clone(), | PartialValue::RestrictedString(s) => s.clone(),
PartialValue::Passkey(u) PartialValue::Passkey(u)
| PartialValue::DeviceKey(u) | PartialValue::AttestedPasskey(u)
| PartialValue::Refer(u) | PartialValue::Refer(u)
| PartialValue::Uuid(u) => u.as_hyphenated().to_string(), | PartialValue::Uuid(u) => u.as_hyphenated().to_string(),
PartialValue::Bool(b) => b.to_string(), PartialValue::Bool(b) => b.to_string(),
@ -1023,7 +1029,7 @@ pub enum Value {
RestrictedString(String), RestrictedString(String),
IntentToken(String, IntentTokenState), IntentToken(String, IntentTokenState),
Passkey(Uuid, String, PasskeyV4), Passkey(Uuid, String, PasskeyV4),
DeviceKey(Uuid, String, DeviceKeyV4), AttestedPasskey(Uuid, String, AttestedPasskeyV4),
Session(Uuid, Session), Session(Uuid, Session),
ApiToken(Uuid, ApiToken), ApiToken(Uuid, ApiToken),
@ -1039,6 +1045,7 @@ pub enum Value {
Image(ImageValue), Image(ImageValue),
CredentialType(CredentialType), CredentialType(CredentialType),
WebauthnAttestationCaList(AttestationCaList),
} }
impl PartialEq for Value { impl PartialEq for Value {
@ -1538,6 +1545,15 @@ impl Value {
Value::RestrictedString(s) Value::RestrictedString(s)
} }
pub fn new_webauthn_attestation_ca_list(s: &str) -> Option<Self> {
serde_json::from_str(s)
.map(Value::WebauthnAttestationCaList)
.map_err(|err| {
debug!(?err, ?s);
})
.ok()
}
#[allow(clippy::unreachable)] #[allow(clippy::unreachable)]
pub(crate) fn to_db_ident_spn(&self) -> DbIdentSpn { pub(crate) fn to_db_ident_spn(&self) -> DbIdentSpn {
// This has to clone due to how the backend works. // This has to clone due to how the backend works.
@ -1788,7 +1804,7 @@ impl Value {
| Value::PublicBinary(s, _) | Value::PublicBinary(s, _)
| Value::IntentToken(s, _) | Value::IntentToken(s, _)
| Value::Passkey(_, s, _) | Value::Passkey(_, s, _)
| Value::DeviceKey(_, s, _) | Value::AttestedPasskey(_, s, _)
| Value::TotpSecret(s, _) => { | Value::TotpSecret(s, _) => {
Value::validate_str_escapes(s) && Value::validate_singleline(s) Value::validate_str_escapes(s) && Value::validate_singleline(s)
} }
@ -1846,7 +1862,8 @@ impl Value {
| Value::JwsKeyRs256(_) | Value::JwsKeyRs256(_)
| Value::EcKeyPrivate(_) | Value::EcKeyPrivate(_)
| Value::UiHint(_) | Value::UiHint(_)
| Value::CredentialType(_) => true, | Value::CredentialType(_)
| Value::WebauthnAttestationCaList(_) => true,
} }
} }

256
server/lib/src/valueset/cred.rs
View file

@ -2,15 +2,17 @@ use smolset::SmolSet;
use std::collections::btree_map::Entry as BTreeEntry; use std::collections::btree_map::Entry as BTreeEntry;
use std::collections::BTreeMap; use std::collections::BTreeMap;
use webauthn_rs::prelude::{AttestedPasskey as DeviceKeyV4, Passkey as PasskeyV4}; use webauthn_rs::prelude::{
AttestationCaList, AttestedPasskey as AttestedPasskeyV4, Passkey as PasskeyV4,
};
use crate::be::dbvalue::{ use crate::be::dbvalue::{
DbValueCredV1, DbValueDeviceKeyV1, DbValueIntentTokenStateV1, DbValuePasskeyV1, DbValueAttestedPasskeyV1, DbValueCredV1, DbValueIntentTokenStateV1, DbValuePasskeyV1,
}; };
use crate::credential::Credential; use crate::credential::Credential;
use crate::prelude::*; use crate::prelude::*;
use crate::repl::proto::{ use crate::repl::proto::{
ReplAttrV1, ReplCredV1, ReplDeviceKeyV4V1, ReplIntentTokenV1, ReplPasskeyV4V1, ReplAttestedPasskeyV4V1, ReplAttrV1, ReplCredV1, ReplIntentTokenV1, ReplPasskeyV4V1,
}; };
use crate::schema::SchemaAttribute; use crate::schema::SchemaAttribute;
use crate::value::{CredUpdateSessionPerms, CredentialType, IntentTokenState}; use crate::value::{CredUpdateSessionPerms, CredentialType, IntentTokenState};
@ -230,6 +232,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
} => IntentTokenState::Valid { } => IntentTokenState::Valid {
@ -238,6 +241,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -249,6 +253,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
} => IntentTokenState::InProgress { } => IntentTokenState::InProgress {
@ -259,6 +264,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -283,6 +289,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
} => ( } => (
@ -293,6 +300,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -306,6 +314,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
} => ( } => (
@ -318,6 +327,7 @@ impl ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -435,6 +445,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -443,6 +454,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -455,6 +467,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -465,6 +478,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -491,6 +505,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -500,6 +515,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -512,6 +528,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view, ext_cred_portal_can_view,
primary_can_edit, primary_can_edit,
passkeys_can_edit, passkeys_can_edit,
attested_passkeys_can_edit,
unixcred_can_edit, unixcred_can_edit,
sshpubkey_can_edit, sshpubkey_can_edit,
}, },
@ -523,6 +540,7 @@ impl ValueSetT for ValueSetIntentToken {
ext_cred_portal_can_view: *ext_cred_portal_can_view, ext_cred_portal_can_view: *ext_cred_portal_can_view,
primary_can_edit: *primary_can_edit, primary_can_edit: *primary_can_edit,
passkeys_can_edit: *passkeys_can_edit, passkeys_can_edit: *passkeys_can_edit,
attested_passkeys_can_edit: *attested_passkeys_can_edit,
unixcred_can_edit: *unixcred_can_edit, unixcred_can_edit: *unixcred_can_edit,
sshpubkey_can_edit: *sshpubkey_can_edit, sshpubkey_can_edit: *sshpubkey_can_edit,
}, },
@ -768,38 +786,38 @@ impl ValueSetT for ValueSetPasskey {
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct ValueSetDeviceKey { pub struct ValueSetAttestedPasskey {
map: BTreeMap<Uuid, (String, DeviceKeyV4)>, map: BTreeMap<Uuid, (String, AttestedPasskeyV4)>,
} }
impl ValueSetDeviceKey { impl ValueSetAttestedPasskey {
pub fn new(u: Uuid, t: String, k: DeviceKeyV4) -> Box<Self> { pub fn new(u: Uuid, t: String, k: AttestedPasskeyV4) -> Box<Self> {
let mut map = BTreeMap::new(); let mut map = BTreeMap::new();
map.insert(u, (t, k)); map.insert(u, (t, k));
Box::new(ValueSetDeviceKey { map }) Box::new(ValueSetAttestedPasskey { map })
} }
pub fn push(&mut self, u: Uuid, t: String, k: DeviceKeyV4) -> bool { pub fn push(&mut self, u: Uuid, t: String, k: AttestedPasskeyV4) -> bool {
self.map.insert(u, (t, k)).is_none() self.map.insert(u, (t, k)).is_none()
} }
pub fn from_dbvs2(data: Vec<DbValueDeviceKeyV1>) -> Result<ValueSet, OperationError> { pub fn from_dbvs2(data: Vec<DbValueAttestedPasskeyV1>) -> Result<ValueSet, OperationError> {
let map = data let map = data
.into_iter() .into_iter()
.map(|k| match k { .map(|k| match k {
DbValueDeviceKeyV1::V4 { u, t, k } => Ok((u, (t, k))), DbValueAttestedPasskeyV1::V4 { u, t, k } => Ok((u, (t, k))),
}) })
.collect::<Result<_, _>>()?; .collect::<Result<_, _>>()?;
Ok(Box::new(ValueSetDeviceKey { map })) Ok(Box::new(ValueSetAttestedPasskey { map }))
} }
pub fn from_repl_v1(data: &[ReplDeviceKeyV4V1]) -> Result<ValueSet, OperationError> { pub fn from_repl_v1(data: &[ReplAttestedPasskeyV4V1]) -> Result<ValueSet, OperationError> {
let map = data let map = data
.iter() .iter()
.cloned() .cloned()
.map(|ReplDeviceKeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key)))) .map(|ReplAttestedPasskeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key))))
.collect::<Result<_, _>>()?; .collect::<Result<_, _>>()?;
Ok(Box::new(ValueSetDeviceKey { map })) Ok(Box::new(ValueSetAttestedPasskey { map }))
} }
// We need to allow this, because rust doesn't allow us to impl FromIterator on foreign // We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
@ -807,17 +825,17 @@ impl ValueSetDeviceKey {
#[allow(clippy::should_implement_trait)] #[allow(clippy::should_implement_trait)]
pub fn from_iter<T>(iter: T) -> Option<Box<Self>> pub fn from_iter<T>(iter: T) -> Option<Box<Self>>
where where
T: IntoIterator<Item = (Uuid, String, DeviceKeyV4)>, T: IntoIterator<Item = (Uuid, String, AttestedPasskeyV4)>,
{ {
let map = iter.into_iter().map(|(u, t, k)| (u, (t, k))).collect(); let map = iter.into_iter().map(|(u, t, k)| (u, (t, k))).collect();
Some(Box::new(ValueSetDeviceKey { map })) Some(Box::new(ValueSetAttestedPasskey { map }))
} }
} }
impl ValueSetT for ValueSetDeviceKey { impl ValueSetT for ValueSetAttestedPasskey {
fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> { fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
match value { match value {
Value::DeviceKey(u, t, k) => { Value::AttestedPasskey(u, t, k) => {
if let BTreeEntry::Vacant(e) = self.map.entry(u) { if let BTreeEntry::Vacant(e) = self.map.entry(u) {
e.insert((t, k)); e.insert((t, k));
Ok(true) Ok(true)
@ -835,14 +853,14 @@ impl ValueSetT for ValueSetDeviceKey {
fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool { fn remove(&mut self, pv: &PartialValue, _cid: &Cid) -> bool {
match pv { match pv {
PartialValue::DeviceKey(u) => self.map.remove(u).is_some(), PartialValue::AttestedPasskey(u) => self.map.remove(u).is_some(),
_ => false, _ => false,
} }
} }
fn contains(&self, pv: &PartialValue) -> bool { fn contains(&self, pv: &PartialValue) -> bool {
match pv { match pv {
PartialValue::DeviceKey(u) => self.map.contains_key(u), PartialValue::AttestedPasskey(u) => self.map.contains_key(u),
_ => false, _ => false,
} }
} }
@ -875,7 +893,7 @@ impl ValueSetT for ValueSetDeviceKey {
} }
fn syntax(&self) -> SyntaxType { fn syntax(&self) -> SyntaxType {
SyntaxType::DeviceKey SyntaxType::AttestedPasskey
} }
fn validate(&self, _schema_attr: &SchemaAttribute) -> bool { fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
@ -889,10 +907,10 @@ impl ValueSetT for ValueSetDeviceKey {
} }
fn to_db_valueset_v2(&self) -> DbValueSetV2 { fn to_db_valueset_v2(&self) -> DbValueSetV2 {
DbValueSetV2::DeviceKey( DbValueSetV2::AttestedPasskey(
self.map self.map
.iter() .iter()
.map(|(u, (t, k))| DbValueDeviceKeyV1::V4 { .map(|(u, (t, k))| DbValueAttestedPasskeyV1::V4 {
u: *u, u: *u,
t: t.clone(), t: t.clone(),
k: k.clone(), k: k.clone(),
@ -902,11 +920,11 @@ impl ValueSetT for ValueSetDeviceKey {
} }
fn to_repl_v1(&self) -> ReplAttrV1 { fn to_repl_v1(&self) -> ReplAttrV1 {
ReplAttrV1::DeviceKey { ReplAttrV1::AttestedPasskey {
set: self set: self
.map .map
.iter() .iter()
.map(|(u, (t, k))| ReplDeviceKeyV4V1 { .map(|(u, (t, k))| ReplAttestedPasskeyV4V1 {
uuid: *u, uuid: *u,
tag: t.clone(), tag: t.clone(),
key: k.clone(), key: k.clone(),
@ -916,20 +934,20 @@ impl ValueSetT for ValueSetDeviceKey {
} }
fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> { fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
Box::new(self.map.keys().copied().map(PartialValue::DeviceKey)) Box::new(self.map.keys().copied().map(PartialValue::AttestedPasskey))
} }
fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> { fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
Box::new( Box::new(
self.map self.map
.iter() .iter()
.map(|(u, (t, k))| Value::DeviceKey(*u, t.clone(), k.clone())), .map(|(u, (t, k))| Value::AttestedPasskey(*u, t.clone(), k.clone())),
) )
} }
fn equal(&self, other: &ValueSet) -> bool { fn equal(&self, other: &ValueSet) -> bool {
// Looks like we may not need this? // Looks like we may not need this?
if let Some(other) = other.as_devicekey_map() { if let Some(other) = other.as_attestedpasskey_map() {
&self.map == other &self.map == other
} else { } else {
// debug_assert!(false); // debug_assert!(false);
@ -938,7 +956,7 @@ impl ValueSetT for ValueSetDeviceKey {
} }
fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> { fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
if let Some(b) = other.as_devicekey_map() { if let Some(b) = other.as_attestedpasskey_map() {
mergemaps!(self.map, b) mergemaps!(self.map, b)
} else { } else {
debug_assert!(false); debug_assert!(false);
@ -946,15 +964,17 @@ impl ValueSetT for ValueSetDeviceKey {
} }
} }
fn to_devicekey_single(&self) -> Option<&DeviceKeyV4> { /*
fn to_attestedpasskey_single(&self) -> Option<&AttestedPasskeyV4> {
if self.map.len() == 1 { if self.map.len() == 1 {
self.map.values().take(1).next().map(|(_, k)| k) self.map.values().take(1).next().map(|(_, k)| k)
} else { } else {
None None
} }
} }
*/
fn as_devicekey_map(&self) -> Option<&BTreeMap<Uuid, (String, DeviceKeyV4)>> { fn as_attestedpasskey_map(&self) -> Option<&BTreeMap<Uuid, (String, AttestedPasskeyV4)>> {
Some(&self.map) Some(&self.map)
} }
} }
@ -1115,3 +1135,175 @@ impl ValueSetT for ValueSetCredentialType {
Some(&self.set) Some(&self.set)
} }
} }
#[derive(Debug, Clone)]
pub struct ValueSetWebauthnAttestationCaList {
ca_list: AttestationCaList,
}
impl ValueSetWebauthnAttestationCaList {
pub fn new(ca_list: AttestationCaList) -> Box<Self> {
Box::new(ValueSetWebauthnAttestationCaList { ca_list })
}
/*
pub fn push(&mut self, u: CredentialType) -> bool {
self.set.insert(u)
}
*/
pub fn from_dbvs2(ca_list: AttestationCaList) -> Result<ValueSet, OperationError> {
Ok(Box::new(ValueSetWebauthnAttestationCaList { ca_list }))
}
pub fn from_repl_v1(ca_list: &AttestationCaList) -> Result<ValueSet, OperationError> {
Ok(Box::new(ValueSetWebauthnAttestationCaList {
ca_list: ca_list.clone(),
}))
}
/*
// We need to allow this, because rust doesn't allow us to impl FromIterator on foreign
// types, and uuid is foreign.
#[allow(clippy::should_implement_trait)]
pub fn from_iter<T>(iter: T) -> Option<Box<Self>>
where
T: IntoIterator<Item = CredentialType>,
{
let set = iter.into_iter().collect();
Some(Box::new(ValueSetCredentialType { set }))
}
*/
}
impl ValueSetT for ValueSetWebauthnAttestationCaList {
fn insert_checked(&mut self, value: Value) -> Result<bool, OperationError> {
match value {
Value::WebauthnAttestationCaList(u) => {
self.ca_list.union(&u);
Ok(true)
}
_ => {
debug_assert!(false);
Err(OperationError::InvalidValueState)
}
}
}
fn clear(&mut self) {
self.ca_list.clear();
}
fn remove(&mut self, _pv: &PartialValue, _cid: &Cid) -> bool {
/*
match pv {
_ => {
debug_assert!(false);
true
}
}
*/
debug_assert!(false);
true
}
fn contains(&self, _pv: &PartialValue) -> bool {
/*
match pv {
PartialValue::CredentialType(u) => self.set.contains(u),
_ => false,
}
*/
false
}
fn substring(&self, _pv: &PartialValue) -> bool {
false
}
fn startswith(&self, _pv: &PartialValue) -> bool {
false
}
fn endswith(&self, _pv: &PartialValue) -> bool {
false
}
fn lessthan(&self, _pv: &PartialValue) -> bool {
false
}
fn len(&self) -> usize {
self.ca_list.len()
}
fn generate_idx_eq_keys(&self) -> Vec<String> {
// self.set.iter().map(|u| u.to_string()).collect()
Vec::with_capacity(0)
}
fn syntax(&self) -> SyntaxType {
SyntaxType::WebauthnAttestationCaList
}
fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
// Should we actually be looking through the ca-list as given and eliminate
// known vuln devices?
true
}
fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
Box::new(
self.ca_list
.cas()
.values()
.flat_map(|att_ca| att_ca.aaguids().values())
.map(|device| device.description_en().to_string()),
)
}
fn to_db_valueset_v2(&self) -> DbValueSetV2 {
DbValueSetV2::WebauthnAttestationCaList {
ca_list: self.ca_list.clone(),
}
}
fn to_repl_v1(&self) -> ReplAttrV1 {
ReplAttrV1::WebauthnAttestationCaList {
ca_list: self.ca_list.clone(),
}
}
fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
Box::new(std::iter::empty::<PartialValue>())
}
fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
Box::new(std::iter::once(Value::WebauthnAttestationCaList(
self.ca_list.clone(),
)))
}
fn equal(&self, other: &ValueSet) -> bool {
if let Some(other) = other.as_webauthn_attestation_ca_list() {
&self.ca_list == other
} else {
debug_assert!(false);
false
}
}
fn merge(&mut self, other: &ValueSet) -> Result<(), OperationError> {
if let Some(b) = other.as_webauthn_attestation_ca_list() {
self.ca_list.union(b);
Ok(())
} else {
debug_assert!(false);
Err(OperationError::InvalidValueState)
}
}
fn as_webauthn_attestation_ca_list(&self) -> Option<&AttestationCaList> {
Some(&self.ca_list)
}
}

