web/flows: fix error when webauthn operations failed and user retries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
caed306346
commit
b33bff92ee
|
@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
|
|||
@property({ type: Boolean })
|
||||
showBackButton = false;
|
||||
|
||||
transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [
|
||||
PFBase,
|
||||
|
@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
|
|||
}
|
||||
|
||||
async authenticate(): Promise<void> {
|
||||
// convert certain members of the PublicKeyCredentialRequestOptions into
|
||||
// byte arrays as expected by the spec.
|
||||
const credentialRequestOptions = this.deviceChallenge
|
||||
?.challenge as PublicKeyCredentialRequestOptions;
|
||||
const transformedCredentialRequestOptions =
|
||||
transformCredentialRequestOptions(credentialRequestOptions);
|
||||
|
||||
// request the authenticator to create an assertion signature using the
|
||||
// credential private key
|
||||
let assertion;
|
||||
try {
|
||||
assertion = await navigator.credentials.get({
|
||||
publicKey: transformedCredentialRequestOptions,
|
||||
publicKey: this.transformedCredentialRequestOptions,
|
||||
});
|
||||
if (!assertion) {
|
||||
throw new Error(t`Assertions is empty`);
|
||||
|
@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
|
|||
}
|
||||
|
||||
firstUpdated(): void {
|
||||
// convert certain members of the PublicKeyCredentialRequestOptions into
|
||||
// byte arrays as expected by the spec.
|
||||
const credentialRequestOptions = this.deviceChallenge
|
||||
?.challenge as PublicKeyCredentialRequestOptions;
|
||||
this.transformedCredentialRequestOptions =
|
||||
transformCredentialRequestOptions(credentialRequestOptions);
|
||||
this.authenticateWrapper();
|
||||
}
|
||||
|
||||
|
|
|
@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
|
|||
@property()
|
||||
registerMessage = "";
|
||||
|
||||
publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal];
|
||||
}
|
||||
|
@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
|
|||
if (!this.challenge) {
|
||||
return;
|
||||
}
|
||||
// convert certain members of the PublicKeyCredentialCreateOptions into
|
||||
// byte arrays as expected by the spec.
|
||||
const publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
|
||||
this.challenge?.registration as PublicKeyCredentialCreationOptions,
|
||||
this.challenge?.registration.user.id,
|
||||
);
|
||||
|
||||
// request the authenticator(s) to create a new credential keypair.
|
||||
let credential;
|
||||
try {
|
||||
credential = (await navigator.credentials.create({
|
||||
publicKey: publicKeyCredentialCreateOptions,
|
||||
publicKey: this.publicKeyCredentialCreateOptions,
|
||||
})) as PublicKeyCredential;
|
||||
if (!credential) {
|
||||
throw new Error("Credential is empty");
|
||||
|
@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
|
|||
}
|
||||
|
||||
firstUpdated(): void {
|
||||
// convert certain members of the PublicKeyCredentialCreateOptions into
|
||||
// byte arrays as expected by the spec.
|
||||
this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
|
||||
this.challenge?.registration as PublicKeyCredentialCreationOptions,
|
||||
this.challenge?.registration.user.id,
|
||||
);
|
||||
this.registerWrapper();
|
||||
}
|
||||
|
||||
|
|
|
@ -1538,7 +1538,6 @@ msgstr "删除 {0}"
|
|||
msgid "Deny the user access"
|
||||
msgstr "拒绝用户访问"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
|
||||
msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
|
||||
|
@ -2448,7 +2447,6 @@ msgstr "隐藏服务账户"
|
|||
#: src/pages/outposts/OutpostForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/saml/SAMLProviderForm.ts
|
||||
#: src/pages/sources/ldap/LDAPSourceForm.ts
|
||||
|
@ -2731,7 +2729,6 @@ msgstr ""
|
|||
#~ msgid "JWT Algorithm"
|
||||
#~ msgstr "JWT 算法"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
|
||||
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
|
||||
|
@ -2913,7 +2910,6 @@ msgstr "正在加载"
|
|||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||
|
@ -6261,8 +6257,8 @@ msgid "Verification Certificate"
|
|||
msgstr "验证证书"
|
||||
|
||||
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
|
||||
msgid "Verification certificates"
|
||||
msgstr "验证证书"
|
||||
#~ msgid "Verification certificates"
|
||||
#~ msgstr "验证证书"
|
||||
|
||||
#~ msgid "Verify only"
|
||||
#~ msgstr "仅验证"
|
||||
|
|
Reference in a new issue