web/flows: fix error when webauthn operations failed and user retries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-12 17:42:23 +02:00
parent caed306346
commit b33bff92ee
3 changed files with 20 additions and 22 deletions

View File

@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
@property({ type: Boolean }) @property({ type: Boolean })
showBackButton = false; showBackButton = false;
transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions;
static get styles(): CSSResult[] { static get styles(): CSSResult[] {
return [ return [
PFBase, PFBase,
@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
} }
async authenticate(): Promise<void> { async authenticate(): Promise<void> {
// convert certain members of the PublicKeyCredentialRequestOptions into
// byte arrays as expected by the spec.
const credentialRequestOptions = this.deviceChallenge
?.challenge as PublicKeyCredentialRequestOptions;
const transformedCredentialRequestOptions =
transformCredentialRequestOptions(credentialRequestOptions);
// request the authenticator to create an assertion signature using the // request the authenticator to create an assertion signature using the
// credential private key // credential private key
let assertion; let assertion;
try { try {
assertion = await navigator.credentials.get({ assertion = await navigator.credentials.get({
publicKey: transformedCredentialRequestOptions, publicKey: this.transformedCredentialRequestOptions,
}); });
if (!assertion) { if (!assertion) {
throw new Error(t`Assertions is empty`); throw new Error(t`Assertions is empty`);
@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
} }
firstUpdated(): void { firstUpdated(): void {
// convert certain members of the PublicKeyCredentialRequestOptions into
// byte arrays as expected by the spec.
const credentialRequestOptions = this.deviceChallenge
?.challenge as PublicKeyCredentialRequestOptions;
this.transformedCredentialRequestOptions =
transformCredentialRequestOptions(credentialRequestOptions);
this.authenticateWrapper(); this.authenticateWrapper();
} }

View File

@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
@property() @property()
registerMessage = ""; registerMessage = "";
publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions;
static get styles(): CSSResult[] { static get styles(): CSSResult[] {
return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal]; return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal];
} }
@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
if (!this.challenge) { if (!this.challenge) {
return; return;
} }
// convert certain members of the PublicKeyCredentialCreateOptions into
// byte arrays as expected by the spec.
const publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
this.challenge?.registration as PublicKeyCredentialCreationOptions,
this.challenge?.registration.user.id,
);
// request the authenticator(s) to create a new credential keypair. // request the authenticator(s) to create a new credential keypair.
let credential; let credential;
try { try {
credential = (await navigator.credentials.create({ credential = (await navigator.credentials.create({
publicKey: publicKeyCredentialCreateOptions, publicKey: this.publicKeyCredentialCreateOptions,
})) as PublicKeyCredential; })) as PublicKeyCredential;
if (!credential) { if (!credential) {
throw new Error("Credential is empty"); throw new Error("Credential is empty");
@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
} }
firstUpdated(): void { firstUpdated(): void {
// convert certain members of the PublicKeyCredentialCreateOptions into
// byte arrays as expected by the spec.
this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
this.challenge?.registration as PublicKeyCredentialCreationOptions,
this.challenge?.registration.user.id,
);
this.registerWrapper(); this.registerWrapper();
} }

View File

@ -1538,7 +1538,6 @@ msgstr "删除 {0}"
msgid "Deny the user access" msgid "Deny the user access"
msgstr "拒绝用户访问" msgstr "拒绝用户访问"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。" msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
@ -2448,7 +2447,6 @@ msgstr "隐藏服务账户"
#: src/pages/outposts/OutpostForm.ts #: src/pages/outposts/OutpostForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts
#: src/pages/sources/ldap/LDAPSourceForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts
@ -2731,7 +2729,6 @@ msgstr ""
#~ msgid "JWT Algorithm" #~ msgid "JWT Algorithm"
#~ msgstr "JWT 算法" #~ msgstr "JWT 算法"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
@ -2913,7 +2910,6 @@ msgstr "正在加载"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts
@ -6261,8 +6257,8 @@ msgid "Verification Certificate"
msgstr "验证证书" msgstr "验证证书"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Verification certificates" #~ msgid "Verification certificates"
msgstr "验证证书" #~ msgstr "验证证书"
#~ msgid "Verify only" #~ msgid "Verify only"
#~ msgstr "仅验证" #~ msgstr "仅验证"