diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts index 3da5f2fc3..f47cab5c7 100644 --- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts +++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts @@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage< @property({ type: Boolean }) showBackButton = false; + transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions; + static get styles(): CSSResult[] { return [ PFBase, @@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage< } async authenticate(): Promise { - // convert certain members of the PublicKeyCredentialRequestOptions into - // byte arrays as expected by the spec. - const credentialRequestOptions = this.deviceChallenge - ?.challenge as PublicKeyCredentialRequestOptions; - const transformedCredentialRequestOptions = - transformCredentialRequestOptions(credentialRequestOptions); - // request the authenticator to create an assertion signature using the // credential private key let assertion; try { assertion = await navigator.credentials.get({ - publicKey: transformedCredentialRequestOptions, + publicKey: this.transformedCredentialRequestOptions, }); if (!assertion) { throw new Error(t`Assertions is empty`); @@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage< } firstUpdated(): void { + // convert certain members of the PublicKeyCredentialRequestOptions into + // byte arrays as expected by the spec. + const credentialRequestOptions = this.deviceChallenge + ?.challenge as PublicKeyCredentialRequestOptions; + this.transformedCredentialRequestOptions = + transformCredentialRequestOptions(credentialRequestOptions); this.authenticateWrapper(); } diff --git a/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts b/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts index 6ffe9b755..1c25998bd 100644 --- a/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts +++ b/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts @@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage< @property() registerMessage = ""; + publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions; + static get styles(): CSSResult[] { return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal]; } @@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage< if (!this.challenge) { return; } - // convert certain members of the PublicKeyCredentialCreateOptions into - // byte arrays as expected by the spec. - const publicKeyCredentialCreateOptions = transformCredentialCreateOptions( - this.challenge?.registration as PublicKeyCredentialCreationOptions, - this.challenge?.registration.user.id, - ); - // request the authenticator(s) to create a new credential keypair. let credential; try { credential = (await navigator.credentials.create({ - publicKey: publicKeyCredentialCreateOptions, + publicKey: this.publicKeyCredentialCreateOptions, })) as PublicKeyCredential; if (!credential) { throw new Error("Credential is empty"); @@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage< } firstUpdated(): void { + // convert certain members of the PublicKeyCredentialCreateOptions into + // byte arrays as expected by the spec. + this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions( + this.challenge?.registration as PublicKeyCredentialCreationOptions, + this.challenge?.registration.user.id, + ); this.registerWrapper(); } diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po index 76b63e602..6f68b0941 100644 --- a/web/src/locales/zh-Hans.po +++ b/web/src/locales/zh-Hans.po @@ -1538,7 +1538,6 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。" @@ -2448,7 +2447,6 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2731,7 +2729,6 @@ msgstr "" #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2913,7 +2910,6 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -6261,8 +6257,8 @@ msgid "Verification Certificate" msgstr "验证证书" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts -msgid "Verification certificates" -msgstr "验证证书" +#~ msgid "Verification certificates" +#~ msgstr "验证证书" #~ msgid "Verify only" #~ msgstr "仅验证"