42
server/lib/src/valueset/mod.rs
View file

@ -8,10 +8,10 @@ use openssl::ec::EcKey;
use openssl::pkey::Private; use openssl::pkey::Private;
use openssl::pkey::Public; use openssl::pkey::Public;
use smolset::SmolSet; use smolset::SmolSet;
use time::OffsetDateTime;
// use std::fmt::Debug;
use sshkey_attest::proto::PublicKey as SshPublicKey; use sshkey_attest::proto::PublicKey as SshPublicKey;
use webauthn_rs::prelude::AttestedPasskey as DeviceKeyV4; use time::OffsetDateTime;
use webauthn_rs::prelude::AttestationCaList;
use webauthn_rs::prelude::AttestedPasskey as AttestedPasskeyV4;
use webauthn_rs::prelude::Passkey as PasskeyV4; use webauthn_rs::prelude::Passkey as PasskeyV4;
use kanidm_proto::v1::Filter as ProtoFilter; use kanidm_proto::v1::Filter as ProtoFilter;
@ -30,8 +30,8 @@ pub use self::binary::{ValueSetPrivateBinary, ValueSetPublicBinary};
pub use self::bool::ValueSetBool; pub use self::bool::ValueSetBool;
pub use self::cid::ValueSetCid; pub use self::cid::ValueSetCid;
pub use self::cred::{ pub use self::cred::{
ValueSetCredential, ValueSetCredentialType, ValueSetDeviceKey, ValueSetIntentToken, ValueSetAttestedPasskey, ValueSetCredential, ValueSetCredentialType, ValueSetIntentToken,
ValueSetPasskey, ValueSetPasskey, ValueSetWebauthnAttestationCaList,
}; };
pub use self::datetime::ValueSetDateTime; pub use self::datetime::ValueSetDateTime;
pub use self::eckey::ValueSetEcKeyPrivate; pub use self::eckey::ValueSetEcKeyPrivate;
@ -355,7 +355,12 @@ pub trait ValueSetT: std::fmt::Debug + DynClone {
None None
} }
fn as_devicekey_map(&self) -> Option<&BTreeMap<Uuid, (String, DeviceKeyV4)>> { fn as_attestedpasskey_map(&self) -> Option<&BTreeMap<Uuid, (String, AttestedPasskeyV4)>> {
debug_assert!(false);
None
}
fn as_webauthn_attestation_ca_list(&self) -> Option<&AttestationCaList> {
debug_assert!(false); debug_assert!(false);
None None
} }
@ -507,11 +512,6 @@ pub trait ValueSetT: std::fmt::Debug + DynClone {
None None
} }
fn to_devicekey_single(&self) -> Option<&DeviceKeyV4> {
debug_assert!(false);
None
}
fn as_session_map(&self) -> Option<&BTreeMap<Uuid, Session>> { fn as_session_map(&self) -> Option<&BTreeMap<Uuid, Session>> {
debug_assert!(false); debug_assert!(false);
None None
@ -668,9 +668,10 @@ pub fn from_result_value_iter(
Value::EcKeyPrivate(k) => ValueSetEcKeyPrivate::new(&k), Value::EcKeyPrivate(k) => ValueSetEcKeyPrivate::new(&k),
Value::Image(imagevalue) => image::ValueSetImage::new(imagevalue), Value::Image(imagevalue) => image::ValueSetImage::new(imagevalue),
Value::CredentialType(c) => ValueSetCredentialType::new(c), Value::CredentialType(c) => ValueSetCredentialType::new(c),
Value::PhoneNumber(_, _) Value::WebauthnAttestationCaList(_)
| Value::PhoneNumber(_, _)
| Value::Passkey(_, _, _) | Value::Passkey(_, _, _)
| Value::DeviceKey(_, _, _) | Value::AttestedPasskey(_, _, _)
| Value::TotpSecret(_, _) | Value::TotpSecret(_, _)
| Value::Session(_, _) | Value::Session(_, _)
| Value::ApiToken(_, _) | Value::ApiToken(_, _)
@ -724,7 +725,7 @@ pub fn from_value_iter(mut iter: impl Iterator<Item = Value>) -> Result<ValueSet
Value::IntentToken(u, s) => ValueSetIntentToken::new(u, s), Value::IntentToken(u, s) => ValueSetIntentToken::new(u, s),
Value::EmailAddress(a, _) => ValueSetEmailAddress::new(a), Value::EmailAddress(a, _) => ValueSetEmailAddress::new(a),
Value::Passkey(u, t, k) => ValueSetPasskey::new(u, t, k), Value::Passkey(u, t, k) => ValueSetPasskey::new(u, t, k),
Value::DeviceKey(u, t, k) => ValueSetDeviceKey::new(u, t, k), Value::AttestedPasskey(u, t, k) => ValueSetAttestedPasskey::new(u, t, k),
Value::JwsKeyEs256(k) => ValueSetJwsKeyEs256::new(k), Value::JwsKeyEs256(k) => ValueSetJwsKeyEs256::new(k),
Value::JwsKeyRs256(k) => ValueSetJwsKeyRs256::new(k), Value::JwsKeyRs256(k) => ValueSetJwsKeyRs256::new(k),
Value::Session(u, m) => ValueSetSession::new(u, m), Value::Session(u, m) => ValueSetSession::new(u, m),
@ -736,6 +737,9 @@ pub fn from_value_iter(mut iter: impl Iterator<Item = Value>) -> Result<ValueSet
Value::EcKeyPrivate(k) => ValueSetEcKeyPrivate::new(&k), Value::EcKeyPrivate(k) => ValueSetEcKeyPrivate::new(&k),
Value::Image(imagevalue) => image::ValueSetImage::new(imagevalue), Value::Image(imagevalue) => image::ValueSetImage::new(imagevalue),
Value::CredentialType(c) => ValueSetCredentialType::new(c), Value::CredentialType(c) => ValueSetCredentialType::new(c),
Value::WebauthnAttestationCaList(ca_list) => {
ValueSetWebauthnAttestationCaList::new(ca_list)
}
Value::PhoneNumber(_, _) => { Value::PhoneNumber(_, _) => {
debug_assert!(false); debug_assert!(false);
return Err(OperationError::InvalidValueState); return Err(OperationError::InvalidValueState);
@ -777,7 +781,7 @@ pub fn from_db_valueset_v2(dbvs: DbValueSetV2) -> Result<ValueSet, OperationErro
DbValueSetV2::IntentToken(set) => ValueSetIntentToken::from_dbvs2(set), DbValueSetV2::IntentToken(set) => ValueSetIntentToken::from_dbvs2(set),
DbValueSetV2::EmailAddress(primary, set) => ValueSetEmailAddress::from_dbvs2(primary, set), DbValueSetV2::EmailAddress(primary, set) => ValueSetEmailAddress::from_dbvs2(primary, set),
DbValueSetV2::Passkey(set) => ValueSetPasskey::from_dbvs2(set), DbValueSetV2::Passkey(set) => ValueSetPasskey::from_dbvs2(set),
DbValueSetV2::DeviceKey(set) => ValueSetDeviceKey::from_dbvs2(set), DbValueSetV2::AttestedPasskey(set) => ValueSetAttestedPasskey::from_dbvs2(set),
DbValueSetV2::Session(set) => ValueSetSession::from_dbvs2(set), DbValueSetV2::Session(set) => ValueSetSession::from_dbvs2(set),
DbValueSetV2::ApiToken(set) => ValueSetApiToken::from_dbvs2(set), DbValueSetV2::ApiToken(set) => ValueSetApiToken::from_dbvs2(set),
DbValueSetV2::Oauth2Session(set) => ValueSetOauth2Session::from_dbvs2(set), DbValueSetV2::Oauth2Session(set) => ValueSetOauth2Session::from_dbvs2(set),
@ -793,6 +797,9 @@ pub fn from_db_valueset_v2(dbvs: DbValueSetV2) -> Result<ValueSet, OperationErro
} }
DbValueSetV2::Image(set) => ValueSetImage::from_dbvs2(&set), DbValueSetV2::Image(set) => ValueSetImage::from_dbvs2(&set),
DbValueSetV2::CredentialType(set) => ValueSetCredentialType::from_dbvs2(set), DbValueSetV2::CredentialType(set) => ValueSetCredentialType::from_dbvs2(set),
DbValueSetV2::WebauthnAttestationCaList { ca_list } => {
ValueSetWebauthnAttestationCaList::from_dbvs2(ca_list)
}
} }
} }
@ -823,7 +830,7 @@ pub fn from_repl_v1(rv1: &ReplAttrV1) -> Result<ValueSet, OperationError> {
ReplAttrV1::Credential { set } => ValueSetCredential::from_repl_v1(set), ReplAttrV1::Credential { set } => ValueSetCredential::from_repl_v1(set),
ReplAttrV1::IntentToken { set } => ValueSetIntentToken::from_repl_v1(set), ReplAttrV1::IntentToken { set } => ValueSetIntentToken::from_repl_v1(set),
ReplAttrV1::Passkey { set } => ValueSetPasskey::from_repl_v1(set), ReplAttrV1::Passkey { set } => ValueSetPasskey::from_repl_v1(set),
ReplAttrV1::DeviceKey { set } => ValueSetDeviceKey::from_repl_v1(set), ReplAttrV1::AttestedPasskey { set } => ValueSetAttestedPasskey::from_repl_v1(set),
ReplAttrV1::DateTime { set } => ValueSetDateTime::from_repl_v1(set), ReplAttrV1::DateTime { set } => ValueSetDateTime::from_repl_v1(set),
ReplAttrV1::Url { set } => ValueSetUrl::from_repl_v1(set), ReplAttrV1::Url { set } => ValueSetUrl::from_repl_v1(set),
ReplAttrV1::NsUniqueId { set } => ValueSetNsUniqueId::from_repl_v1(set), ReplAttrV1::NsUniqueId { set } => ValueSetNsUniqueId::from_repl_v1(set),
@ -839,5 +846,8 @@ pub fn from_repl_v1(rv1: &ReplAttrV1) -> Result<ValueSet, OperationError> {
ReplAttrV1::EcKeyPrivate { key } => ValueSetEcKeyPrivate::from_repl_v1(key), ReplAttrV1::EcKeyPrivate { key } => ValueSetEcKeyPrivate::from_repl_v1(key),
ReplAttrV1::Image { set } => ValueSetImage::from_repl_v1(set), ReplAttrV1::Image { set } => ValueSetImage::from_repl_v1(set),
ReplAttrV1::CredentialType { set } => ValueSetCredentialType::from_repl_v1(set), ReplAttrV1::CredentialType { set } => ValueSetCredentialType::from_repl_v1(set),
ReplAttrV1::WebauthnAttestationCaList { ca_list } => {
ValueSetWebauthnAttestationCaList::from_repl_v1(ca_list)
}
} }
} }

BIN
server/web_ui/pkg/external/bootstrap.bundle.min.js.br vendored
View file

Binary file not shown.

BIN
server/web_ui/pkg/external/bootstrap.bundle.min.js.map.br vendored
View file

Binary file not shown.

BIN
server/web_ui/pkg/external/bootstrap.min.css.map.br vendored
View file

Binary file not shown.

BIN
server/web_ui/pkg/img/icon-accounts.svg.br
View file

Binary file not shown.

BIN
server/web_ui/pkg/img/icon-groups.svg.br
View file

Binary file not shown.

