Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-84175

Upgrade WebAuthn to 2.2.0

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 5.0
    • 5.0
    • Libraries
    • MOODLE_500_STABLE
    • MOODLE_500_STABLE
    • MDL-84175_upgrade-WebAuthn-to-2-2-0
    • Hide

      (Copied from MDL-80638)

      Here we will just test the workflow that is using Webauthn. 

      Requirements and setup:

      • Your site should be HTTPS WITH a valid certificate. Can also use ngrok. Anything else will make the setup page fail silently (reported here MDL-81285). 
      • Use at least Chrome
      1. Login as administrator
      2. Go to Site admin > plugins > admin tools > Multi-factor authentication
        1. Check the "MFA plugin enabled"
        2. Enable the "Security key" plugin

      Test WebAuthn factor test (Security key) - Only applied to Admins

      1. Click on the user profile picture in the header, then click on Preferences
      2. Click on Multi-factor authentication preferences in the User account block
      3. Look for the "Security key" block under "Available factors" then click on the Setup authenticator button
        1. Set the Security key Name to any name (This field is required)
        2. Click on Register authenticator and you will be asked to choose the authentication device
        3. You can choose any or fingerprint if you have that in your machine then Save changes
      4. Go to another "Testing" browser
        • Do not log off, open a new browser for testing (private browsing for example)
      5. Login as administrator
      6. Confirm that you are taken to a page where you will authenticate using the "WebAuthn"
      7. Click on the Verify authenticator button then follow the same steps when you registered the authenticator
      8. Confirm that once the authentication succeed, you are taken to the home page

      Warning: If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI:

      php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0
      Show
      (Copied from MDL-80638 ) Here we will just test the workflow that is using Webauthn.  Requirements and setup: Your site should be HTTPS WITH a valid certificate. Can also use ngrok. Anything else will make the setup page fail silently (reported here MDL-81285 ).  Use at least Chrome Login as administrator Go to Site admin > plugins > admin tools > Multi-factor authentication Check the "MFA plugin enabled" Enable the "Security key" plugin Test WebAuthn factor test (Security key) - Only applied to Admins Click on the user profile picture in the header, then click on Preferences Click on  Multi-factor authentication preferences in the User account  block Look for the "Security key" block under "Available factors" then click on the Setup authenticator  button Set the Security key Name to any name (This field is required) Click on  Register authenticator and you will be asked to choose the authentication device You can choose any or fingerprint if you have that in your machine then Save changes Go to another "Testing" browser Do not log off, open a new browser for testing (private browsing for example) Login as administrator Confirm  that you are taken to a page where you will authenticate using the "WebAuthn" Click on the Verify authenticator  button then follow the same steps when you  registered  the authenticator Confirm that once the authentication succeed, you are taken to the home page Warning : If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0
    • Hide

      Code verified against automated checks.

      Checked MDL-84175 using repository: https://github.com/ziegenberg/moodle

      More information about this report

      Built on: Sat Mar 8 08:47:42 UTC 2025

      Show
      Code verified against automated checks. Checked MDL-84175 using repository: https://github.com/ziegenberg/moodle main (0 errors / 0 warnings) [branch: MDL-84175_upgrade-WebAuthn-to-2-2-0 | CI Job ] More information about this report Built on: Sat Mar 8 08:47:42 UTC 2025
    • Hide

      Launching automatic jobs for branch MDL-84175_upgrade-WebAuthn-to-2-2-0

      Built on: Mon Feb 24 10:25:33 AM UTC 2025

      Show
      Launching automatic jobs for branch MDL-84175 _upgrade-WebAuthn-to-2-2-0 https://ci.moodle.org/view/Testing/job/DEV.02%20-%20Developer-requested%20PHPUnit/18338/ PHPUnit (sqlsrv) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/62733/ Behat (NonJS - boost and classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/62734/ Behat (Firefox - boost) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/62735/ Behat (Firefox - classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/62736/ App tests (stable app version) --> unrelated failures, please ignore. Built on: Mon Feb 24 10:25:33 AM UTC 2025

      WebAuthn    lib/webauthn/src    2.1.1  -->  2.2.0    https://github.com/lbuchs/WebAuthn

        1. result_1.png
          result_1.png
          167 kB
        2. result_2.png
          result_2.png
          103 kB
        3. result_3.png
          result_3.png
          158 kB
        4. result_4.png
          result_4.png
          135 kB

            Daniel Ziegenberg Daniel Ziegenberg
            sarjona Sara Arjona (@sarjona)
            Paul Holden Paul Holden
            Huong Nguyen Huong Nguyen
            Huong Nguyen Huong Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.