web/flows: fix error when webauthn operations failed and user retries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-12 17:42:23 +02:00
parent caed306346
commit b33bff92ee
3 changed files with 20 additions and 22 deletions

View file

@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
@property({ type: Boolean })
showBackButton = false;
transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions;
static get styles(): CSSResult[] {
return [
PFBase,
@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
}
async authenticate(): Promise<void> {
// convert certain members of the PublicKeyCredentialRequestOptions into
// byte arrays as expected by the spec.
const credentialRequestOptions = this.deviceChallenge
?.challenge as PublicKeyCredentialRequestOptions;
const transformedCredentialRequestOptions =
transformCredentialRequestOptions(credentialRequestOptions);
// request the authenticator to create an assertion signature using the
// credential private key
let assertion;
try {
assertion = await navigator.credentials.get({
publicKey: transformedCredentialRequestOptions,
publicKey: this.transformedCredentialRequestOptions,
});
if (!assertion) {
throw new Error(t`Assertions is empty`);
@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
}
firstUpdated(): void {
// convert certain members of the PublicKeyCredentialRequestOptions into
// byte arrays as expected by the spec.
const credentialRequestOptions = this.deviceChallenge
?.challenge as PublicKeyCredentialRequestOptions;
this.transformedCredentialRequestOptions =
transformCredentialRequestOptions(credentialRequestOptions);
this.authenticateWrapper();
}

View file

@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
@property()
registerMessage = "";
publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions;
static get styles(): CSSResult[] {
return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal];
}
@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
if (!this.challenge) {
return;
}
// convert certain members of the PublicKeyCredentialCreateOptions into
// byte arrays as expected by the spec.
const publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
this.challenge?.registration as PublicKeyCredentialCreationOptions,
this.challenge?.registration.user.id,
);
// request the authenticator(s) to create a new credential keypair.
let credential;
try {
credential = (await navigator.credentials.create({
publicKey: publicKeyCredentialCreateOptions,
publicKey: this.publicKeyCredentialCreateOptions,
})) as PublicKeyCredential;
if (!credential) {
throw new Error("Credential is empty");
@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
}
firstUpdated(): void {
// convert certain members of the PublicKeyCredentialCreateOptions into
// byte arrays as expected by the spec.
this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
this.challenge?.registration as PublicKeyCredentialCreationOptions,
this.challenge?.registration.user.id,
);
this.registerWrapper();
}

View file

@ -1538,7 +1538,6 @@ msgstr "删除 {0}"
msgid "Deny the user access"
msgstr "拒绝用户访问"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
@ -2448,7 +2447,6 @@ msgstr "隐藏服务账户"
#: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2731,7 +2729,6 @@ msgstr ""
#~ msgid "JWT Algorithm"
#~ msgstr "JWT 算法"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
@ -2913,7 +2910,6 @@ msgstr "正在加载"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6261,8 +6257,8 @@ msgid "Verification Certificate"
msgstr "验证证书"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates"
msgstr "验证证书"
#~ msgid "Verification certificates"
#~ msgstr "验证证书"
#~ msgid "Verify only"
#~ msgstr "仅验证"