358
server/web_ui/pkg/kanidmd_web_ui_admin.js
View file

@ -223,19 +223,19 @@ function addBorrowedObject(obj) {
} }
function __wbg_adapter_38(arg0, arg1, arg2) { function __wbg_adapter_38(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h3e88c381a9b0da08(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hecf49fd8e934d63d(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
} }
function __wbg_adapter_41(arg0, arg1, arg2) { function __wbg_adapter_41(arg0, arg1, arg2) {
wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h71282a39cf9f54cc(arg0, arg1, addHeapObject(arg2)); wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hbb91bcb76d7d57c6(arg0, arg1, addHeapObject(arg2));
} }
function __wbg_adapter_44(arg0, arg1, arg2) { function __wbg_adapter_44(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h49ac351fd82edf13(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hf15c46d581e6d848(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
@ -397,6 +397,11 @@ function __wbg_get_imports() {
getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret; getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret;
getInt32Memory0()[arg0 / 4 + 0] = !isLikeNone(ret); getInt32Memory0()[arg0 / 4 + 0] = !isLikeNone(ret);
}; };
imports.wbg.__wbg_cachekey_b61393159c57fd7b = function(arg0, arg1) {
const ret = getObject(arg1).__yew_subtree_cache_key;
getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret;
getInt32Memory0()[arg0 / 4 + 0] = !isLikeNone(ret);
};
imports.wbg.__wbg_subtreeid_e348577f7ef777e3 = function(arg0, arg1) { imports.wbg.__wbg_subtreeid_e348577f7ef777e3 = function(arg0, arg1) {
const ret = getObject(arg1).__yew_subtree_id; const ret = getObject(arg1).__yew_subtree_id;
getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret; getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret;
@ -405,11 +410,6 @@ function __wbg_get_imports() {
imports.wbg.__wbg_setsubtreeid_d32e6327eef1f7fc = function(arg0, arg1) { imports.wbg.__wbg_setsubtreeid_d32e6327eef1f7fc = function(arg0, arg1) {
getObject(arg0).__yew_subtree_id = arg1 >>> 0; getObject(arg0).__yew_subtree_id = arg1 >>> 0;
}; };
imports.wbg.__wbg_cachekey_b61393159c57fd7b = function(arg0, arg1) {
const ret = getObject(arg1).__yew_subtree_cache_key;
getInt32Memory0()[arg0 / 4 + 1] = isLikeNone(ret) ? 0 : ret;
getInt32Memory0()[arg0 / 4 + 0] = !isLikeNone(ret);
};
imports.wbg.__wbg_setcachekey_80183b7cfc421143 = function(arg0, arg1) { imports.wbg.__wbg_setcachekey_80183b7cfc421143 = function(arg0, arg1) {
getObject(arg0).__yew_subtree_cache_key = arg1 >>> 0; getObject(arg0).__yew_subtree_cache_key = arg1 >>> 0;
}; };
@ -435,10 +435,10 @@ function __wbg_get_imports() {
wasm.__wbindgen_free(deferred0_0, deferred0_1, 1); wasm.__wbindgen_free(deferred0_0, deferred0_1, 1);
} }
}; };
imports.wbg.__wbg_queueMicrotask_e5949c35d772a669 = function(arg0) { imports.wbg.__wbg_queueMicrotask_4d890031a6a5a50c = function(arg0) {
queueMicrotask(getObject(arg0)); queueMicrotask(getObject(arg0));
}; };
imports.wbg.__wbg_queueMicrotask_2be8b97a81fe4d00 = function(arg0) { imports.wbg.__wbg_queueMicrotask_adae4bc085237231 = function(arg0) {
const ret = getObject(arg0).queueMicrotask; const ret = getObject(arg0).queueMicrotask;
return addHeapObject(ret); return addHeapObject(ret);
}; };
@ -468,27 +468,27 @@ function __wbg_get_imports() {
wasm.__wbindgen_free(arg0, arg1 * 4, 4); wasm.__wbindgen_free(arg0, arg1 * 4, 4);
console.log(...v0); console.log(...v0);
}; };
imports.wbg.__wbg_body_11da0c1aa9610cb3 = function(arg0) { imports.wbg.__wbg_body_64abc9aba1891e91 = function(arg0) {
const ret = getObject(arg0).body; const ret = getObject(arg0).body;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_createElement_9ce3fdea8322ff34 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_createElement_fdd5c113cb84539e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createElementNS_6a08d8f33e767e18 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_createElementNS_524b05a6070757b6 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createTextNode_01a7250c5ca46b04 = function(arg0, arg1, arg2) { imports.wbg.__wbg_createTextNode_7ff0c034b2855f66 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_querySelector_391afe271b8236d5 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_querySelector_c72dce5ac4b6bc3e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2));
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_Window_cde2416cf5126a72 = function(arg0) { imports.wbg.__wbg_instanceof_Window_3e5cd1f48c152d01 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Window; result = getObject(arg0) instanceof Window;
@ -498,31 +498,31 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_document_183cf1eecfdbffee = function(arg0) { imports.wbg.__wbg_document_d609202d16c38224 = function(arg0) {
const ret = getObject(arg0).document; const ret = getObject(arg0).document;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_location_61ca61017633c753 = function(arg0) { imports.wbg.__wbg_location_176c34e89c2c9d80 = function(arg0) {
const ret = getObject(arg0).location; const ret = getObject(arg0).location;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_history_56dc869560201113 = function() { return handleError(function (arg0) { imports.wbg.__wbg_history_80998b7456bf367e = function() { return handleError(function (arg0) {
const ret = getObject(arg0).history; const ret = getObject(arg0).history;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_localStorage_e11f72e996a4f5d9 = function() { return handleError(function (arg0) { imports.wbg.__wbg_localStorage_8c507fd281456944 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).localStorage; const ret = getObject(arg0).localStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_sessionStorage_071949dc646bfd35 = function() { return handleError(function (arg0) { imports.wbg.__wbg_sessionStorage_adb12b0c8ea06c48 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).sessionStorage; const ret = getObject(arg0).sessionStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_fetch_8cebc656dc6b11b1 = function(arg0, arg1) { imports.wbg.__wbg_fetch_6c415b3a07763878 = function(arg0, arg1) {
const ret = getObject(arg0).fetch(getObject(arg1)); const ret = getObject(arg0).fetch(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_instanceof_Element_6c7af07f5e6c8d69 = function(arg0) { imports.wbg.__wbg_instanceof_Element_3f326a19cc457941 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Element; result = getObject(arg0) instanceof Element;
@ -532,201 +532,127 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_namespaceURI_2dd94d0147ffddf2 = function(arg0, arg1) { imports.wbg.__wbg_namespaceURI_7cc7ef157e398356 = function(arg0, arg1) {
const ret = getObject(arg1).namespaceURI; const ret = getObject(arg1).namespaceURI;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_classList_7fd39dc155235d8a = function(arg0) { imports.wbg.__wbg_classList_82893a9100db6428 = function(arg0) {
const ret = getObject(arg0).classList; const ret = getObject(arg0).classList;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_setinnerHTML_b88bf159b62c2334 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setinnerHTML_ce0d6527ce4086f2 = function(arg0, arg1, arg2) {
getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2); getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_outerHTML_72dcf3aa34725f10 = function(arg0, arg1) { imports.wbg.__wbg_outerHTML_b5a8d952b5615778 = function(arg0, arg1) {
const ret = getObject(arg1).outerHTML; const ret = getObject(arg1).outerHTML;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_children_af5a3246832628b1 = function(arg0) { imports.wbg.__wbg_children_990f38c4f4d5c721 = function(arg0) {
const ret = getObject(arg0).children; const ret = getObject(arg0).children;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_removeAttribute_dbd76981f9bb9f59 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeAttribute_2e200daefb9f3ed4 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setAttribute_aebcae2169f2f869 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setAttribute_e7b72a5e7cfcb5a3 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_getItem_c81cd3ae30cd579a = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_getItem_5395a7e200c31e89 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeItem_58a487fe7fc070f0 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeItem_c84f914587f36b1a = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setItem_fe04f524052a3839 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setItem_3786c4c8dd0c9bd0 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setchecked_5757666239434ecd = function(arg0, arg1) { imports.wbg.__wbg_setchecked_c1d5c3726082e274 = function(arg0, arg1) {
getObject(arg0).checked = arg1 !== 0; getObject(arg0).checked = arg1 !== 0;
}; };
imports.wbg.__wbg_value_5e860795f53217cd = function(arg0, arg1) { imports.wbg.__wbg_value_e024243a9dae20bc = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_7d187f6cc23d8192 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_5b3442ff620b4a5d = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_addEventListener_51709b9747ad8980 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_bubbles_f1cdd0584446cad0 = function(arg0) {
getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4));
}, arguments) };
imports.wbg.__wbg_removeEventListener_5b1e762a7951280a = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0);
}, arguments) };
imports.wbg.__wbg_state_78eaa7b6ff3123a0 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).state;
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_pushState_8eaca41f86b13910 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) {
getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5));
}, arguments) };
imports.wbg.__wbg_href_92490614763f3f7c = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_sethref_2c377515f8ddd13a = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).href = getStringFromWasm0(arg1, arg2);
}, arguments) };
imports.wbg.__wbg_pathname_cd5a90c8f3ab524a = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_search_08fbba2309a249da = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_hash_ced9ee31706e591d = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_headers_4711243cf3bffca0 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_newwithstrandinit_29038da14d09e330 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2));
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_Response_944e2745b5db71f5 = function(arg0) {
let result;
try {
result = getObject(arg0) instanceof Response;
} catch (_) {
result = false;
}
const ret = result;
return ret;
};
imports.wbg.__wbg_status_7841bb47be2a8f16 = function(arg0) {
const ret = getObject(arg0).status;
return ret;
};
imports.wbg.__wbg_headers_ea7ef583d1564b08 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_json_7f96c90903ae4155 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).json();
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_bubbles_c27af65192eb3569 = function(arg0) {
const ret = getObject(arg0).bubbles; const ret = getObject(arg0).bubbles;
return ret; return ret;
}; };
imports.wbg.__wbg_cancelBubble_ee3f70328e901584 = function(arg0) { imports.wbg.__wbg_cancelBubble_976cfdf7ac449a6c = function(arg0) {
const ret = getObject(arg0).cancelBubble; const ret = getObject(arg0).cancelBubble;
return ret; return ret;
}; };
imports.wbg.__wbg_composedPath_ee37eece046b69a2 = function(arg0) { imports.wbg.__wbg_composedPath_12a068e57a98cf90 = function(arg0) {
const ret = getObject(arg0).composedPath(); const ret = getObject(arg0).composedPath();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_preventDefault_9299867e06da6909 = function(arg0) { imports.wbg.__wbg_preventDefault_7f821f72e7c6b5d4 = function(arg0) {
getObject(arg0).preventDefault(); getObject(arg0).preventDefault();
}; };
imports.wbg.__wbg_get_9470c6584bbde430 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_get_0231cdd369e04a1d = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_set_2912c891505cbc22 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_set_27f236f6d7a28c29 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_parentNode_e1c214fc3f362af0 = function(arg0) { imports.wbg.__wbg_parentNode_92a7017b3a4fad43 = function(arg0) {
const ret = getObject(arg0).parentNode; const ret = getObject(arg0).parentNode;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_parentElement_592cb54944d3d002 = function(arg0) { imports.wbg.__wbg_parentElement_72e144c2e8d9e0b5 = function(arg0) {
const ret = getObject(arg0).parentElement; const ret = getObject(arg0).parentElement;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_lastChild_b17b3c7498d25bd7 = function(arg0) { imports.wbg.__wbg_lastChild_a62e3fbaab87f734 = function(arg0) {
const ret = getObject(arg0).lastChild; const ret = getObject(arg0).lastChild;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_nextSibling_d029031876ed1b1b = function(arg0) { imports.wbg.__wbg_nextSibling_bafccd3347d24543 = function(arg0) {
const ret = getObject(arg0).nextSibling; const ret = getObject(arg0).nextSibling;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_setnodeValue_321840a6762ab272 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setnodeValue_630c6470d05b600e = function(arg0, arg1, arg2) {
getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2); getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_textContent_d69d000f6081b514 = function(arg0, arg1) { imports.wbg.__wbg_textContent_2f37235e13f8484b = function(arg0, arg1) {
const ret = getObject(arg1).textContent; const ret = getObject(arg1).textContent;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_appendChild_2e6a6c9d1f0d443d = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_appendChild_d30e6b83791d04c0 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).appendChild(getObject(arg1)); const ret = getObject(arg0).appendChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_insertBefore_bdaeec8969497673 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_insertBefore_726c1640c419e940 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeChild_a63022ebbfa6ebf5 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_removeChild_942eb9c02243d84d = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).removeChild(getObject(arg1)); const ret = getObject(arg0).removeChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_ShadowRoot_f85f709c953844de = function(arg0) { imports.wbg.__wbg_instanceof_ShadowRoot_0bd39e89ab117f86 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ShadowRoot; result = getObject(arg0) instanceof ShadowRoot;
@ -736,141 +662,215 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_host_73c8e95bf9b31ccd = function(arg0) { imports.wbg.__wbg_host_09eee5e3d9cf59a1 = function(arg0) {
const ret = getObject(arg0).host; const ret = getObject(arg0).host;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_add_dc5c00591ed65268 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_addEventListener_374cbfd2bbc19ccf = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4));
}, arguments) };
imports.wbg.__wbg_removeEventListener_9ece7e86d1135657 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0);
}, arguments) };
imports.wbg.__wbg_state_ba77b2c3ee29c912 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).state;
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_pushState_e159043fce8f87bc = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) {
getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5));
}, arguments) };
imports.wbg.__wbg_href_160af2ae1328d7b7 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_sethref_90b000c8b01f96b1 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).href = getStringFromWasm0(arg1, arg2);
}, arguments) };
imports.wbg.__wbg_pathname_1ab7e82aaa4511ff = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_search_9f7ca8896c2d0804 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_hash_be2940ca236b5efc = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_headers_d135d2bb8cc60413 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_newwithstrandinit_f581dff0d19a8b03 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2));
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_Response_4c3b1446206114d1 = function(arg0) {
let result;
try {
result = getObject(arg0) instanceof Response;
} catch (_) {
result = false;
}
const ret = result;
return ret;
};
imports.wbg.__wbg_status_d6d47ad2837621eb = function(arg0) {
const ret = getObject(arg0).status;
return ret;
};
imports.wbg.__wbg_headers_24def508a7518df9 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_json_34535d9848f043eb = function() { return handleError(function (arg0) {
const ret = getObject(arg0).json();
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_add_e0f3c5b6e421c311 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).add(getStringFromWasm0(arg1, arg2)); getObject(arg0).add(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_7f944b48b612250e = function(arg0, arg1) { imports.wbg.__wbg_href_e9aac3826080dcaa = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_pathname_a83d8f2ebefa6791 = function(arg0, arg1) { imports.wbg.__wbg_pathname_aeafa820be91c325 = function(arg0, arg1) {
const ret = getObject(arg1).pathname; const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_search_8c5f74fa2d11377e = function(arg0, arg1) { imports.wbg.__wbg_search_f6e95882a48d3f69 = function(arg0, arg1) {
const ret = getObject(arg1).search; const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setsearch_a168105ad9dbdb8b = function(arg0, arg1, arg2) { imports.wbg.__wbg_setsearch_4f7d084e0d811add = function(arg0, arg1, arg2) {
getObject(arg0).search = getStringFromWasm0(arg1, arg2); getObject(arg0).search = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_hash_f468e7d38a21a76a = function(arg0, arg1) { imports.wbg.__wbg_hash_0087751acddc8f2a = function(arg0, arg1) {
const ret = getObject(arg1).hash; const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_sethash_7c3032584865b2bd = function(arg0, arg1, arg2) { imports.wbg.__wbg_sethash_bfc9db317a77305c = function(arg0, arg1, arg2) {
getObject(arg0).hash = getStringFromWasm0(arg1, arg2); getObject(arg0).hash = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_new_d7cd05d9de7d4000 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_new_9e08fd37c1c53142 = function() { return handleError(function (arg0, arg1) {
const ret = new URL(getStringFromWasm0(arg0, arg1)); const ret = new URL(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_newwithbase_604e8dfd42d25665 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_newwithbase_f4989aa5bbd5cc29 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3)); const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_2777cc28ba3aac82 = function(arg0, arg1) { imports.wbg.__wbg_href_f21dc804d4da134a = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_value_539db729f551be3a = function(arg0, arg1) { imports.wbg.__wbg_value_57e57170f6952449 = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_15231c60278dee22 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_a11f3069fd7a1805 = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_get_4a9aa5157afeb382 = function(arg0, arg1) { imports.wbg.__wbg_get_f01601b5a68d10e3 = function(arg0, arg1) {
const ret = getObject(arg0)[arg1 >>> 0]; const ret = getObject(arg0)[arg1 >>> 0];
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_length_cace2e0b3ddc0502 = function(arg0) { imports.wbg.__wbg_length_1009b1af0c481d7b = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_newnoargs_ccdcae30fd002262 = function(arg0, arg1) { imports.wbg.__wbg_newnoargs_c62ea9419c21fbac = function(arg0, arg1) {
const ret = new Function(getStringFromWasm0(arg0, arg1)); const ret = new Function(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_15da6a3df9290720 = function(arg0) { imports.wbg.__wbg_next_9b877f231f476d01 = function(arg0) {
const ret = getObject(arg0).next; const ret = getObject(arg0).next;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_1989a20442400aaa = function() { return handleError(function (arg0) { imports.wbg.__wbg_next_6529ee0cca8d57ed = function() { return handleError(function (arg0) {
const ret = getObject(arg0).next(); const ret = getObject(arg0).next();
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_done_bc26bf4ada718266 = function(arg0) { imports.wbg.__wbg_done_5fe336b092d60cf2 = function(arg0) {
const ret = getObject(arg0).done; const ret = getObject(arg0).done;
return ret; return ret;
}; };
imports.wbg.__wbg_value_0570714ff7d75f35 = function(arg0) { imports.wbg.__wbg_value_0c248a78fdc8e19f = function(arg0) {
const ret = getObject(arg0).value; const ret = getObject(arg0).value;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_iterator_7ee1a391d310f8e4 = function() { imports.wbg.__wbg_iterator_db7ca081358d4fb2 = function() {
const ret = Symbol.iterator; const ret = Symbol.iterator;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_get_2aff440840bb6202 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_get_7b48513de5dc5ea4 = function() { return handleError(function (arg0, arg1) {
const ret = Reflect.get(getObject(arg0), getObject(arg1)); const ret = Reflect.get(getObject(arg0), getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_call_669127b9d730c650 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_call_90c26b09837aba1c = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).call(getObject(arg1)); const ret = getObject(arg0).call(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_new_c728d68b8b34487e = function() { imports.wbg.__wbg_new_9fb8d994e1c0aaac = function() {
const ret = new Object(); const ret = new Object();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_self_3fad056edded10bd = function() { return handleError(function () { imports.wbg.__wbg_self_f0e34d89f33b99fd = function() { return handleError(function () {
const ret = self.self; const ret = self.self;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_window_a4f46c98a61d4089 = function() { return handleError(function () { imports.wbg.__wbg_window_d3b084224f4774d7 = function() { return handleError(function () {
const ret = window.window; const ret = window.window;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_globalThis_17eff828815f7d84 = function() { return handleError(function () { imports.wbg.__wbg_globalThis_9caa27ff917c6860 = function() { return handleError(function () {
const ret = globalThis.globalThis; const ret = globalThis.globalThis;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_global_46f939f6541643c5 = function() { return handleError(function () { imports.wbg.__wbg_global_35dfdd59a4da3e74 = function() { return handleError(function () {
const ret = global.global; const ret = global.global;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_from_ba72c50feaf1d8c0 = function(arg0) { imports.wbg.__wbg_from_71add2e723d1f1b2 = function(arg0) {
const ret = Array.from(getObject(arg0)); const ret = Array.from(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isArray_38525be7442aa21e = function(arg0) { imports.wbg.__wbg_isArray_74fb723e24f76012 = function(arg0) {
const ret = Array.isArray(getObject(arg0)); const ret = Array.isArray(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_ArrayBuffer_c7cc317e5c29cc0d = function(arg0) { imports.wbg.__wbg_instanceof_ArrayBuffer_e7d53d51371448e2 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ArrayBuffer; result = getObject(arg0) instanceof ArrayBuffer;
@ -880,7 +880,7 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Error_9f5881c3c4149389 = function(arg0) { imports.wbg.__wbg_instanceof_Error_31ca8d97f188bfbc = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Error; result = getObject(arg0) instanceof Error;
@ -890,58 +890,58 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_message_35f9b952e1b922e2 = function(arg0) { imports.wbg.__wbg_message_55b9ea8030688597 = function(arg0) {
const ret = getObject(arg0).message; const ret = getObject(arg0).message;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_name_e1152a59269f79e5 = function(arg0) { imports.wbg.__wbg_name_e5eede664187fed6 = function(arg0) {
const ret = getObject(arg0).name; const ret = getObject(arg0).name;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_toString_d0cefe4046ecb265 = function(arg0) { imports.wbg.__wbg_toString_a44236e90224e279 = function(arg0) {
const ret = getObject(arg0).toString(); const ret = getObject(arg0).toString();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isSafeInteger_c38b0a16d0c7cef7 = function(arg0) { imports.wbg.__wbg_isSafeInteger_f93fde0dca9820f8 = function(arg0) {
const ret = Number.isSafeInteger(getObject(arg0)); const ret = Number.isSafeInteger(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_entries_6d727b73ee02b7ce = function(arg0) { imports.wbg.__wbg_entries_9e2e2aa45aa5094a = function(arg0) {
const ret = Object.entries(getObject(arg0)); const ret = Object.entries(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_is_c74aa9bb973d6109 = function(arg0, arg1) { imports.wbg.__wbg_is_ff7acd231c75c0e4 = function(arg0, arg1) {
const ret = Object.is(getObject(arg0), getObject(arg1)); const ret = Object.is(getObject(arg0), getObject(arg1));
return ret; return ret;
}; };
imports.wbg.__wbg_resolve_a3252b2860f0a09e = function(arg0) { imports.wbg.__wbg_resolve_6e1c6553a82f85b7 = function(arg0) {
const ret = Promise.resolve(getObject(arg0)); const ret = Promise.resolve(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_89e1c559530b85cf = function(arg0, arg1) { imports.wbg.__wbg_then_3ab08cd4fbb91ae9 = function(arg0, arg1) {
const ret = getObject(arg0).then(getObject(arg1)); const ret = getObject(arg0).then(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_1bbc9edafd859b06 = function(arg0, arg1, arg2) { imports.wbg.__wbg_then_8371cc12cfedc5a2 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).then(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).then(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_buffer_344d9b41efe96da7 = function(arg0) { imports.wbg.__wbg_buffer_a448f833075b71ba = function(arg0) {
const ret = getObject(arg0).buffer; const ret = getObject(arg0).buffer;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_new_d8a000788389a31e = function(arg0) { imports.wbg.__wbg_new_8f67e318f15d7254 = function(arg0) {
const ret = new Uint8Array(getObject(arg0)); const ret = new Uint8Array(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_set_dcfd613a3420f908 = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_2357bf09366ee480 = function(arg0, arg1, arg2) {
getObject(arg0).set(getObject(arg1), arg2 >>> 0); getObject(arg0).set(getObject(arg1), arg2 >>> 0);
}; };
imports.wbg.__wbg_length_a5587d6cd79ab197 = function(arg0) { imports.wbg.__wbg_length_1d25fa9e4ac21ce7 = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Uint8Array_19e6f142a5e7e1e1 = function(arg0) { imports.wbg.__wbg_instanceof_Uint8Array_bced6f43aed8c1aa = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Uint8Array; result = getObject(arg0) instanceof Uint8Array;
@ -951,7 +951,7 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_set_40f7786a25a9cc7e = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_set_759f75cd92b612d2 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2)); const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2));
return ret; return ret;
}, arguments) }; }, arguments) };
@ -969,16 +969,16 @@ function __wbg_get_imports() {
const ret = wasm.memory; const ret = wasm.memory;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1235 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1222 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 558, __wbg_adapter_38); const ret = makeMutClosure(arg0, arg1, 541, __wbg_adapter_38);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1369 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1337 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 624, __wbg_adapter_41); const ret = makeMutClosure(arg0, arg1, 593, __wbg_adapter_41);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1450 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1417 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 655, __wbg_adapter_44); const ret = makeMutClosure(arg0, arg1, 622, __wbg_adapter_44);
return addHeapObject(ret); return addHeapObject(ret);
}; };

BIN
server/web_ui/pkg/kanidmd_web_ui_admin.js.br
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_admin_bg.wasm
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_admin_bg.wasm.br
View file

Binary file not shown.

