Gitea: U2F doesn't work on gitea/gitea:latest docker image

Created on 27 Apr 2020  路  6Comments  路  Source: go-gitea/gitea
  • Gitea version (or commit ref): docker: gitea/gitea:latest
  • Git version: n/a
  • Client Operating system: Windows 10
  • Client browser: Firefox and Edge
  • Host OS: CentOS 7
  • Host Docker version: Docker CE version 19.03.8
  • Database (use [x]):

    • [ ] PostgreSQL

    • [x] MySQL

    • [ ] MSSQL

    • [ ] SQLite

  • Can you reproduce the bug at https://try.gitea.io:

    • [x] Yes (provide example URL)

    • [ ] No

    • [ ] Not relevant

Description

When I upgrade my docker container to the newest gitea release (gitea/gitea:latest) the yubikey authentication attempt causes the error attached. When I downgrade the gitea to 1.11.4 (gitea/gitea:1.11.4) the yubikey authentication works without issues.

Screenshots

gitea_u2f_error

kinbug prioritcritical revieweconfirmed
Source
picture jerheij
👍2

All 6 comments

Can Confirm for: yubikey with linux(5.6.3) + firefox 75.0 (64-bit)

6543 picture 6543 on 27 Apr 2020

Solo U2F also does not work on master branch on Linux + Firefox

lafriks picture lafriks on 27 Apr 2020

Almost the same problem.

But here comes only a very short U2F window (<1sec) and then immediately a fallback to the configured TOTP method.

configuration:
podman (Fedora 32) with gitea/gitea:latest
Browser: Chrome and Firefox

( gitea/gitea:1.11.4 runs without problems)

rgessner picture rgessner on 4 May 2020
👍1

https://github.com/grantila/u2f-api/issues/21
https://github.com/Yubico/libu2f-host/issues/130

The world has generally decided to move towards WebAuthn instead of direct protocol implementations, and so we need to do the same. The library we're using can not do that and seems abandoned.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
https://webauthn.bin.coffee/

CirnoT picture CirnoT on 4 May 2020
👀1

Ping @jonasfranz

kolaente picture kolaente on 6 May 2020

I've looked into this problem. It seems that $.post(...).success()does not work anymore. The u2f api javascript library we're using is outdated and the new version is not backward-compatible to our implementation. I think it makes no sense to stay with u2f since webauthn is the de-facto new standard. In a first step we should roll out a hot fix regarding the jquery stuff.

jonasfranz picture jonasfranz on 6 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cookiengineer picture cookiengineer  路  3Comments
thehowl picture thehowl  路  3Comments
lunny picture lunny  路  3Comments
kolargol picture kolargol  路  3Comments
Fastidious picture Fastidious  路  3Comments