Revert "Feature/configurable timeout (#385)"

This reverts commit c70b1bb.
kanidm · Nov 23, 2023 · b38fd8e · b38fd8e
1 parent a0cb1e8
commit b38fd8e
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 30 deletions.
diff --git a/webauthn-authenticator-rs/examples/authenticate.rs b/webauthn-authenticator-rs/examples/authenticate.rs
@@ -4,7 +4,6 @@ extern crate tracing;
 #[cfg(feature = "softtoken")]
 use std::fs::OpenOptions;
 use std::io::{stdin, stdout, Write};
-use std::time::Duration;
 
 use clap::clap_derive::ValueEnum;
 #[cfg(any(feature = "cable", feature = "softtoken"))]
@@ -237,7 +236,7 @@ async fn main() {
  "https://localhost:8080/auth",
  "localhost",
  vec![url::Url::parse("https://localhost:8080").unwrap()],
- Some(Duration::from_millis(1)),
+ Some(1),
  None,
  None,
  );

diff --git a/webauthn-rs-core/src/constants.rs b/webauthn-rs-core/src/constants.rs
@@ -1,5 +1,4 @@
-use std::time::Duration;
-
 // Can this ever change?
 pub const CHALLENGE_SIZE_BYTES: usize = 32;
-pub const DEFAULT_AUTHENTICATOR_TIMEOUT: Duration = Duration::from_millis(60000);
+// Allegedly this is milliseconds?
+pub const AUTHENTICATOR_TIMEOUT: u32 = 60000;
diff --git a/webauthn-rs-core/src/core.rs b/webauthn-rs-core/src/core.rs
@@ -18,15 +18,14 @@
 use rand::prelude::*;
 use std::collections::BTreeSet;
 use std::convert::TryFrom;
-use std::time::Duration;
 use url::Url;
 
 use crate::attestation::{
  verify_android_key_attestation, verify_android_safetynet_attestation,
  verify_apple_anonymous_attestation, verify_attestation_ca_chain, verify_fidou2f_attestation,
  verify_packed_attestation, verify_tpm_attestation, AttestationFormat,
 };
-use crate::constants::{CHALLENGE_SIZE_BYTES, DEFAULT_AUTHENTICATOR_TIMEOUT};
+use crate::constants::{AUTHENTICATOR_TIMEOUT, CHALLENGE_SIZE_BYTES};
 use crate::crypto::compute_sha256;
 use crate::error::WebauthnError;
 use crate::internals::*;
@@ -55,7 +54,7 @@ pub struct WebauthnCore {
  rp_id: String,
  rp_id_hash: [u8; 32],
  allowed_origins: Vec<Url>,
- authenticator_timeout: Duration,
+ authenticator_timeout: u32,
  require_valid_counter_value: bool,
  #[allow(unused)]
  ignore_unsupported_attestation_formats: bool,
@@ -85,7 +84,7 @@ impl WebauthnCore {
  rp_name: &str,
  rp_id: &str,
  allowed_origins: Vec<Url>,
- authenticator_timeout: Option<Duration>,
+ authenticator_timeout: Option<u32>,
  allow_subdomains_origin: Option<bool>,
  allow_any_port: Option<bool>,
  ) -> Self {
@@ -95,7 +94,7 @@ impl WebauthnCore {
  rp_id: rp_id.to_string(),
  rp_id_hash,
  allowed_origins,
- authenticator_timeout: authenticator_timeout.unwrap_or(DEFAULT_AUTHENTICATOR_TIMEOUT),
+ authenticator_timeout: authenticator_timeout.unwrap_or(AUTHENTICATOR_TIMEOUT),
  require_valid_counter_value: true,
  ignore_unsupported_attestation_formats: true,
  allow_cross_origin: false,
@@ -214,9 +213,6 @@ impl WebauthnCore {
  Some(ResidentKeyRequirement::Discouraged)
  };
 
- let timeout_millis =
- u32::try_from(self.authenticator_timeout.as_millis()).expect("Timeout too large");
-
  let c = CreationChallengeResponse {
  public_key: PublicKeyCredentialCreationOptions {
  rp: RelyingParty {
@@ -236,7 +232,7 @@ impl WebauthnCore {
  alg: *alg as i64,
  })
  .collect(),
- timeout: Some(timeout_millis),
+ timeout: Some(self.authenticator_timeout),
  attestation: Some(attestation),
  exclude_credentials: exclude_credentials.as_ref().map(|creds| {
  creds
@@ -939,15 +935,12 @@ impl WebauthnCore {
  // Extract the appid from the extensions to store it in the AuthenticationState
  let appid = extensions.as_ref().and_then(|e| e.appid.clone());
 
- let timeout_millis =
- u32::try_from(self.authenticator_timeout.as_millis()).expect("Timeout too large");
-
  // Store the chal associated to the user.
  // Now put that into the correct challenge format
  let r = RequestChallengeResponse {
  public_key: PublicKeyCredentialRequestOptions {
  challenge: chal.clone().into(),
- timeout: Some(timeout_millis),
+ timeout: Some(self.authenticator_timeout),
  rp_id: self.rp_id.clone(),
  allow_credentials: ac,
  user_verification: policy,

diff --git a/webauthn-rs/src/lib.rs b/webauthn-rs/src/lib.rs
@@ -185,7 +185,6 @@ extern crate tracing;
 
 mod interface;
 
-use std::time::Duration;
 use url::Url;
 use uuid::Uuid;
 use webauthn_rs_core::error::{WebauthnError, WebauthnResult};
@@ -226,7 +225,6 @@ pub struct WebauthnBuilder<'a> {
  allowed_origins: Vec<Url>,
  allow_subdomains: bool,
  allow_any_port: bool,
- timeout: Option<Duration>,
  algorithms: Vec<COSEAlgorithm>,
  user_presence_only_security_keys: bool,
 }
@@ -282,7 +280,6 @@ impl<'a> WebauthnBuilder<'a> {
  allowed_origins: vec![rp_origin.to_owned()],
  allow_subdomains: false,
  allow_any_port: false,
- timeout: None,
  algorithms: COSEAlgorithm::secure_algs(),
  user_presence_only_security_keys: false,
  })
@@ -318,14 +315,6 @@ impl<'a> WebauthnBuilder<'a> {
  self
  }
 
- /// Set the timeout value to use for credential creation and authentication challenges.
- ///
- /// If not set, defaults to [webauthn_rs_core::constants::DEFAULT_AUTHENTICATOR_TIMEOUT].
- pub fn timeout(mut self, timeout: Duration) -> Self {
- self.timeout = Some(timeout);
- self
- }
-
  /// Set the relying party name. This may be shown to the user. This value can be changed in
  /// the future without affecting credentials that have already registered.
  ///
@@ -367,7 +356,7 @@ impl<'a> WebauthnBuilder<'a> {
  self.rp_name.unwrap_or(self.rp_id),
  self.rp_id,
  self.allowed_origins,
- self.timeout,
+ None,
  Some(self.allow_subdomains),
  Some(self.allow_any_port),
  ),