290
server/web_ui/pkg/kanidmd_web_ui_login_flows.js
View file

@ -232,19 +232,19 @@ function addBorrowedObject(obj) {
} }
function __wbg_adapter_48(arg0, arg1, arg2) { function __wbg_adapter_48(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h3592199ac636c7ab(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hcd8161c254227fe4(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
} }
function __wbg_adapter_51(arg0, arg1, arg2) { function __wbg_adapter_51(arg0, arg1, arg2) {
wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h71282a39cf9f54cc(arg0, arg1, addHeapObject(arg2)); wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hbb91bcb76d7d57c6(arg0, arg1, addHeapObject(arg2));
} }
function __wbg_adapter_54(arg0, arg1, arg2) { function __wbg_adapter_54(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h0e38a66b2b075f9c(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h8e106c18de4fadc7(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
@ -346,6 +346,15 @@ function __wbg_get_imports() {
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbindgen_cb_drop = function(arg0) {
const obj = takeObject(arg0).original;
if (obj.cnt-- == 1) {
obj.a = 0;
return true;
}
const ret = false;
return ret;
};
imports.wbg.__wbindgen_boolean_get = function(arg0) { imports.wbg.__wbindgen_boolean_get = function(arg0) {
const v = getObject(arg0); const v = getObject(arg0);
const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2; const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2;
@ -390,23 +399,14 @@ function __wbg_get_imports() {
const ret = getObject(arg0) === undefined; const ret = getObject(arg0) === undefined;
return ret; return ret;
}; };
imports.wbg.__wbindgen_cb_drop = function(arg0) { imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
const obj = takeObject(arg0).original; const ret = getObject(arg0);
if (obj.cnt-- == 1) { return addHeapObject(ret);
obj.a = 0;
return true;
}
const ret = false;
return ret;
}; };
imports.wbg.__wbindgen_error_new = function(arg0, arg1) { imports.wbg.__wbindgen_error_new = function(arg0, arg1) {
const ret = new Error(getStringFromWasm0(arg0, arg1)); const ret = new Error(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
const ret = getObject(arg0);
return addHeapObject(ret);
};
imports.wbg.__wbg_setlistenerid_3183aae8fa5840fb = function(arg0, arg1) { imports.wbg.__wbg_setlistenerid_3183aae8fa5840fb = function(arg0, arg1) {
getObject(arg0).__yew_listener_id = arg1 >>> 0; getObject(arg0).__yew_listener_id = arg1 >>> 0;
}; };
@ -464,10 +464,10 @@ function __wbg_get_imports() {
imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) {
getObject(arg0)[takeObject(arg1)] = takeObject(arg2); getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
}; };
imports.wbg.__wbg_queueMicrotask_e5949c35d772a669 = function(arg0) { imports.wbg.__wbg_queueMicrotask_4d890031a6a5a50c = function(arg0) {
queueMicrotask(getObject(arg0)); queueMicrotask(getObject(arg0));
}; };
imports.wbg.__wbg_queueMicrotask_2be8b97a81fe4d00 = function(arg0) { imports.wbg.__wbg_queueMicrotask_adae4bc085237231 = function(arg0) {
const ret = getObject(arg0).queueMicrotask; const ret = getObject(arg0).queueMicrotask;
return addHeapObject(ret); return addHeapObject(ret);
}; };
@ -507,31 +507,31 @@ function __wbg_get_imports() {
wasm.__wbindgen_free(arg0, arg1 * 4, 4); wasm.__wbindgen_free(arg0, arg1 * 4, 4);
console.warn(...v0); console.warn(...v0);
}; };
imports.wbg.__wbg_body_11da0c1aa9610cb3 = function(arg0) { imports.wbg.__wbg_body_64abc9aba1891e91 = function(arg0) {
const ret = getObject(arg0).body; const ret = getObject(arg0).body;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_createElement_9ce3fdea8322ff34 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_createElement_fdd5c113cb84539e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createElementNS_6a08d8f33e767e18 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_createElementNS_524b05a6070757b6 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createTextNode_01a7250c5ca46b04 = function(arg0, arg1, arg2) { imports.wbg.__wbg_createTextNode_7ff0c034b2855f66 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_getElementById_328f8c4a5bb51ba8 = function(arg0, arg1, arg2) { imports.wbg.__wbg_getElementById_65b9547a428b5eb4 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).getElementById(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).getElementById(getStringFromWasm0(arg1, arg2));
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_querySelector_391afe271b8236d5 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_querySelector_c72dce5ac4b6bc3e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2));
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_Window_cde2416cf5126a72 = function(arg0) { imports.wbg.__wbg_instanceof_Window_3e5cd1f48c152d01 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Window; result = getObject(arg0) instanceof Window;
@ -541,35 +541,35 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_document_183cf1eecfdbffee = function(arg0) { imports.wbg.__wbg_document_d609202d16c38224 = function(arg0) {
const ret = getObject(arg0).document; const ret = getObject(arg0).document;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_location_61ca61017633c753 = function(arg0) { imports.wbg.__wbg_location_176c34e89c2c9d80 = function(arg0) {
const ret = getObject(arg0).location; const ret = getObject(arg0).location;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_history_56dc869560201113 = function() { return handleError(function (arg0) { imports.wbg.__wbg_history_80998b7456bf367e = function() { return handleError(function (arg0) {
const ret = getObject(arg0).history; const ret = getObject(arg0).history;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_navigator_7078da62d92ff5ad = function(arg0) { imports.wbg.__wbg_navigator_96ba491902f8f083 = function(arg0) {
const ret = getObject(arg0).navigator; const ret = getObject(arg0).navigator;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_localStorage_e11f72e996a4f5d9 = function() { return handleError(function (arg0) { imports.wbg.__wbg_localStorage_8c507fd281456944 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).localStorage; const ret = getObject(arg0).localStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_sessionStorage_071949dc646bfd35 = function() { return handleError(function (arg0) { imports.wbg.__wbg_sessionStorage_adb12b0c8ea06c48 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).sessionStorage; const ret = getObject(arg0).sessionStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_fetch_8cebc656dc6b11b1 = function(arg0, arg1) { imports.wbg.__wbg_fetch_6c415b3a07763878 = function(arg0, arg1) {
const ret = getObject(arg0).fetch(getObject(arg1)); const ret = getObject(arg0).fetch(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_instanceof_Element_6c7af07f5e6c8d69 = function(arg0) { imports.wbg.__wbg_instanceof_Element_3f326a19cc457941 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Element; result = getObject(arg0) instanceof Element;
@ -579,38 +579,38 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_namespaceURI_2dd94d0147ffddf2 = function(arg0, arg1) { imports.wbg.__wbg_namespaceURI_7cc7ef157e398356 = function(arg0, arg1) {
const ret = getObject(arg1).namespaceURI; const ret = getObject(arg1).namespaceURI;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_classList_7fd39dc155235d8a = function(arg0) { imports.wbg.__wbg_classList_82893a9100db6428 = function(arg0) {
const ret = getObject(arg0).classList; const ret = getObject(arg0).classList;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_setinnerHTML_b88bf159b62c2334 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setinnerHTML_ce0d6527ce4086f2 = function(arg0, arg1, arg2) {
getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2); getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_outerHTML_72dcf3aa34725f10 = function(arg0, arg1) { imports.wbg.__wbg_outerHTML_b5a8d952b5615778 = function(arg0, arg1) {
const ret = getObject(arg1).outerHTML; const ret = getObject(arg1).outerHTML;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_children_af5a3246832628b1 = function(arg0) { imports.wbg.__wbg_children_990f38c4f4d5c721 = function(arg0) {
const ret = getObject(arg0).children; const ret = getObject(arg0).children;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_removeAttribute_dbd76981f9bb9f59 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeAttribute_2e200daefb9f3ed4 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setAttribute_aebcae2169f2f869 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setAttribute_e7b72a5e7cfcb5a3 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_HtmlElement_d9fe655ad4f1046c = function(arg0) { imports.wbg.__wbg_instanceof_HtmlElement_55a0f0f0f0f0118e = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof HTMLElement; result = getObject(arg0) instanceof HTMLElement;
@ -620,86 +620,86 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_focus_bab0841297cb9142 = function() { return handleError(function (arg0) { imports.wbg.__wbg_focus_6d3d2b6776d06f7f = function() { return handleError(function (arg0) {
getObject(arg0).focus(); getObject(arg0).focus();
}, arguments) }; }, arguments) };
imports.wbg.__wbg_get_be3f61d062825ba1 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_get_41904a8f394b5093 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).get(getObject(arg1)); const ret = getObject(arg0).get(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_credentials_6a08cfc972615f5c = function(arg0) { imports.wbg.__wbg_credentials_cef3aa4d1e919496 = function(arg0) {
const ret = getObject(arg0).credentials; const ret = getObject(arg0).credentials;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_getItem_c81cd3ae30cd579a = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_getItem_5395a7e200c31e89 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeItem_58a487fe7fc070f0 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeItem_c84f914587f36b1a = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setItem_fe04f524052a3839 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setItem_3786c4c8dd0c9bd0 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_addEventListener_51709b9747ad8980 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_addEventListener_374cbfd2bbc19ccf = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4)); getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeEventListener_5b1e762a7951280a = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_removeEventListener_9ece7e86d1135657 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0); getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_state_78eaa7b6ff3123a0 = function() { return handleError(function (arg0) { imports.wbg.__wbg_state_ba77b2c3ee29c912 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).state; const ret = getObject(arg0).state;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_pushState_8eaca41f86b13910 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) { imports.wbg.__wbg_pushState_e159043fce8f87bc = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) {
getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5)); getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_92490614763f3f7c = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_href_160af2ae1328d7b7 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_sethref_2c377515f8ddd13a = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_sethref_90b000c8b01f96b1 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).href = getStringFromWasm0(arg1, arg2); getObject(arg0).href = getStringFromWasm0(arg1, arg2);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_pathname_cd5a90c8f3ab524a = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_pathname_1ab7e82aaa4511ff = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).pathname; const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_search_08fbba2309a249da = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_search_9f7ca8896c2d0804 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).search; const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_hash_ced9ee31706e591d = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_hash_be2940ca236b5efc = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).hash; const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_replace_4f50b38e38ea7fd6 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_replace_c73ceee21ffa44ab = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).replace(getStringFromWasm0(arg1, arg2)); getObject(arg0).replace(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_headers_4711243cf3bffca0 = function(arg0) { imports.wbg.__wbg_headers_d135d2bb8cc60413 = function(arg0) {
const ret = getObject(arg0).headers; const ret = getObject(arg0).headers;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newwithstrandinit_29038da14d09e330 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_newwithstrandinit_f581dff0d19a8b03 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2)); const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_Response_944e2745b5db71f5 = function(arg0) { imports.wbg.__wbg_instanceof_Response_4c3b1446206114d1 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Response; result = getObject(arg0) instanceof Response;
@ -709,57 +709,57 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_status_7841bb47be2a8f16 = function(arg0) { imports.wbg.__wbg_status_d6d47ad2837621eb = function(arg0) {
const ret = getObject(arg0).status; const ret = getObject(arg0).status;
return ret; return ret;
}; };
imports.wbg.__wbg_headers_ea7ef583d1564b08 = function(arg0) { imports.wbg.__wbg_headers_24def508a7518df9 = function(arg0) {
const ret = getObject(arg0).headers; const ret = getObject(arg0).headers;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_json_7f96c90903ae4155 = function() { return handleError(function (arg0) { imports.wbg.__wbg_json_34535d9848f043eb = function() { return handleError(function (arg0) {
const ret = getObject(arg0).json(); const ret = getObject(arg0).json();
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_parentNode_e1c214fc3f362af0 = function(arg0) { imports.wbg.__wbg_parentNode_92a7017b3a4fad43 = function(arg0) {
const ret = getObject(arg0).parentNode; const ret = getObject(arg0).parentNode;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_parentElement_592cb54944d3d002 = function(arg0) { imports.wbg.__wbg_parentElement_72e144c2e8d9e0b5 = function(arg0) {
const ret = getObject(arg0).parentElement; const ret = getObject(arg0).parentElement;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_lastChild_b17b3c7498d25bd7 = function(arg0) { imports.wbg.__wbg_lastChild_a62e3fbaab87f734 = function(arg0) {
const ret = getObject(arg0).lastChild; const ret = getObject(arg0).lastChild;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_nextSibling_d029031876ed1b1b = function(arg0) { imports.wbg.__wbg_nextSibling_bafccd3347d24543 = function(arg0) {
const ret = getObject(arg0).nextSibling; const ret = getObject(arg0).nextSibling;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_setnodeValue_321840a6762ab272 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setnodeValue_630c6470d05b600e = function(arg0, arg1, arg2) {
getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2); getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_textContent_d69d000f6081b514 = function(arg0, arg1) { imports.wbg.__wbg_textContent_2f37235e13f8484b = function(arg0, arg1) {
const ret = getObject(arg1).textContent; const ret = getObject(arg1).textContent;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_appendChild_2e6a6c9d1f0d443d = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_appendChild_d30e6b83791d04c0 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).appendChild(getObject(arg1)); const ret = getObject(arg0).appendChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_insertBefore_bdaeec8969497673 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_insertBefore_726c1640c419e940 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeChild_a63022ebbfa6ebf5 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_removeChild_942eb9c02243d84d = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).removeChild(getObject(arg1)); const ret = getObject(arg0).removeChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_ShadowRoot_f85f709c953844de = function(arg0) { imports.wbg.__wbg_instanceof_ShadowRoot_0bd39e89ab117f86 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ShadowRoot; result = getObject(arg0) instanceof ShadowRoot;
@ -769,63 +769,63 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_host_73c8e95bf9b31ccd = function(arg0) { imports.wbg.__wbg_host_09eee5e3d9cf59a1 = function(arg0) {
const ret = getObject(arg0).host; const ret = getObject(arg0).host;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_getClientExtensionResults_d4b9b581db88e947 = function(arg0) { imports.wbg.__wbg_getClientExtensionResults_8da1aa123f3b7c0b = function(arg0) {
const ret = getObject(arg0).getClientExtensionResults(); const ret = getObject(arg0).getClientExtensionResults();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_log_7811587c4c6d2844 = function(arg0) { imports.wbg.__wbg_log_a4530b4fe289336f = function(arg0) {
console.log(getObject(arg0)); console.log(getObject(arg0));
}; };
imports.wbg.__wbg_add_dc5c00591ed65268 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_add_e0f3c5b6e421c311 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).add(getStringFromWasm0(arg1, arg2)); getObject(arg0).add(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_remove_9517d3139a6031f1 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_remove_c6ba26a0a6906129 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).remove(getStringFromWasm0(arg1, arg2)); getObject(arg0).remove(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_7f944b48b612250e = function(arg0, arg1) { imports.wbg.__wbg_href_e9aac3826080dcaa = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_pathname_a83d8f2ebefa6791 = function(arg0, arg1) { imports.wbg.__wbg_pathname_aeafa820be91c325 = function(arg0, arg1) {
const ret = getObject(arg1).pathname; const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_search_8c5f74fa2d11377e = function(arg0, arg1) { imports.wbg.__wbg_search_f6e95882a48d3f69 = function(arg0, arg1) {
const ret = getObject(arg1).search; const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_hash_f468e7d38a21a76a = function(arg0, arg1) { imports.wbg.__wbg_hash_0087751acddc8f2a = function(arg0, arg1) {
const ret = getObject(arg1).hash; const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_sethash_7c3032584865b2bd = function(arg0, arg1, arg2) { imports.wbg.__wbg_sethash_bfc9db317a77305c = function(arg0, arg1, arg2) {
getObject(arg0).hash = getStringFromWasm0(arg1, arg2); getObject(arg0).hash = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_new_d7cd05d9de7d4000 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_new_9e08fd37c1c53142 = function() { return handleError(function (arg0, arg1) {
const ret = new URL(getStringFromWasm0(arg0, arg1)); const ret = new URL(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_newwithbase_604e8dfd42d25665 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_newwithbase_f4989aa5bbd5cc29 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3)); const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_HtmlInputElement_8f81a6600ceb1918 = function(arg0) { imports.wbg.__wbg_instanceof_HtmlInputElement_e7869aaef9cbb0e6 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof HTMLInputElement; result = getObject(arg0) instanceof HTMLInputElement;
@ -835,149 +835,149 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_checked_1ce2f33e2ed42870 = function(arg0) { imports.wbg.__wbg_checked_f46acdc11342a4bd = function(arg0) {
const ret = getObject(arg0).checked; const ret = getObject(arg0).checked;
return ret; return ret;
}; };
imports.wbg.__wbg_setchecked_5757666239434ecd = function(arg0, arg1) { imports.wbg.__wbg_setchecked_c1d5c3726082e274 = function(arg0, arg1) {
getObject(arg0).checked = arg1 !== 0; getObject(arg0).checked = arg1 !== 0;
}; };
imports.wbg.__wbg_value_5e860795f53217cd = function(arg0, arg1) { imports.wbg.__wbg_value_e024243a9dae20bc = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_7d187f6cc23d8192 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_5b3442ff620b4a5d = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_bubbles_c27af65192eb3569 = function(arg0) { imports.wbg.__wbg_bubbles_f1cdd0584446cad0 = function(arg0) {
const ret = getObject(arg0).bubbles; const ret = getObject(arg0).bubbles;
return ret; return ret;
}; };
imports.wbg.__wbg_cancelBubble_ee3f70328e901584 = function(arg0) { imports.wbg.__wbg_cancelBubble_976cfdf7ac449a6c = function(arg0) {
const ret = getObject(arg0).cancelBubble; const ret = getObject(arg0).cancelBubble;
return ret; return ret;
}; };
imports.wbg.__wbg_composedPath_ee37eece046b69a2 = function(arg0) { imports.wbg.__wbg_composedPath_12a068e57a98cf90 = function(arg0) {
const ret = getObject(arg0).composedPath(); const ret = getObject(arg0).composedPath();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_preventDefault_9299867e06da6909 = function(arg0) { imports.wbg.__wbg_preventDefault_7f821f72e7c6b5d4 = function(arg0) {
getObject(arg0).preventDefault(); getObject(arg0).preventDefault();
}; };
imports.wbg.__wbg_get_9470c6584bbde430 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_get_0231cdd369e04a1d = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_set_2912c891505cbc22 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_set_27f236f6d7a28c29 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_2777cc28ba3aac82 = function(arg0, arg1) { imports.wbg.__wbg_href_f21dc804d4da134a = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_value_539db729f551be3a = function(arg0, arg1) { imports.wbg.__wbg_value_57e57170f6952449 = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_15231c60278dee22 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_a11f3069fd7a1805 = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_get_4a9aa5157afeb382 = function(arg0, arg1) { imports.wbg.__wbg_get_f01601b5a68d10e3 = function(arg0, arg1) {
const ret = getObject(arg0)[arg1 >>> 0]; const ret = getObject(arg0)[arg1 >>> 0];
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_length_cace2e0b3ddc0502 = function(arg0) { imports.wbg.__wbg_length_1009b1af0c481d7b = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_new_08236689f0afb357 = function() { imports.wbg.__wbg_new_ffc6d4d085022169 = function() {
const ret = new Array(); const ret = new Array();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newnoargs_ccdcae30fd002262 = function(arg0, arg1) { imports.wbg.__wbg_newnoargs_c62ea9419c21fbac = function(arg0, arg1) {
const ret = new Function(getStringFromWasm0(arg0, arg1)); const ret = new Function(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_new_1b94180eeb48f2a2 = function() { imports.wbg.__wbg_new_bfd4534b584a9593 = function() {
const ret = new Map(); const ret = new Map();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_15da6a3df9290720 = function(arg0) { imports.wbg.__wbg_next_9b877f231f476d01 = function(arg0) {
const ret = getObject(arg0).next; const ret = getObject(arg0).next;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_1989a20442400aaa = function() { return handleError(function (arg0) { imports.wbg.__wbg_next_6529ee0cca8d57ed = function() { return handleError(function (arg0) {
const ret = getObject(arg0).next(); const ret = getObject(arg0).next();
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_done_bc26bf4ada718266 = function(arg0) { imports.wbg.__wbg_done_5fe336b092d60cf2 = function(arg0) {
const ret = getObject(arg0).done; const ret = getObject(arg0).done;
return ret; return ret;
}; };
imports.wbg.__wbg_value_0570714ff7d75f35 = function(arg0) { imports.wbg.__wbg_value_0c248a78fdc8e19f = function(arg0) {
const ret = getObject(arg0).value; const ret = getObject(arg0).value;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_iterator_7ee1a391d310f8e4 = function() { imports.wbg.__wbg_iterator_db7ca081358d4fb2 = function() {
const ret = Symbol.iterator; const ret = Symbol.iterator;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_get_2aff440840bb6202 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_get_7b48513de5dc5ea4 = function() { return handleError(function (arg0, arg1) {
const ret = Reflect.get(getObject(arg0), getObject(arg1)); const ret = Reflect.get(getObject(arg0), getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_call_669127b9d730c650 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_call_90c26b09837aba1c = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).call(getObject(arg1)); const ret = getObject(arg0).call(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_new_c728d68b8b34487e = function() { imports.wbg.__wbg_new_9fb8d994e1c0aaac = function() {
const ret = new Object(); const ret = new Object();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_self_3fad056edded10bd = function() { return handleError(function () { imports.wbg.__wbg_self_f0e34d89f33b99fd = function() { return handleError(function () {
const ret = self.self; const ret = self.self;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_window_a4f46c98a61d4089 = function() { return handleError(function () { imports.wbg.__wbg_window_d3b084224f4774d7 = function() { return handleError(function () {
const ret = window.window; const ret = window.window;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_globalThis_17eff828815f7d84 = function() { return handleError(function () { imports.wbg.__wbg_globalThis_9caa27ff917c6860 = function() { return handleError(function () {
const ret = globalThis.globalThis; const ret = globalThis.globalThis;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_global_46f939f6541643c5 = function() { return handleError(function () { imports.wbg.__wbg_global_35dfdd59a4da3e74 = function() { return handleError(function () {
const ret = global.global; const ret = global.global;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_set_0ac78a2bc07da03c = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_f2740edb12e318cd = function(arg0, arg1, arg2) {
getObject(arg0)[arg1 >>> 0] = takeObject(arg2); getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
}; };
imports.wbg.__wbg_from_ba72c50feaf1d8c0 = function(arg0) { imports.wbg.__wbg_from_71add2e723d1f1b2 = function(arg0) {
const ret = Array.from(getObject(arg0)); const ret = Array.from(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isArray_38525be7442aa21e = function(arg0) { imports.wbg.__wbg_isArray_74fb723e24f76012 = function(arg0) {
const ret = Array.isArray(getObject(arg0)); const ret = Array.isArray(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_push_fd3233d09cf81821 = function(arg0, arg1) { imports.wbg.__wbg_push_901f3914205d44de = function(arg0, arg1) {
const ret = getObject(arg0).push(getObject(arg1)); const ret = getObject(arg0).push(getObject(arg1));
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_ArrayBuffer_c7cc317e5c29cc0d = function(arg0) { imports.wbg.__wbg_instanceof_ArrayBuffer_e7d53d51371448e2 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ArrayBuffer; result = getObject(arg0) instanceof ArrayBuffer;
@ -987,7 +987,7 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Error_9f5881c3c4149389 = function(arg0) { imports.wbg.__wbg_instanceof_Error_31ca8d97f188bfbc = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Error; result = getObject(arg0) instanceof Error;
@ -997,66 +997,66 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_message_35f9b952e1b922e2 = function(arg0) { imports.wbg.__wbg_message_55b9ea8030688597 = function(arg0) {
const ret = getObject(arg0).message; const ret = getObject(arg0).message;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_name_e1152a59269f79e5 = function(arg0) { imports.wbg.__wbg_name_e5eede664187fed6 = function(arg0) {
const ret = getObject(arg0).name; const ret = getObject(arg0).name;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_toString_d0cefe4046ecb265 = function(arg0) { imports.wbg.__wbg_toString_a44236e90224e279 = function(arg0) {
const ret = getObject(arg0).toString(); const ret = getObject(arg0).toString();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_set_3355b9f2d3092e3b = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_d257c6f2da008627 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).set(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isSafeInteger_c38b0a16d0c7cef7 = function(arg0) { imports.wbg.__wbg_isSafeInteger_f93fde0dca9820f8 = function(arg0) {
const ret = Number.isSafeInteger(getObject(arg0)); const ret = Number.isSafeInteger(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_entries_6d727b73ee02b7ce = function(arg0) { imports.wbg.__wbg_entries_9e2e2aa45aa5094a = function(arg0) {
const ret = Object.entries(getObject(arg0)); const ret = Object.entries(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_is_c74aa9bb973d6109 = function(arg0, arg1) { imports.wbg.__wbg_is_ff7acd231c75c0e4 = function(arg0, arg1) {
const ret = Object.is(getObject(arg0), getObject(arg1)); const ret = Object.is(getObject(arg0), getObject(arg1));
return ret; return ret;
}; };
imports.wbg.__wbg_resolve_a3252b2860f0a09e = function(arg0) { imports.wbg.__wbg_resolve_6e1c6553a82f85b7 = function(arg0) {
const ret = Promise.resolve(getObject(arg0)); const ret = Promise.resolve(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_89e1c559530b85cf = function(arg0, arg1) { imports.wbg.__wbg_then_3ab08cd4fbb91ae9 = function(arg0, arg1) {
const ret = getObject(arg0).then(getObject(arg1)); const ret = getObject(arg0).then(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_1bbc9edafd859b06 = function(arg0, arg1, arg2) { imports.wbg.__wbg_then_8371cc12cfedc5a2 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).then(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).then(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_buffer_344d9b41efe96da7 = function(arg0) { imports.wbg.__wbg_buffer_a448f833075b71ba = function(arg0) {
const ret = getObject(arg0).buffer; const ret = getObject(arg0).buffer;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newwithbyteoffsetandlength_2dc04d99088b15e3 = function(arg0, arg1, arg2) { imports.wbg.__wbg_newwithbyteoffsetandlength_d0482f893617af71 = function(arg0, arg1, arg2) {
const ret = new Uint8Array(getObject(arg0), arg1 >>> 0, arg2 >>> 0); const ret = new Uint8Array(getObject(arg0), arg1 >>> 0, arg2 >>> 0);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_new_d8a000788389a31e = function(arg0) { imports.wbg.__wbg_new_8f67e318f15d7254 = function(arg0) {
const ret = new Uint8Array(getObject(arg0)); const ret = new Uint8Array(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_set_dcfd613a3420f908 = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_2357bf09366ee480 = function(arg0, arg1, arg2) {
getObject(arg0).set(getObject(arg1), arg2 >>> 0); getObject(arg0).set(getObject(arg1), arg2 >>> 0);
}; };
imports.wbg.__wbg_length_a5587d6cd79ab197 = function(arg0) { imports.wbg.__wbg_length_1d25fa9e4ac21ce7 = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Uint8Array_19e6f142a5e7e1e1 = function(arg0) { imports.wbg.__wbg_instanceof_Uint8Array_bced6f43aed8c1aa = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Uint8Array; result = getObject(arg0) instanceof Uint8Array;
@ -1066,11 +1066,11 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_set_40f7786a25a9cc7e = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_set_759f75cd92b612d2 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2)); const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2));
return ret; return ret;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_stringify_4039297315a25b00 = function() { return handleError(function (arg0) { imports.wbg.__wbg_stringify_e1b19966d964d242 = function() { return handleError(function (arg0) {
const ret = JSON.stringify(getObject(arg0)); const ret = JSON.stringify(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
@ -1094,16 +1094,16 @@ function __wbg_get_imports() {
const ret = wasm.memory; const ret = wasm.memory;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1388 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1297 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 488, __wbg_adapter_48); const ret = makeMutClosure(arg0, arg1, 459, __wbg_adapter_48);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1773 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1737 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 630, __wbg_adapter_51); const ret = makeMutClosure(arg0, arg1, 601, __wbg_adapter_51);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1855 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1822 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 661, __wbg_adapter_54); const ret = makeMutClosure(arg0, arg1, 632, __wbg_adapter_54);
return addHeapObject(ret); return addHeapObject(ret);
}; };

BIN
server/web_ui/pkg/kanidmd_web_ui_login_flows.js.br
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_login_flows_bg.wasm
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_login_flows_bg.wasm.br
View file

Binary file not shown.

408
server/web_ui/pkg/kanidmd_web_ui_user.js
View file

@ -225,7 +225,7 @@ function makeMutClosure(arg0, arg1, dtor, f) {
return real; return real;
} }
function __wbg_adapter_48(arg0, arg1) { function __wbg_adapter_48(arg0, arg1) {
wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h4b3f7f6f56bc064a(arg0, arg1); wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h0c62d2840bb83f65(arg0, arg1);
} }
let stack_pointer = 128; let stack_pointer = 128;
@ -237,19 +237,19 @@ function addBorrowedObject(obj) {
} }
function __wbg_adapter_51(arg0, arg1, arg2) { function __wbg_adapter_51(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__ha7af6bbd80504275(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h703c5e695d9d8aa0(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
} }
function __wbg_adapter_54(arg0, arg1, arg2) { function __wbg_adapter_54(arg0, arg1, arg2) {
wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h71282a39cf9f54cc(arg0, arg1, addHeapObject(arg2)); wasm._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hbb91bcb76d7d57c6(arg0, arg1, addHeapObject(arg2));
} }
function __wbg_adapter_57(arg0, arg1, arg2) { function __wbg_adapter_57(arg0, arg1, arg2) {
try { try {
wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__he72980a19bbd8d74(arg0, arg1, addBorrowedObject(arg2)); wasm._dyn_core__ops__function__FnMut___A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h16a1b64144cde668(arg0, arg1, addBorrowedObject(arg2));
} finally { } finally {
heap[stack_pointer++] = undefined; heap[stack_pointer++] = undefined;
} }
@ -403,14 +403,14 @@ function __wbg_get_imports() {
const ret = false; const ret = false;
return ret; return ret;
}; };
imports.wbg.__wbindgen_error_new = function(arg0, arg1) {
const ret = new Error(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret);
};
imports.wbg.__wbindgen_object_clone_ref = function(arg0) { imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
const ret = getObject(arg0); const ret = getObject(arg0);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_error_new = function(arg0, arg1) {
const ret = new Error(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret);
};
imports.wbg.__wbg_clearTimeout_541ac0980ffcef74 = function(arg0) { imports.wbg.__wbg_clearTimeout_541ac0980ffcef74 = function(arg0) {
const ret = clearTimeout(takeObject(arg0)); const ret = clearTimeout(takeObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
@ -476,10 +476,10 @@ function __wbg_get_imports() {
wasm.__wbindgen_free(deferred0_0, deferred0_1, 1); wasm.__wbindgen_free(deferred0_0, deferred0_1, 1);
} }
}; };
imports.wbg.__wbg_queueMicrotask_e5949c35d772a669 = function(arg0) { imports.wbg.__wbg_queueMicrotask_4d890031a6a5a50c = function(arg0) {
queueMicrotask(getObject(arg0)); queueMicrotask(getObject(arg0));
}; };
imports.wbg.__wbg_queueMicrotask_2be8b97a81fe4d00 = function(arg0) { imports.wbg.__wbg_queueMicrotask_adae4bc085237231 = function(arg0) {
const ret = getObject(arg0).queueMicrotask; const ret = getObject(arg0).queueMicrotask;
return addHeapObject(ret); return addHeapObject(ret);
}; };
@ -520,38 +520,38 @@ function __wbg_get_imports() {
imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_20cbc34131e76824 = function(arg0, arg1, arg2) {
getObject(arg0)[takeObject(arg1)] = takeObject(arg2); getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
}; };
imports.wbg.__wbg_documentURI_0b154b59e1e400a6 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_documentURI_5d5237c96f11d7e6 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).documentURI; const ret = getObject(arg1).documentURI;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_body_11da0c1aa9610cb3 = function(arg0) { imports.wbg.__wbg_body_64abc9aba1891e91 = function(arg0) {
const ret = getObject(arg0).body; const ret = getObject(arg0).body;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_createElement_9ce3fdea8322ff34 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_createElement_fdd5c113cb84539e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createElement(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createElementNS_6a08d8f33e767e18 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_createElementNS_524b05a6070757b6 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); const ret = getObject(arg0).createElementNS(arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_createTextNode_01a7250c5ca46b04 = function(arg0, arg1, arg2) { imports.wbg.__wbg_createTextNode_7ff0c034b2855f66 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).createTextNode(getStringFromWasm0(arg1, arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_getElementById_328f8c4a5bb51ba8 = function(arg0, arg1, arg2) { imports.wbg.__wbg_getElementById_65b9547a428b5eb4 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).getElementById(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).getElementById(getStringFromWasm0(arg1, arg2));
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_querySelector_391afe271b8236d5 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_querySelector_c72dce5ac4b6bc3e = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg0).querySelector(getStringFromWasm0(arg1, arg2));
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_Window_cde2416cf5126a72 = function(arg0) { imports.wbg.__wbg_instanceof_Window_3e5cd1f48c152d01 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Window; result = getObject(arg0) instanceof Window;
@ -561,35 +561,35 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_document_183cf1eecfdbffee = function(arg0) { imports.wbg.__wbg_document_d609202d16c38224 = function(arg0) {
const ret = getObject(arg0).document; const ret = getObject(arg0).document;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_location_61ca61017633c753 = function(arg0) { imports.wbg.__wbg_location_176c34e89c2c9d80 = function(arg0) {
const ret = getObject(arg0).location; const ret = getObject(arg0).location;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_history_56dc869560201113 = function() { return handleError(function (arg0) { imports.wbg.__wbg_history_80998b7456bf367e = function() { return handleError(function (arg0) {
const ret = getObject(arg0).history; const ret = getObject(arg0).history;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_navigator_7078da62d92ff5ad = function(arg0) { imports.wbg.__wbg_navigator_96ba491902f8f083 = function(arg0) {
const ret = getObject(arg0).navigator; const ret = getObject(arg0).navigator;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_localStorage_e11f72e996a4f5d9 = function() { return handleError(function (arg0) { imports.wbg.__wbg_localStorage_8c507fd281456944 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).localStorage; const ret = getObject(arg0).localStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_sessionStorage_071949dc646bfd35 = function() { return handleError(function (arg0) { imports.wbg.__wbg_sessionStorage_adb12b0c8ea06c48 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).sessionStorage; const ret = getObject(arg0).sessionStorage;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_fetch_8cebc656dc6b11b1 = function(arg0, arg1) { imports.wbg.__wbg_fetch_6c415b3a07763878 = function(arg0, arg1) {
const ret = getObject(arg0).fetch(getObject(arg1)); const ret = getObject(arg0).fetch(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_instanceof_Element_6c7af07f5e6c8d69 = function(arg0) { imports.wbg.__wbg_instanceof_Element_3f326a19cc457941 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Element; result = getObject(arg0) instanceof Element;
@ -599,38 +599,38 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_namespaceURI_2dd94d0147ffddf2 = function(arg0, arg1) { imports.wbg.__wbg_namespaceURI_7cc7ef157e398356 = function(arg0, arg1) {
const ret = getObject(arg1).namespaceURI; const ret = getObject(arg1).namespaceURI;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_classList_7fd39dc155235d8a = function(arg0) { imports.wbg.__wbg_classList_82893a9100db6428 = function(arg0) {
const ret = getObject(arg0).classList; const ret = getObject(arg0).classList;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_setinnerHTML_b88bf159b62c2334 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setinnerHTML_ce0d6527ce4086f2 = function(arg0, arg1, arg2) {
getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2); getObject(arg0).innerHTML = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_outerHTML_72dcf3aa34725f10 = function(arg0, arg1) { imports.wbg.__wbg_outerHTML_b5a8d952b5615778 = function(arg0, arg1) {
const ret = getObject(arg1).outerHTML; const ret = getObject(arg1).outerHTML;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_children_af5a3246832628b1 = function(arg0) { imports.wbg.__wbg_children_990f38c4f4d5c721 = function(arg0) {
const ret = getObject(arg0).children; const ret = getObject(arg0).children;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_removeAttribute_dbd76981f9bb9f59 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeAttribute_2e200daefb9f3ed4 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeAttribute(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setAttribute_aebcae2169f2f869 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setAttribute_e7b72a5e7cfcb5a3 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setAttribute(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_HtmlElement_d9fe655ad4f1046c = function(arg0) { imports.wbg.__wbg_instanceof_HtmlElement_55a0f0f0f0f0118e = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof HTMLElement; result = getObject(arg0) instanceof HTMLElement;
@ -640,193 +640,137 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_focus_bab0841297cb9142 = function() { return handleError(function (arg0) { imports.wbg.__wbg_focus_6d3d2b6776d06f7f = function() { return handleError(function (arg0) {
getObject(arg0).focus(); getObject(arg0).focus();
}, arguments) }; }, arguments) };
imports.wbg.__wbg_credentials_6a08cfc972615f5c = function(arg0) { imports.wbg.__wbg_credentials_cef3aa4d1e919496 = function(arg0) {
const ret = getObject(arg0).credentials; const ret = getObject(arg0).credentials;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_getItem_c81cd3ae30cd579a = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_getItem_5395a7e200c31e89 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).getItem(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeItem_58a487fe7fc070f0 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_removeItem_c84f914587f36b1a = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2)); getObject(arg0).removeItem(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_setItem_fe04f524052a3839 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_setItem_3786c4c8dd0c9bd0 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).setItem(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_7f944b48b612250e = function(arg0, arg1) { imports.wbg.__wbg_href_e9aac3826080dcaa = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_pathname_a83d8f2ebefa6791 = function(arg0, arg1) { imports.wbg.__wbg_pathname_aeafa820be91c325 = function(arg0, arg1) {
const ret = getObject(arg1).pathname; const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_search_8c5f74fa2d11377e = function(arg0, arg1) { imports.wbg.__wbg_search_f6e95882a48d3f69 = function(arg0, arg1) {
const ret = getObject(arg1).search; const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setsearch_a168105ad9dbdb8b = function(arg0, arg1, arg2) { imports.wbg.__wbg_setsearch_4f7d084e0d811add = function(arg0, arg1, arg2) {
getObject(arg0).search = getStringFromWasm0(arg1, arg2); getObject(arg0).search = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_hash_f468e7d38a21a76a = function(arg0, arg1) { imports.wbg.__wbg_hash_0087751acddc8f2a = function(arg0, arg1) {
const ret = getObject(arg1).hash; const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_sethash_7c3032584865b2bd = function(arg0, arg1, arg2) { imports.wbg.__wbg_sethash_bfc9db317a77305c = function(arg0, arg1, arg2) {
getObject(arg0).hash = getStringFromWasm0(arg1, arg2); getObject(arg0).hash = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_new_d7cd05d9de7d4000 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_new_9e08fd37c1c53142 = function() { return handleError(function (arg0, arg1) {
const ret = new URL(getStringFromWasm0(arg0, arg1)); const ret = new URL(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_newwithbase_604e8dfd42d25665 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_newwithbase_f4989aa5bbd5cc29 = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3)); const ret = new URL(getStringFromWasm0(arg0, arg1), getStringFromWasm0(arg2, arg3));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_2777cc28ba3aac82 = function(arg0, arg1) { imports.wbg.__wbg_href_f21dc804d4da134a = function(arg0, arg1) {
const ret = getObject(arg1).href; const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_value_539db729f551be3a = function(arg0, arg1) { imports.wbg.__wbg_value_57e57170f6952449 = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_15231c60278dee22 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_a11f3069fd7a1805 = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_target_6efb4504c149139f = function(arg0) { imports.wbg.__wbg_target_52ddf6955f636bf5 = function(arg0) {
const ret = getObject(arg0).target; const ret = getObject(arg0).target;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_bubbles_c27af65192eb3569 = function(arg0) { imports.wbg.__wbg_bubbles_f1cdd0584446cad0 = function(arg0) {
const ret = getObject(arg0).bubbles; const ret = getObject(arg0).bubbles;
return ret; return ret;
}; };
imports.wbg.__wbg_cancelBubble_ee3f70328e901584 = function(arg0) { imports.wbg.__wbg_cancelBubble_976cfdf7ac449a6c = function(arg0) {
const ret = getObject(arg0).cancelBubble; const ret = getObject(arg0).cancelBubble;
return ret; return ret;
}; };
imports.wbg.__wbg_composedPath_ee37eece046b69a2 = function(arg0) { imports.wbg.__wbg_composedPath_12a068e57a98cf90 = function(arg0) {
const ret = getObject(arg0).composedPath(); const ret = getObject(arg0).composedPath();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_preventDefault_9299867e06da6909 = function(arg0) { imports.wbg.__wbg_preventDefault_7f821f72e7c6b5d4 = function(arg0) {
getObject(arg0).preventDefault(); getObject(arg0).preventDefault();
}; };
imports.wbg.__wbg_get_9470c6584bbde430 = function() { return handleError(function (arg0, arg1, arg2, arg3) { imports.wbg.__wbg_get_0231cdd369e04a1d = function() { return handleError(function (arg0, arg1, arg2, arg3) {
const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3)); const ret = getObject(arg1).get(getStringFromWasm0(arg2, arg3));
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_set_2912c891505cbc22 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_set_27f236f6d7a28c29 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4)); getObject(arg0).set(getStringFromWasm0(arg1, arg2), getStringFromWasm0(arg3, arg4));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_getClientExtensionResults_d4b9b581db88e947 = function(arg0) { imports.wbg.__wbg_getClientExtensionResults_8da1aa123f3b7c0b = function(arg0) {
const ret = getObject(arg0).getClientExtensionResults(); const ret = getObject(arg0).getClientExtensionResults();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_addEventListener_51709b9747ad8980 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) { imports.wbg.__wbg_create_413706d5496ca07c = function() { return handleError(function (arg0, arg1) {
getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4)); const ret = getObject(arg0).create(getObject(arg1));
}, arguments) };
imports.wbg.__wbg_removeEventListener_5b1e762a7951280a = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0);
}, arguments) };
imports.wbg.__wbg_state_78eaa7b6ff3123a0 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).state;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_pushState_8eaca41f86b13910 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) { imports.wbg.__wbg_add_e0f3c5b6e421c311 = function() { return handleError(function (arg0, arg1, arg2) {
getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5)); getObject(arg0).add(getStringFromWasm0(arg1, arg2));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_href_92490614763f3f7c = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_remove_c6ba26a0a6906129 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg1).href; getObject(arg0).remove(getStringFromWasm0(arg1, arg2));
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_sethref_2c377515f8ddd13a = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_newwithform_f67de494d7d454b2 = function() { return handleError(function (arg0) {
getObject(arg0).href = getStringFromWasm0(arg1, arg2); const ret = new FormData(getObject(arg0));
return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_pathname_cd5a90c8f3ab524a = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_get_d5bbacfdbebebc6e = function(arg0, arg1, arg2) {
const ret = getObject(arg1).pathname; const ret = getObject(arg0).get(getStringFromWasm0(arg1, arg2));
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_search_08fbba2309a249da = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_hash_ced9ee31706e591d = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_headers_4711243cf3bffca0 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newwithstrandinit_29038da14d09e330 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_instanceof_HtmlInputElement_e7869aaef9cbb0e6 = function(arg0) {
const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2));
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_Response_944e2745b5db71f5 = function(arg0) {
let result;
try {
result = getObject(arg0) instanceof Response;
} catch (_) {
result = false;
}
const ret = result;
return ret;
};
imports.wbg.__wbg_status_7841bb47be2a8f16 = function(arg0) {
const ret = getObject(arg0).status;
return ret;
};
imports.wbg.__wbg_headers_ea7ef583d1564b08 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_json_7f96c90903ae4155 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).json();
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_HtmlInputElement_8f81a6600ceb1918 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof HTMLInputElement; result = getObject(arg0) instanceof HTMLInputElement;
@ -836,38 +780,94 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_setchecked_5757666239434ecd = function(arg0, arg1) { imports.wbg.__wbg_setchecked_c1d5c3726082e274 = function(arg0, arg1) {
getObject(arg0).checked = arg1 !== 0; getObject(arg0).checked = arg1 !== 0;
}; };
imports.wbg.__wbg_value_5e860795f53217cd = function(arg0, arg1) { imports.wbg.__wbg_value_e024243a9dae20bc = function(arg0, arg1) {
const ret = getObject(arg1).value; const ret = getObject(arg1).value;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN; const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_setvalue_7d187f6cc23d8192 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setvalue_5b3442ff620b4a5d = function(arg0, arg1, arg2) {
getObject(arg0).value = getStringFromWasm0(arg1, arg2); getObject(arg0).value = getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_create_3e99c3ed46cd9f00 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_addEventListener_374cbfd2bbc19ccf = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
const ret = getObject(arg0).create(getObject(arg1)); getObject(arg0).addEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), getObject(arg4));
}, arguments) };
imports.wbg.__wbg_removeEventListener_9ece7e86d1135657 = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4) {
getObject(arg0).removeEventListener(getStringFromWasm0(arg1, arg2), getObject(arg3), arg4 !== 0);
}, arguments) };
imports.wbg.__wbg_state_ba77b2c3ee29c912 = function() { return handleError(function (arg0) {
const ret = getObject(arg0).state;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_add_dc5c00591ed65268 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_pushState_e159043fce8f87bc = function() { return handleError(function (arg0, arg1, arg2, arg3, arg4, arg5) {
getObject(arg0).add(getStringFromWasm0(arg1, arg2)); getObject(arg0).pushState(getObject(arg1), getStringFromWasm0(arg2, arg3), arg4 === 0 ? undefined : getStringFromWasm0(arg4, arg5));
}, arguments) }; }, arguments) };
imports.wbg.__wbg_remove_9517d3139a6031f1 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_href_160af2ae1328d7b7 = function() { return handleError(function (arg0, arg1) {
getObject(arg0).remove(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg1).href;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_newwithform_e7fc7c06976f3c8f = function() { return handleError(function (arg0) { imports.wbg.__wbg_sethref_90b000c8b01f96b1 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = new FormData(getObject(arg0)); getObject(arg0).href = getStringFromWasm0(arg1, arg2);
return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_get_9e3c11077651eda8 = function(arg0, arg1, arg2) { imports.wbg.__wbg_pathname_1ab7e82aaa4511ff = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).get(getStringFromWasm0(arg1, arg2)); const ret = getObject(arg1).pathname;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_search_9f7ca8896c2d0804 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).search;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_hash_be2940ca236b5efc = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg1).hash;
const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
const len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}, arguments) };
imports.wbg.__wbg_headers_d135d2bb8cc60413 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_instanceof_HtmlFormElement_eb100a9bdacc9fe6 = function(arg0) { imports.wbg.__wbg_newwithstrandinit_f581dff0d19a8b03 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = new Request(getStringFromWasm0(arg0, arg1), getObject(arg2));
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_Response_4c3b1446206114d1 = function(arg0) {
let result;
try {
result = getObject(arg0) instanceof Response;
} catch (_) {
result = false;
}
const ret = result;
return ret;
};
imports.wbg.__wbg_status_d6d47ad2837621eb = function(arg0) {
const ret = getObject(arg0).status;
return ret;
};
imports.wbg.__wbg_headers_24def508a7518df9 = function(arg0) {
const ret = getObject(arg0).headers;
return addHeapObject(ret);
};
imports.wbg.__wbg_json_34535d9848f043eb = function() { return handleError(function (arg0) {
const ret = getObject(arg0).json();
return addHeapObject(ret);
}, arguments) };
imports.wbg.__wbg_instanceof_HtmlFormElement_7d89e65c39841f5c = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof HTMLFormElement; result = getObject(arg0) instanceof HTMLFormElement;
@ -877,45 +877,45 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_parentNode_e1c214fc3f362af0 = function(arg0) { imports.wbg.__wbg_parentNode_92a7017b3a4fad43 = function(arg0) {
const ret = getObject(arg0).parentNode; const ret = getObject(arg0).parentNode;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_parentElement_592cb54944d3d002 = function(arg0) { imports.wbg.__wbg_parentElement_72e144c2e8d9e0b5 = function(arg0) {
const ret = getObject(arg0).parentElement; const ret = getObject(arg0).parentElement;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_lastChild_b17b3c7498d25bd7 = function(arg0) { imports.wbg.__wbg_lastChild_a62e3fbaab87f734 = function(arg0) {
const ret = getObject(arg0).lastChild; const ret = getObject(arg0).lastChild;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_nextSibling_d029031876ed1b1b = function(arg0) { imports.wbg.__wbg_nextSibling_bafccd3347d24543 = function(arg0) {
const ret = getObject(arg0).nextSibling; const ret = getObject(arg0).nextSibling;
return isLikeNone(ret) ? 0 : addHeapObject(ret); return isLikeNone(ret) ? 0 : addHeapObject(ret);
}; };
imports.wbg.__wbg_setnodeValue_321840a6762ab272 = function(arg0, arg1, arg2) { imports.wbg.__wbg_setnodeValue_630c6470d05b600e = function(arg0, arg1, arg2) {
getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2); getObject(arg0).nodeValue = arg1 === 0 ? undefined : getStringFromWasm0(arg1, arg2);
}; };
imports.wbg.__wbg_textContent_d69d000f6081b514 = function(arg0, arg1) { imports.wbg.__wbg_textContent_2f37235e13f8484b = function(arg0, arg1) {
const ret = getObject(arg1).textContent; const ret = getObject(arg1).textContent;
var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc); var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
var len1 = WASM_VECTOR_LEN; var len1 = WASM_VECTOR_LEN;
getInt32Memory0()[arg0 / 4 + 1] = len1; getInt32Memory0()[arg0 / 4 + 1] = len1;
getInt32Memory0()[arg0 / 4 + 0] = ptr1; getInt32Memory0()[arg0 / 4 + 0] = ptr1;
}; };
imports.wbg.__wbg_appendChild_2e6a6c9d1f0d443d = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_appendChild_d30e6b83791d04c0 = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).appendChild(getObject(arg1)); const ret = getObject(arg0).appendChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_insertBefore_bdaeec8969497673 = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_insertBefore_726c1640c419e940 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).insertBefore(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_removeChild_a63022ebbfa6ebf5 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_removeChild_942eb9c02243d84d = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).removeChild(getObject(arg1)); const ret = getObject(arg0).removeChild(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_instanceof_ShadowRoot_f85f709c953844de = function(arg0) { imports.wbg.__wbg_instanceof_ShadowRoot_0bd39e89ab117f86 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ShadowRoot; result = getObject(arg0) instanceof ShadowRoot;
@ -925,94 +925,94 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_host_73c8e95bf9b31ccd = function(arg0) { imports.wbg.__wbg_host_09eee5e3d9cf59a1 = function(arg0) {
const ret = getObject(arg0).host; const ret = getObject(arg0).host;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_get_4a9aa5157afeb382 = function(arg0, arg1) { imports.wbg.__wbg_get_f01601b5a68d10e3 = function(arg0, arg1) {
const ret = getObject(arg0)[arg1 >>> 0]; const ret = getObject(arg0)[arg1 >>> 0];
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_length_cace2e0b3ddc0502 = function(arg0) { imports.wbg.__wbg_length_1009b1af0c481d7b = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_new_08236689f0afb357 = function() { imports.wbg.__wbg_new_ffc6d4d085022169 = function() {
const ret = new Array(); const ret = new Array();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newnoargs_ccdcae30fd002262 = function(arg0, arg1) { imports.wbg.__wbg_newnoargs_c62ea9419c21fbac = function(arg0, arg1) {
const ret = new Function(getStringFromWasm0(arg0, arg1)); const ret = new Function(getStringFromWasm0(arg0, arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_new_1b94180eeb48f2a2 = function() { imports.wbg.__wbg_new_bfd4534b584a9593 = function() {
const ret = new Map(); const ret = new Map();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_15da6a3df9290720 = function(arg0) { imports.wbg.__wbg_next_9b877f231f476d01 = function(arg0) {
const ret = getObject(arg0).next; const ret = getObject(arg0).next;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_next_1989a20442400aaa = function() { return handleError(function (arg0) { imports.wbg.__wbg_next_6529ee0cca8d57ed = function() { return handleError(function (arg0) {
const ret = getObject(arg0).next(); const ret = getObject(arg0).next();
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_done_bc26bf4ada718266 = function(arg0) { imports.wbg.__wbg_done_5fe336b092d60cf2 = function(arg0) {
const ret = getObject(arg0).done; const ret = getObject(arg0).done;
return ret; return ret;
}; };
imports.wbg.__wbg_value_0570714ff7d75f35 = function(arg0) { imports.wbg.__wbg_value_0c248a78fdc8e19f = function(arg0) {
const ret = getObject(arg0).value; const ret = getObject(arg0).value;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_iterator_7ee1a391d310f8e4 = function() { imports.wbg.__wbg_iterator_db7ca081358d4fb2 = function() {
const ret = Symbol.iterator; const ret = Symbol.iterator;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_get_2aff440840bb6202 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_get_7b48513de5dc5ea4 = function() { return handleError(function (arg0, arg1) {
const ret = Reflect.get(getObject(arg0), getObject(arg1)); const ret = Reflect.get(getObject(arg0), getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_call_669127b9d730c650 = function() { return handleError(function (arg0, arg1) { imports.wbg.__wbg_call_90c26b09837aba1c = function() { return handleError(function (arg0, arg1) {
const ret = getObject(arg0).call(getObject(arg1)); const ret = getObject(arg0).call(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_new_c728d68b8b34487e = function() { imports.wbg.__wbg_new_9fb8d994e1c0aaac = function() {
const ret = new Object(); const ret = new Object();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_self_3fad056edded10bd = function() { return handleError(function () { imports.wbg.__wbg_self_f0e34d89f33b99fd = function() { return handleError(function () {
const ret = self.self; const ret = self.self;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_window_a4f46c98a61d4089 = function() { return handleError(function () { imports.wbg.__wbg_window_d3b084224f4774d7 = function() { return handleError(function () {
const ret = window.window; const ret = window.window;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_globalThis_17eff828815f7d84 = function() { return handleError(function () { imports.wbg.__wbg_globalThis_9caa27ff917c6860 = function() { return handleError(function () {
const ret = globalThis.globalThis; const ret = globalThis.globalThis;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_global_46f939f6541643c5 = function() { return handleError(function () { imports.wbg.__wbg_global_35dfdd59a4da3e74 = function() { return handleError(function () {
const ret = global.global; const ret = global.global;
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
imports.wbg.__wbg_set_0ac78a2bc07da03c = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_f2740edb12e318cd = function(arg0, arg1, arg2) {
getObject(arg0)[arg1 >>> 0] = takeObject(arg2); getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
}; };
imports.wbg.__wbg_from_ba72c50feaf1d8c0 = function(arg0) { imports.wbg.__wbg_from_71add2e723d1f1b2 = function(arg0) {
const ret = Array.from(getObject(arg0)); const ret = Array.from(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isArray_38525be7442aa21e = function(arg0) { imports.wbg.__wbg_isArray_74fb723e24f76012 = function(arg0) {
const ret = Array.isArray(getObject(arg0)); const ret = Array.isArray(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_push_fd3233d09cf81821 = function(arg0, arg1) { imports.wbg.__wbg_push_901f3914205d44de = function(arg0, arg1) {
const ret = getObject(arg0).push(getObject(arg1)); const ret = getObject(arg0).push(getObject(arg1));
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_ArrayBuffer_c7cc317e5c29cc0d = function(arg0) { imports.wbg.__wbg_instanceof_ArrayBuffer_e7d53d51371448e2 = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof ArrayBuffer; result = getObject(arg0) instanceof ArrayBuffer;
@ -1022,7 +1022,7 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Error_9f5881c3c4149389 = function(arg0) { imports.wbg.__wbg_instanceof_Error_31ca8d97f188bfbc = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Error; result = getObject(arg0) instanceof Error;
@ -1032,78 +1032,78 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_message_35f9b952e1b922e2 = function(arg0) { imports.wbg.__wbg_message_55b9ea8030688597 = function(arg0) {
const ret = getObject(arg0).message; const ret = getObject(arg0).message;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_name_e1152a59269f79e5 = function(arg0) { imports.wbg.__wbg_name_e5eede664187fed6 = function(arg0) {
const ret = getObject(arg0).name; const ret = getObject(arg0).name;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_toString_d0cefe4046ecb265 = function(arg0) { imports.wbg.__wbg_toString_a44236e90224e279 = function(arg0) {
const ret = getObject(arg0).toString(); const ret = getObject(arg0).toString();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_set_3355b9f2d3092e3b = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_d257c6f2da008627 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).set(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_isSafeInteger_c38b0a16d0c7cef7 = function(arg0) { imports.wbg.__wbg_isSafeInteger_f93fde0dca9820f8 = function(arg0) {
const ret = Number.isSafeInteger(getObject(arg0)); const ret = Number.isSafeInteger(getObject(arg0));
return ret; return ret;
}; };
imports.wbg.__wbg_new0_ad75dd38f92424e2 = function() { imports.wbg.__wbg_new0_622c21a64f3d83ea = function() {
const ret = new Date(); const ret = new Date();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_now_4579335d3581594c = function() { imports.wbg.__wbg_now_096aa89623f72d50 = function() {
const ret = Date.now(); const ret = Date.now();
return ret; return ret;
}; };
imports.wbg.__wbg_toISOString_a6b87a1eaae248de = function(arg0) { imports.wbg.__wbg_toISOString_0f6525214134a4b6 = function(arg0) {
const ret = getObject(arg0).toISOString(); const ret = getObject(arg0).toISOString();
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_entries_6d727b73ee02b7ce = function(arg0) { imports.wbg.__wbg_entries_9e2e2aa45aa5094a = function(arg0) {
const ret = Object.entries(getObject(arg0)); const ret = Object.entries(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_is_c74aa9bb973d6109 = function(arg0, arg1) { imports.wbg.__wbg_is_ff7acd231c75c0e4 = function(arg0, arg1) {
const ret = Object.is(getObject(arg0), getObject(arg1)); const ret = Object.is(getObject(arg0), getObject(arg1));
return ret; return ret;
}; };
imports.wbg.__wbg_resolve_a3252b2860f0a09e = function(arg0) { imports.wbg.__wbg_resolve_6e1c6553a82f85b7 = function(arg0) {
const ret = Promise.resolve(getObject(arg0)); const ret = Promise.resolve(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_89e1c559530b85cf = function(arg0, arg1) { imports.wbg.__wbg_then_3ab08cd4fbb91ae9 = function(arg0, arg1) {
const ret = getObject(arg0).then(getObject(arg1)); const ret = getObject(arg0).then(getObject(arg1));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_then_1bbc9edafd859b06 = function(arg0, arg1, arg2) { imports.wbg.__wbg_then_8371cc12cfedc5a2 = function(arg0, arg1, arg2) {
const ret = getObject(arg0).then(getObject(arg1), getObject(arg2)); const ret = getObject(arg0).then(getObject(arg1), getObject(arg2));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_buffer_344d9b41efe96da7 = function(arg0) { imports.wbg.__wbg_buffer_a448f833075b71ba = function(arg0) {
const ret = getObject(arg0).buffer; const ret = getObject(arg0).buffer;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_newwithbyteoffsetandlength_2dc04d99088b15e3 = function(arg0, arg1, arg2) { imports.wbg.__wbg_newwithbyteoffsetandlength_d0482f893617af71 = function(arg0, arg1, arg2) {
const ret = new Uint8Array(getObject(arg0), arg1 >>> 0, arg2 >>> 0); const ret = new Uint8Array(getObject(arg0), arg1 >>> 0, arg2 >>> 0);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_new_d8a000788389a31e = function(arg0) { imports.wbg.__wbg_new_8f67e318f15d7254 = function(arg0) {
const ret = new Uint8Array(getObject(arg0)); const ret = new Uint8Array(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbg_set_dcfd613a3420f908 = function(arg0, arg1, arg2) { imports.wbg.__wbg_set_2357bf09366ee480 = function(arg0, arg1, arg2) {
getObject(arg0).set(getObject(arg1), arg2 >>> 0); getObject(arg0).set(getObject(arg1), arg2 >>> 0);
}; };
imports.wbg.__wbg_length_a5587d6cd79ab197 = function(arg0) { imports.wbg.__wbg_length_1d25fa9e4ac21ce7 = function(arg0) {
const ret = getObject(arg0).length; const ret = getObject(arg0).length;
return ret; return ret;
}; };
imports.wbg.__wbg_instanceof_Uint8Array_19e6f142a5e7e1e1 = function(arg0) { imports.wbg.__wbg_instanceof_Uint8Array_bced6f43aed8c1aa = function(arg0) {
let result; let result;
try { try {
result = getObject(arg0) instanceof Uint8Array; result = getObject(arg0) instanceof Uint8Array;
@ -1113,11 +1113,11 @@ function __wbg_get_imports() {
const ret = result; const ret = result;
return ret; return ret;
}; };
imports.wbg.__wbg_set_40f7786a25a9cc7e = function() { return handleError(function (arg0, arg1, arg2) { imports.wbg.__wbg_set_759f75cd92b612d2 = function() { return handleError(function (arg0, arg1, arg2) {
const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2)); const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2));
return ret; return ret;
}, arguments) }; }, arguments) };
imports.wbg.__wbg_stringify_4039297315a25b00 = function() { return handleError(function (arg0) { imports.wbg.__wbg_stringify_e1b19966d964d242 = function() { return handleError(function (arg0) {
const ret = JSON.stringify(getObject(arg0)); const ret = JSON.stringify(getObject(arg0));
return addHeapObject(ret); return addHeapObject(ret);
}, arguments) }; }, arguments) };
@ -1141,20 +1141,20 @@ function __wbg_get_imports() {
const ret = wasm.memory; const ret = wasm.memory;
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper1393 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper1150 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 770, __wbg_adapter_48); const ret = makeMutClosure(arg0, arg1, 572, __wbg_adapter_48);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper3682 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper3558 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1704, __wbg_adapter_51); const ret = makeMutClosure(arg0, arg1, 1660, __wbg_adapter_51);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper3781 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper3751 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1746, __wbg_adapter_54); const ret = makeMutClosure(arg0, arg1, 1707, __wbg_adapter_54);
return addHeapObject(ret); return addHeapObject(ret);
}; };
imports.wbg.__wbindgen_closure_wrapper3863 = function(arg0, arg1, arg2) { imports.wbg.__wbindgen_closure_wrapper3835 = function(arg0, arg1, arg2) {
const ret = makeMutClosure(arg0, arg1, 1777, __wbg_adapter_57); const ret = makeMutClosure(arg0, arg1, 1738, __wbg_adapter_57);
return addHeapObject(ret); return addHeapObject(ret);
}; };

BIN
server/web_ui/pkg/kanidmd_web_ui_user.js.br
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_user_bg.wasm
View file

Binary file not shown.

BIN
server/web_ui/pkg/kanidmd_web_ui_user_bg.wasm.br
View file

Binary file not shown.

68
server/web_ui/user/src/credential/passkey.rs
View file

@ -8,7 +8,7 @@ use wasm_bindgen::UnwrapThrowExt;
use wasm_bindgen_futures::JsFuture; use wasm_bindgen_futures::JsFuture;
use yew::prelude::*; use yew::prelude::*;
use super::reset::{EventBusMsg, ModalProps}; use super::reset::{EventBusMsg, PasskeyClass, PasskeyModalProps};
use kanidmd_web_ui_shared::{do_request, utils, RequestMethod}; use kanidmd_web_ui_shared::{do_request, utils, RequestMethod};
pub struct PasskeyModalApp { pub struct PasskeyModalApp {
@ -87,7 +87,9 @@ impl PasskeyModalApp {
emsg: "Invalid Passkey reg state response".to_string(), emsg: "Invalid Passkey reg state response".to_string(),
kopid, kopid,
}, },
CURegState::Passkey(challenge) => Msg::ChallengeReady(challenge), CURegState::AttestedPasskey(challenge) | CURegState::Passkey(challenge) => {
Msg::ChallengeReady(challenge)
}
CURegState::None => Msg::Success, CURegState::None => Msg::Success,
}) })
} else { } else {
@ -99,7 +101,7 @@ impl PasskeyModalApp {
impl Component for PasskeyModalApp { impl Component for PasskeyModalApp {
type Message = Msg; type Message = Msg;
type Properties = ModalProps; type Properties = PasskeyModalProps;
fn create(_ctx: &Context<Self>) -> Self { fn create(_ctx: &Context<Self>) -> Self {
console::debug!("passkey modal create"); console::debug!("passkey modal create");
@ -128,14 +130,13 @@ impl Component for PasskeyModalApp {
// Init a fetch to get the challenge. // Init a fetch to get the challenge.
let token_c = ctx.props().token.clone(); let token_c = ctx.props().token.clone();
let req = match &ctx.props().class {
PasskeyClass::Any => CURequest::PasskeyFinish(label, rpkc),
PasskeyClass::Attested => CURequest::AttestedPasskeyFinish(label, rpkc),
};
ctx.link().send_future(async { ctx.link().send_future(async {
match Self::submit_passkey_update( match Self::submit_passkey_update(token_c, req, cb).await {
token_c,
CURequest::PasskeyFinish(label, rpkc),
cb,
)
.await
{
Ok(v) => v, Ok(v) => v,
Err(v) => v.into(), Err(v) => v.into(),
} }
@ -152,8 +153,13 @@ impl Component for PasskeyModalApp {
// Init a fetch to get the challenge. // Init a fetch to get the challenge.
let token_c = ctx.props().token.clone(); let token_c = ctx.props().token.clone();
let req = match &ctx.props().class {
PasskeyClass::Any => CURequest::PasskeyInit,
PasskeyClass::Attested => CURequest::AttestedPasskeyInit,
};
ctx.link().send_future(async { ctx.link().send_future(async {
match Self::submit_passkey_update(token_c, CURequest::PasskeyInit, cb).await { match Self::submit_passkey_update(token_c, req, cb).await {
Ok(v) => v, Ok(v) => v,
Err(v) => v.into(), Err(v) => v.into(),
} }
@ -175,6 +181,9 @@ impl Component for PasskeyModalApp {
.navigator() .navigator()
.credentials() .credentials()
.create_with_options(&c_options) .create_with_options(&c_options)
.map_err(|e| {
console::error!(format!("error -> {:?}", e).as_str());
})
.expect_throw("Unable to create promise"); .expect_throw("Unable to create promise");
let fut = JsFuture::from(promise); let fut = JsFuture::from(promise);
@ -248,16 +257,39 @@ impl Component for PasskeyModalApp {
} }
} }
State::ChallengeReady(_challenge) => { State::ChallengeReady(_challenge) => {
let allowed_devices = ctx.props().allowed_devices.clone();
// This works around a bug in safari :( // This works around a bug in safari :(
html! { html! {
<button id="passkey-generate" type="button" class="btn btn-primary" <>
onclick={ {
ctx.link() if let Some(allowed_devices) = allowed_devices {
.callback(move |_| { html! {
Msg::CredentialCreate <>
}) <p>{ "The following devices are allowed to register" }</p>
<ul>
{
for allowed_devices.iter().map(|dev|
html!{
<li> { dev } </li>
}
)
}
</ul>
</>
}
} else {
html!{ <></> }
}
} }
>{ "Begin Passkey Enrollment" }</button> <button id="passkey-generate" type="button" class="btn btn-primary"
onclick={
ctx.link()
.callback(move |_| {
Msg::CredentialCreate
})
}
>{ "Begin Passkey Enrollment" }</button>
</>
} }
} }
State::CredentialReady(_) => { State::CredentialReady(_) => {

13
server/web_ui/user/src/credential/passkeyremove.rs
View file

@ -6,7 +6,7 @@ use uuid::Uuid;
use wasm_bindgen::UnwrapThrowExt; use wasm_bindgen::UnwrapThrowExt;
use yew::prelude::*; use yew::prelude::*;
use super::reset::{EventBusMsg, PasskeyRemoveModalProps}; use super::reset::{EventBusMsg, PasskeyClass, PasskeyRemoveModalProps};
use kanidmd_web_ui_shared::{do_request, error::FetchError, utils, RequestMethod}; use kanidmd_web_ui_shared::{do_request, error::FetchError, utils, RequestMethod};
pub struct PasskeyRemoveModalApp { pub struct PasskeyRemoveModalApp {
@ -91,6 +91,7 @@ impl PasskeyRemoveModalApp {
| CURegState::TotpTryAgain | CURegState::TotpTryAgain
| CURegState::TotpInvalidSha1 | CURegState::TotpInvalidSha1
| CURegState::Passkey(_) | CURegState::Passkey(_)
| CURegState::AttestedPasskey(_)
| CURegState::BackupCodes(_) => Msg::Error { | CURegState::BackupCodes(_) => Msg::Error {
emsg: "Invalid Passkey reg state response".to_string(), emsg: "Invalid Passkey reg state response".to_string(),
kopid, kopid,
@ -140,12 +141,16 @@ impl Component for PasskeyRemoveModalApp {
// Do the call back. // Do the call back.
let token_c = ctx.props().token.clone(); let token_c = ctx.props().token.clone();
let class = &ctx.props().class;
let uuid = self.uuid; let uuid = self.uuid;
let request = match class {
PasskeyClass::Any => CURequest::PasskeyRemove(uuid),
PasskeyClass::Attested => CURequest::AttestedPasskeyRemove(uuid),
};
ctx.link().send_future(async move { ctx.link().send_future(async move {
match Self::submit_passkey_update(token_c, CURequest::PasskeyRemove(uuid), cb) match Self::submit_passkey_update(token_c, request, cb).await {
.await
{
Ok(v) => v, Ok(v) => v,
Err(v) => v.into(), Err(v) => v.into(),
} }

171
server/web_ui/user/src/credential/reset.rs
View file

@ -44,9 +44,24 @@ pub struct TotpRemoveProps {
pub cb: Callback<EventBusMsg>, pub cb: Callback<EventBusMsg>,
} }
#[derive(PartialEq)]
pub enum PasskeyClass {
Any,
Attested,
}
#[derive(PartialEq, Properties)]
pub struct PasskeyModalProps {
pub token: CUSessionToken,
pub class: PasskeyClass,
pub allowed_devices: Option<Vec<String>>,
pub cb: Callback<EventBusMsg>,
}
#[derive(PartialEq, Properties)] #[derive(PartialEq, Properties)]
pub struct PasskeyRemoveModalProps { pub struct PasskeyRemoveModalProps {
pub token: CUSessionToken, pub token: CUSessionToken,
pub class: PasskeyClass,
pub tag: String, pub tag: String,
pub uuid: Uuid, pub uuid: Uuid,
pub cb: Callback<EventBusMsg>, pub cb: Callback<EventBusMsg>,
@ -356,6 +371,9 @@ impl CredentialResetApp {
primary_state, primary_state,
passkeys, passkeys,
passkeys_state, passkeys_state,
attested_passkeys,
attested_passkeys_state,
attested_passkeys_allowed_devices,
} = status; } = status;
let displayname = displayname.clone(); let displayname = displayname.clone();
@ -382,6 +400,12 @@ impl CredentialResetApp {
let pw_html = self.view_primary(token, primary, *primary_state); let pw_html = self.view_primary(token, primary, *primary_state);
let passkey_html = self.view_passkeys(token, passkeys, *passkeys_state); let passkey_html = self.view_passkeys(token, passkeys, *passkeys_state);
let attested_passkey_html = self.view_attested_passkeys(
token,
attested_passkeys,
*attested_passkeys_state,
attested_passkeys_allowed_devices.as_slice(),
);
let warnings_html = if warnings.is_empty() { let warnings_html = if warnings.is_empty() {
html! { <></> } html! { <></> }
@ -403,6 +427,22 @@ impl CredentialResetApp {
<p>{ "Passkeys are required for your account." }</p> <p>{ "Passkeys are required for your account." }</p>
</div> </div>
}, },
CURegWarning::AttestedPasskeyRequired => html! {
<div class="alert alert-warning" role="alert">
<p>{ "Attested Passkeys are required for your account." }</p>
</div>
},
CURegWarning::AttestedResidentKeyRequired => html! {
<div class="alert alert-warning" role="alert">
<p>{ "Attested Resident Keys are required for your account." }</p>
</div>
},
CURegWarning::WebauthnAttestationUnsatisfiable => html! {
<div class="alert alert-danger" role="alert">
<p>{ "A webauthn attestation policy conflict has occurred and you will not be able to save your credentials" }</p>
<p>{ "Contact support IMMEDIATELY." }</p>
</div>
},
CURegWarning::Unsatisfiable => html! { CURegWarning::Unsatisfiable => html! {
<div class="alert alert-danger" role="alert"> <div class="alert alert-danger" role="alert">
<p>{ "An account policy conflict has occurred and you will not be able to save your credentials" }</p> <p>{ "An account policy conflict has occurred and you will not be able to save your credentials" }</p>
@ -434,12 +474,10 @@ impl CredentialResetApp {
{ warnings_html } { warnings_html }
<hr class="my-4" /> { attested_passkey_html }
{ passkey_html } { passkey_html }
<hr class="my-4" />
{ pw_html } { pw_html }
<hr class="my-4" /> <hr class="my-4" />
@ -589,6 +627,14 @@ impl CredentialResetApp {
} }
} }
} }
} else if matches!(primary_state, CUCredState::DeleteOnly) {
html! {
<p>
<button type="button" class="btn btn-warning" data-bs-toggle="modal" data-bs-target="#staticDeletePrimaryCred">
{ "Delete this Legacy Credential" }
</button>
</p>
}
} else { } else {
html! {<></>} html! {<></>}
}; };
@ -602,6 +648,14 @@ impl CredentialResetApp {
</> </>
} }
} }
CUCredState::DeleteOnly => {
html! {
<>
<p>{ "Legacy password paired with other authentication factors." }</p>
<p>{ "Account policy prevents you modifying this credential, but you may remove it." }</p>
</>
}
}
CUCredState::AccessDeny => { CUCredState::AccessDeny => {
html! { <><p> { "You do not have access to modify the Password or TOTP tokens of this account" }</p></> } html! { <><p> { "You do not have access to modify the Password or TOTP tokens of this account" }</p></> }
} }
@ -612,6 +666,8 @@ impl CredentialResetApp {
html! { html! {
<> <>
<hr class="my-4" />
<h4>{"Password / TOTP"}</h4> <h4>{"Password / TOTP"}</h4>
{ pw_warn } { pw_warn }
{ pw_html_inner } { pw_html_inner }
@ -629,48 +685,91 @@ impl CredentialResetApp {
) -> Html { ) -> Html {
let cb = self.cb.clone(); let cb = self.cb.clone();
let passkey_html_inner = match passkeys_state { match passkeys_state {
CUCredState::Modifiable => { CUCredState::DeleteOnly | CUCredState::Modifiable => {
if passkeys.is_empty() { html! {
html! { <>
<> <hr class="my-4" />
<p>{ "Strong cryptographic authenticators with self contained multi-factor authentication." }</p> <h4>{"Passkeys"}</h4>
<p>{ "No Passkeys Registered" }</p>
<PasskeyModalApp token={ token.clone() } cb={ cb } /> <p>{ "Strong cryptographic authenticators with self contained multi-factor authentication." }</p>
</>
{ if passkeys.is_empty() {
html! { <p>{ "No Passkeys Registered" }</p> }
} else {
html! { <></> }
} }
{ for passkeys.iter()
.map(|detail|
PasskeyRemoveModalApp::render_button(&detail.tag, detail.uuid)
)
} }
} else { { for passkeys.iter()
html! { .map(|detail|
<> html! { <PasskeyRemoveModalApp token={ token.clone() } tag={ detail.tag.clone() } uuid={ detail.uuid } cb={ cb.clone() } class={ PasskeyClass::Any } /> }
<p>{ "Strong cryptographic authenticators with self contained multi-factor authentication." }</p> )
{ for passkeys.iter()
.map(|detail|
PasskeyRemoveModalApp::render_button(&detail.tag, detail.uuid)
)
}
{ for passkeys.iter()
.map(|detail|
html! { <PasskeyRemoveModalApp token={ token.clone() } tag={ detail.tag.clone() } uuid={ detail.uuid } cb={ cb.clone() } /> }
)
}
<PasskeyModalApp token={ token.clone() } cb={ cb.clone() } />
</>
} }
{ if passkeys_state == CUCredState::Modifiable {
html! { <PasskeyModalApp token={ token.clone() } cb={ cb.clone() } class={ PasskeyClass::Any } /> }
} else {
html! { <></> }
}}
</>
} }
} }
CUCredState::AccessDeny => { CUCredState::AccessDeny => {
html! { <><p> { "You do not have access to modify the Passkeys of this account" }</p></> } html! { <></> }
} }
CUCredState::PolicyDeny => { CUCredState::PolicyDeny => {
html! { <><p> { "Account policy prevents you modifying the Passkeys of this account" }</p></> } html! { <></> }
} }
}; }
}
html! { fn view_attested_passkeys(
<> &self,
<h4>{"Passkeys"}</h4> token: &CUSessionToken,
{ passkey_html_inner } attested_passkeys: &Vec<PasskeyDetail>,
</> attested_passkeys_state: CUCredState,
attested_passkeys_allowed_devices: &[String],
) -> Html {
let cb = self.cb.clone();
match attested_passkeys_state {
CUCredState::Modifiable | CUCredState::DeleteOnly => {
html! {
<>
<hr class="my-4" />
<h4>{"Attested Passkeys"}</h4>
{ if attested_passkeys.is_empty() { html! { <p> { "No Passkeys Registered" } </p> } } else { html! {<></>} } }
{ for attested_passkeys.iter()
.map(|detail|
PasskeyRemoveModalApp::render_button(&detail.tag, detail.uuid)
)
}
{ for attested_passkeys.iter()
.map(|detail|
html! { <PasskeyRemoveModalApp token={ token.clone() } tag={ detail.tag.clone() } uuid={ detail.uuid } cb={ cb.clone() } class={ PasskeyClass::Attested } /> }
)
}
{
if attested_passkeys_state == CUCredState::Modifiable {
html! { <PasskeyModalApp token={ token.clone() } cb={ cb } class={ PasskeyClass::Attested } allowed_devices={ Some(attested_passkeys_allowed_devices.to_vec()) } /> }
} else {
html! { <></> }
}
}
</>
}
}
CUCredState::AccessDeny | CUCredState::PolicyDeny => {
// Don't display anything.
html! { <></> }
}
} }
} }

4
server/web_ui/user/src/credential/totpmodal.rs
View file

@ -87,7 +87,9 @@ impl TotpModalApp {
}); });
Ok(match status.mfaregstate { Ok(match status.mfaregstate {
CURegState::Passkey(_) | CURegState::BackupCodes(_) => Msg::Error { CURegState::Passkey(_)
| CURegState::AttestedPasskey(_)
| CURegState::BackupCodes(_) => Msg::Error {
emsg: "Invalid TOTP mfa reg state response".to_string(), emsg: "Invalid TOTP mfa reg state response".to_string(),
kopid, kopid,
}, },

6
tools/Dockerfile
View file

@ -53,6 +53,8 @@ RUN \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release && \ --release && \
cargo install --force fido-mds-tool \
--target-dir="/usr/src/kanidm/target/" && \
sccache -s sccache -s
# == Construct the tools container # == Construct the tools container
@ -69,11 +71,13 @@ RUN \
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/
COPY --from=builder /usr/src/kanidm/target/release/kanidm-ldap-sync /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm-ldap-sync /sbin/
COPY --from=builder /usr/src/kanidm/target/release/fido-mds-tool /sbin/
RUN chmod +x /sbin/kanidm RUN chmod +x /sbin/kanidm
RUN chmod +x /sbin/kanidm-ipa-sync RUN chmod +x /sbin/kanidm-ipa-sync
RUN chmod +x /sbin/kanidm-ldap-sync RUN chmod +x /sbin/kanidm-ldap-sync
RUN chmod +x /sbin/fido-mds-tool
RUN mkdir /etc/kanidm && \ RUN mkdir /etc/kanidm && \
touch /etc/kanidm/config touch /etc/kanidm/config
CMD [ "/sbin/kanidm", "-h" ] CMD [ "/sbin/kanidm", "-h" ]

22
tools/cli/src/cli/group/account_policy.rs
View file

@ -8,6 +8,7 @@ impl GroupAccountPolicyOpt {
| GroupAccountPolicyOpt::AuthSessionExpiry { copt, .. } | GroupAccountPolicyOpt::AuthSessionExpiry { copt, .. }
| GroupAccountPolicyOpt::CredentialTypeMinimum { copt, .. } | GroupAccountPolicyOpt::CredentialTypeMinimum { copt, .. }
| GroupAccountPolicyOpt::PasswordMinimumLength { copt, .. } | GroupAccountPolicyOpt::PasswordMinimumLength { copt, .. }
| GroupAccountPolicyOpt::WebauthnAttestationCaList { copt, .. }
| GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug, | GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug,
} }
} }
@ -36,12 +37,12 @@ impl GroupAccountPolicyOpt {
GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => { GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => {
let client = copt.to_client(OpType::Write).await; let client = copt.to_client(OpType::Write).await;
if let Err(e) = client if let Err(e) = client
.group_account_policy_credential_type_minimum_set(name, value) .group_account_policy_credential_type_minimum_set(name, value.as_str())
.await .await
{ {
handle_client_error(e, copt.output_mode); handle_client_error(e, copt.output_mode);
} else { } else {
println!("Updated credential type minimum expiry."); println!("Updated credential type minimum.");
} }
} }
GroupAccountPolicyOpt::PasswordMinimumLength { name, length, copt } => { GroupAccountPolicyOpt::PasswordMinimumLength { name, length, copt } => {
@ -63,7 +64,22 @@ impl GroupAccountPolicyOpt {
{ {
handle_client_error(e, copt.output_mode); handle_client_error(e, copt.output_mode);
} else { } else {
println!("Updated authsession expiry."); println!("Updated privilege session expiry.");
}
}
GroupAccountPolicyOpt::WebauthnAttestationCaList {
name,
attestation_ca_list_json,
copt,
} => {
let client = copt.to_client(OpType::Write).await;
if let Err(e) = client
.group_account_policy_webauthn_attestation_set(name, attestation_ca_list_json)
.await
{
handle_client_error(e, copt.output_mode);
} else {
println!("Updated webauthn attesation CA list.");
} }
} }
} }

307
tools/cli/src/cli/person.rs
View file

@ -616,6 +616,8 @@ enum CUAction {
Remove, Remove,
Passkey, Passkey,
PasskeyRemove, PasskeyRemove,
AttestedPasskey,
AttestedPasskeyRemove,
End, End,
Commit, Commit,
} }
@ -638,6 +640,9 @@ remove (rm) - Remove only the password based credential
-- Passkeys -- Passkeys
passkey (pk) - Add a new Passkey passkey (pk) - Add a new Passkey
passkey remove (passkey rm, pkrm) - Remove a Passkey passkey remove (passkey rm, pkrm) - Remove a Passkey
-- Attested Passkeys
attested-passkey (apk) - Add a new Attested Passkey
attested-passkey-remove (attested-passkey rm, apkrm) - Remove an Attested Passkey
"# "#
) )
} }
@ -660,6 +665,10 @@ impl FromStr for CUAction {
"remove" | "rm" => Ok(CUAction::Remove), "remove" | "rm" => Ok(CUAction::Remove),
"passkey" | "pk" => Ok(CUAction::Passkey), "passkey" | "pk" => Ok(CUAction::Passkey),
"passkey remove" | "passkey rm" | "pkrm" => Ok(CUAction::PasskeyRemove), "passkey remove" | "passkey rm" | "pkrm" => Ok(CUAction::PasskeyRemove),
"attested-passkey" | "apk" => Ok(CUAction::AttestedPasskey),
"attested-passkey remove" | "attested-passkey rm" | "apkrm" => {
Ok(CUAction::AttestedPasskeyRemove)
}
_ => Err(()), _ => Err(()),
} }
} }
@ -833,23 +842,66 @@ async fn totp_enroll_prompt(session_token: &CUSessionToken, client: &KanidmClien
// Done! // Done!
} }
async fn passkey_enroll_prompt(session_token: &CUSessionToken, client: &KanidmClient) { #[derive(Clone, Copy)]
let pk_reg = match client enum PasskeyClass {
.idm_account_credential_update_passkey_init(session_token) Any,
.await Attested,
{ }
Ok(CUStatus {
mfaregstate: CURegState::Passkey(pk_reg), impl fmt::Display for PasskeyClass {
.. fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
}) => pk_reg, match self {
Ok(status) => { PasskeyClass::Any => write!(f, "Passkey"),
debug!(?status); PasskeyClass::Attested => write!(f, "Attested Passkey"),
eprintln!("An error occurred -> InvalidState");
return;
} }
Err(e) => { }
eprintln!("An error occurred -> {:?}", e); }
return;
async fn passkey_enroll_prompt(
session_token: &CUSessionToken,
client: &KanidmClient,
pk_class: PasskeyClass,
) {
let pk_reg = match pk_class {
PasskeyClass::Any => {
match client
.idm_account_credential_update_passkey_init(session_token)
.await
{
Ok(CUStatus {
mfaregstate: CURegState::Passkey(pk_reg),
..
}) => pk_reg,
Ok(status) => {
debug!(?status);
eprintln!("An error occurred -> InvalidState");
return;
}
Err(e) => {
eprintln!("An error occurred -> {:?}", e);
return;
}
}
}
PasskeyClass::Attested => {
match client
.idm_account_credential_update_attested_passkey_init(session_token)
.await
{
Ok(CUStatus {
mfaregstate: CURegState::AttestedPasskey(pk_reg),
..
}) => pk_reg,
Ok(status) => {
debug!(?status);
eprintln!("An error occurred -> InvalidState");
return;
}
Err(e) => {
eprintln!("An error occurred -> {:?}", e);
return;
}
}
} }
}; };
@ -873,15 +925,108 @@ async fn passkey_enroll_prompt(session_token: &CUSessionToken, client: &KanidmCl
.interact_text() .interact_text()
.expect("Failed to interact with interactive session"); .expect("Failed to interact with interactive session");
match pk_class {
PasskeyClass::Any => {
match client
.idm_account_credential_update_passkey_finish(session_token, label, rego)
.await
{
Ok(_) => println!("success"),
Err(e) => {
eprintln!("An error occurred -> {:?}", e);
}
}
}
PasskeyClass::Attested => {
match client
.idm_account_credential_update_attested_passkey_finish(session_token, label, rego)
.await
{
Ok(_) => println!("success"),
Err(e) => {
eprintln!("An error occurred -> {:?}", e);
}
}
}
}
}
async fn passkey_remove_prompt(
session_token: &CUSessionToken,
client: &KanidmClient,
pk_class: PasskeyClass,
) {
// TODO: make this a scrollable selector with a "cancel" option as the default
match client match client
.idm_account_credential_update_passkey_finish(session_token, label, rego) .idm_account_credential_update_status(session_token)
.await .await
{ {
Ok(_) => println!("success"), Ok(status) => match pk_class {
PasskeyClass::Any => {
if status.passkeys.is_empty() {
println!("No passkeys are configured for this user");
return;
}
println!("Current passkeys:");
for pk in status.passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
PasskeyClass::Attested => {
if status.attested_passkeys.is_empty() {
println!("No attested passkeys are configured for this user");
return;
}
println!("Current attested passkeys:");
for pk in status.attested_passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
},
Err(e) => { Err(e) => {
eprintln!("An error occurred -> {:?}", e); eprintln!(
"An error occurred retrieving existing credentials -> {:?}",
e
);
} }
}; }
let uuid_s: String = Input::new()
.with_prompt("\nEnter the UUID of the Passkey to remove (blank to stop) # ")
.validate_with(|input: &String| -> Result<(), &str> {
if input.is_empty() || Uuid::parse_str(input).is_ok() {
Ok(())
} else {
Err("This is not a valid UUID")
}
})
.allow_empty(true)
.interact_text()
.expect("Failed to interact with interactive session");
// Remember, if it's NOT a valid uuid, it must have been empty as a termination.
if let Ok(uuid) = Uuid::parse_str(&uuid_s) {
let result = match pk_class {
PasskeyClass::Any => {
client
.idm_account_credential_update_passkey_remove(session_token, uuid)
.await
}
PasskeyClass::Attested => {
client
.idm_account_credential_update_attested_passkey_remove(session_token, uuid)
.await
}
};
if let Err(e) = result {
eprintln!("An error occurred -> {:?}", e);
} else {
println!("success");
}
} else {
println!("{}s were NOT changed", pk_class);
}
} }
fn display_status(status: CUStatus) { fn display_status(status: CUStatus) {
@ -896,6 +1041,9 @@ fn display_status(status: CUStatus) {
primary_state, primary_state,
passkeys, passkeys,
passkeys_state, passkeys_state,
attested_passkeys,
attested_passkeys_state,
attested_passkeys_allowed_devices,
} = status; } = status;
println!("spn: {}", spn); println!("spn: {}", spn);
@ -922,6 +1070,15 @@ fn display_status(status: CUStatus) {
CURegWarning::PasskeyRequired => { CURegWarning::PasskeyRequired => {
println!("Passkeys required"); println!("Passkeys required");
} }
CURegWarning::AttestedPasskeyRequired => {
println!("Attested Passkeys required");
}
CURegWarning::AttestedResidentKeyRequired => {
println!("Attested Resident Keys required");
}
CURegWarning::WebauthnAttestationUnsatisfiable => {
println!("Attestation is unsatisfiable. Contact your administrator.");
}
CURegWarning::Unsatisfiable => { CURegWarning::Unsatisfiable => {
println!("Account policy is unsatisfiable. Contact your administrator."); println!("Account policy is unsatisfiable. Contact your administrator.");
} }
@ -938,6 +1095,13 @@ fn display_status(status: CUStatus) {
println!(" not set"); println!(" not set");
} }
} }
CUCredState::DeleteOnly => {
if let Some(cred_detail) = &primary {
print!("{}", cred_detail);
} else {
println!(" unable to modify - access denied");
}
}
CUCredState::AccessDeny => { CUCredState::AccessDeny => {
println!(" unable to modify - access denied"); println!(" unable to modify - access denied");
} }
@ -957,6 +1121,15 @@ fn display_status(status: CUStatus) {
} }
} }
} }
CUCredState::DeleteOnly => {
if passkeys.is_empty() {
println!(" unable to modify - access denied");
} else {
for pk in passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
}
CUCredState::AccessDeny => { CUCredState::AccessDeny => {
println!(" unable to modify - access denied"); println!(" unable to modify - access denied");
} }
@ -965,6 +1138,40 @@ fn display_status(status: CUStatus) {
} }
} }
println!("Attested Passkeys:");
match attested_passkeys_state {
CUCredState::Modifiable => {
if attested_passkeys.is_empty() {
println!(" not set");
} else {
for pk in attested_passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
println!(" --");
println!(" The following devices models are allowed by account policy");
for dev in attested_passkeys_allowed_devices {
println!(" - {}", dev);
}
}
CUCredState::DeleteOnly => {
if attested_passkeys.is_empty() {
println!(" unable to modify - attestation policy not configured");
} else {
for pk in attested_passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
}
CUCredState::AccessDeny => {
println!(" unable to modify - access denied");
}
CUCredState::PolicyDeny => {
println!(" unable to modify - attestation policy not configured");
}
}
// We may need to be able to display if there are dangling // We may need to be able to display if there are dangling
// curegstates, but the cli ui statemachine can match the // curegstates, but the cli ui statemachine can match the
// server so it may not be needed? // server so it may not be needed?
@ -1143,57 +1350,17 @@ async fn credential_update_exec(
println!("Primary credential was NOT removed"); println!("Primary credential was NOT removed");
} }
} }
CUAction::Passkey => passkey_enroll_prompt(&session_token, &client).await, CUAction::Passkey => {
passkey_enroll_prompt(&session_token, &client, PasskeyClass::Any).await
}
CUAction::PasskeyRemove => { CUAction::PasskeyRemove => {
// TODO: make this a scrollable selector with a "cancel" option as the default passkey_remove_prompt(&session_token, &client, PasskeyClass::Any).await
match client }
.idm_account_credential_update_status(&session_token) CUAction::AttestedPasskey => {
.await passkey_enroll_prompt(&session_token, &client, PasskeyClass::Attested).await
{ }
Ok(status) => { CUAction::AttestedPasskeyRemove => {
if status.passkeys.is_empty() { passkey_remove_prompt(&session_token, &client, PasskeyClass::Attested).await
println!("No passkeys are configured for this user");
return;
}
println!("Current passkeys:");
for pk in status.passkeys {
println!(" {} ({})", pk.tag, pk.uuid);
}
}
Err(e) => {
eprintln!(
"An error occurred retrieving existing credentials -> {:?}",
e
);
}
}
let uuid_s: String = Input::new()
.with_prompt("\nEnter the UUID of the Passkey to remove (blank to stop) # ")
.validate_with(|input: &String| -> Result<(), &str> {
if input.is_empty() || Uuid::parse_str(input).is_ok() {
Ok(())
} else {
Err("This is not a valid UUID")
}
})
.allow_empty(true)
.interact_text()
.expect("Failed to interact with interactive session");
// Remember, if it's NOT a valid uuid, it must have been empty as a termination.
if let Ok(uuid) = Uuid::parse_str(&uuid_s) {
if let Err(e) = client
.idm_account_credential_update_passkey_remove(&session_token, uuid)
.await
{
eprintln!("An error occurred -> {:?}", e);
} else {
println!("success");
}
} else {
println!("Passkeys were NOT changed");
}
} }
CUAction::End => { CUAction::End => {
println!("Changes were NOT saved."); println!("Changes were NOT saved.");

57
tools/cli/src/opt/kanidm.rs
View file

@ -1,4 +1,5 @@
use clap::{Args, Subcommand}; use clap::{Args, Subcommand, ValueEnum, builder::PossibleValue};
use std::fmt;
#[derive(Debug, Args)] #[derive(Debug, Args)]
pub struct Named { pub struct Named {
@ -35,7 +36,7 @@ impl std::str::FromStr for OutputMode {
impl OutputMode { impl OutputMode {
pub fn print_message<T>(self, input: T) pub fn print_message<T>(self, input: T)
where where
T: serde::Serialize + std::fmt::Debug + std::fmt::Display, T: serde::Serialize + fmt::Debug + fmt::Display,
{ {
match self { match self {
OutputMode::Json => { OutputMode::Json => {
@ -108,6 +109,40 @@ pub enum GroupPosix {
Set(GroupPosixOpt), Set(GroupPosixOpt),
} }
#[derive(Debug, Clone, Copy, Eq, PartialEq)]
pub enum AccountPolicyCredentialType {
Any,
Mfa,
Passkey,
AttestedPasskey,
}
impl AccountPolicyCredentialType {
pub fn as_str(&self) -> &'static str {
match self {
Self::Any => "any",
Self::Mfa => "mfa",
Self::Passkey => "passkey",
Self::AttestedPasskey => "attested_passkey",
}
}
}
impl ValueEnum for AccountPolicyCredentialType {
fn value_variants<'a>() -> &'a [Self] {
&[Self::Any, Self::Mfa, Self::Passkey, Self::AttestedPasskey]
}
fn to_possible_value(&self) -> Option<PossibleValue> {
Some(match self {
Self::Any => PossibleValue::new("any"),
Self::Mfa => PossibleValue::new("mfa"),
Self::Passkey => PossibleValue::new("passkey"),
Self::AttestedPasskey => PossibleValue::new("attested_passkey"),
})
}
}
#[derive(Debug, Subcommand)] #[derive(Debug, Subcommand)]
pub enum GroupAccountPolicyOpt { pub enum GroupAccountPolicyOpt {
/// Enable account policy for this group /// Enable account policy for this group
@ -125,11 +160,13 @@ pub enum GroupAccountPolicyOpt {
#[clap(flatten)] #[clap(flatten)]
copt: CommonOpt, copt: CommonOpt,
}, },
/// Set the maximum time for session expiry /// Set the minimum credential class that members may authenticate with. Valid values
/// in order of weakest to strongest are: "any" "mfa" "passkey" "attested_passkey"
#[clap(name = "credential-type-minimum")] #[clap(name = "credential-type-minimum")]
CredentialTypeMinimum { CredentialTypeMinimum {
name: String, name: String,
value: String, #[clap(value_enum)]
value: AccountPolicyCredentialType,
#[clap(flatten)] #[clap(flatten)]
copt: CommonOpt, copt: CommonOpt,
}, },
@ -141,7 +178,6 @@ pub enum GroupAccountPolicyOpt {
#[clap(flatten)] #[clap(flatten)]
copt: CommonOpt, copt: CommonOpt,
}, },
/// Configure and display the privilege session expiry
/// Set the maximum time for privilege session expiry /// Set the maximum time for privilege session expiry
#[clap(name = "privilege-expiry")] #[clap(name = "privilege-expiry")]
PrivilegedSessionExpiry { PrivilegedSessionExpiry {
@ -150,6 +186,17 @@ pub enum GroupAccountPolicyOpt {
#[clap(flatten)] #[clap(flatten)]
copt: CommonOpt, copt: CommonOpt,
}, },
/// The the webauthn attestation ca list that should be enforced
/// on members of this group. Prevents use of passkeys that are
/// in this list. To create this list, use `fido-mds-tool`
/// from <https://crates.io/crates/fido-mds-tool>
#[clap(name = "webauthn-attestation-ca-list")]
WebauthnAttestationCaList {
name: String,
attestation_ca_list_json: String,
#[clap(flatten)]
copt: CommonOpt,
},
} }
#[derive(Debug, Subcommand)] #[derive(Debug, Subcommand)]

39
tools/cli/src/ssh_authorizedkeys.rs
View file

@ -12,11 +12,34 @@ use std::path::PathBuf;
use clap::Parser; use clap::Parser;
use kanidm_client::{ClientError, KanidmClient, KanidmClientBuilder}; use kanidm_client::{ClientError, KanidmClient, KanidmClientBuilder};
use kanidm_proto::constants::{DEFAULT_CLIENT_CONFIG_PATH, DEFAULT_CLIENT_CONFIG_PATH_HOME}; use tracing::error;
use tracing::{debug, error};
include!("opt/ssh_authorizedkeys.rs"); include!("opt/ssh_authorizedkeys.rs");
#[cfg(not(test))]
fn k_client_builder() -> Result<KanidmClientBuilder, ()> {
use kanidm_proto::constants::{DEFAULT_CLIENT_CONFIG_PATH, DEFAULT_CLIENT_CONFIG_PATH_HOME};
use tracing::debug;
let config_path: String = shellexpand::tilde(DEFAULT_CLIENT_CONFIG_PATH_HOME).into_owned();
debug!("Attempting to use config {}", DEFAULT_CLIENT_CONFIG_PATH);
KanidmClientBuilder::new()
.read_options_from_optional_config(DEFAULT_CLIENT_CONFIG_PATH)
.and_then(|cb| {
debug!("Attempting to use config {}", config_path);
cb.read_options_from_optional_config(config_path)
})
.map_err(|e| {
error!("Failed to parse config (if present) -- {:?}", e);
})
}
#[cfg(test)]
fn k_client_builder() -> Result<KanidmClientBuilder, ()> {
Ok(KanidmClientBuilder::new())
}
pub(crate) fn build_configured_client(opt: &SshAuthorizedOpt) -> Result<KanidmClient, ()> { pub(crate) fn build_configured_client(opt: &SshAuthorizedOpt) -> Result<KanidmClient, ()> {
if opt.debug { if opt.debug {
::std::env::set_var("RUST_LOG", "kanidm=debug,kanidm_client=debug"); ::std::env::set_var("RUST_LOG", "kanidm=debug,kanidm_client=debug");
@ -26,17 +49,7 @@ pub(crate) fn build_configured_client(opt: &SshAuthorizedOpt) -> Result<KanidmCl
#[cfg(test)] #[cfg(test)]
sketching::test_init(); sketching::test_init();
let config_path: String = shellexpand::tilde(DEFAULT_CLIENT_CONFIG_PATH_HOME).into_owned(); let client_builder = k_client_builder()?;
debug!("Attempting to use config {}", DEFAULT_CLIENT_CONFIG_PATH);
let client_builder = KanidmClientBuilder::new()
.read_options_from_optional_config(DEFAULT_CLIENT_CONFIG_PATH)
.and_then(|cb| {
debug!("Attempting to use config {}", config_path);
cb.read_options_from_optional_config(config_path)
})
.map_err(|e| {
error!("Failed to parse config (if present) -- {:?}", e);
})?;
let client_builder = match &opt.addr { let client_builder = match &opt.addr {
Some(a) => client_builder.address(a.to_string()), Some(a) => client_builder.address(a.to_string()),