2023-03-18 06:14:05 +01:00
|
|
|
import { useRef, useState } from "react";
|
|
|
|
|
import { clsx } from "keycloakify/tools/clsx";
|
2023-03-19 23:12:45 +01:00
|
|
|
import type { MessageKey } from "keycloakify/login/i18n/i18n";
|
2022-10-05 02:40:00 -04:00
|
|
|
import { base64url } from "rfc4648";
|
2023-03-19 16:28:38 +01:00
|
|
|
import { useConstCallback } from "keycloakify/tools/useConstCallback";
|
2023-03-19 23:12:45 +01:00
|
|
|
import { type PageProps, defaultClasses } from "keycloakify/login/pages/PageProps";
|
2023-03-20 05:14:25 +01:00
|
|
|
import { useGetClassName } from "keycloakify/lib/useGetClassName";
|
2023-03-18 18:27:50 +01:00
|
|
|
import type { KcContext } from "../kcContext";
|
2023-03-18 18:54:33 +01:00
|
|
|
import type { I18n } from "../i18n";
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2023-03-18 06:14:05 +01:00
|
|
|
export default function WebauthnAuthenticate(props: PageProps<Extract<KcContext, { pageId: "webauthn-authenticate.ftl" }>, I18n>) {
|
|
|
|
|
const { kcContext, i18n, doUseDefaultCss, Template, classes } = props;
|
|
|
|
|
|
|
|
|
|
const { getClassName } = useGetClassName({
|
|
|
|
|
"defaultClasses": !doUseDefaultCss ? undefined : defaultClasses,
|
|
|
|
|
classes
|
|
|
|
|
});
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2022-10-13 11:58:31 +02:00
|
|
|
const { url } = kcContext;
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2022-10-13 11:58:31 +02:00
|
|
|
const { msg, msgStr } = i18n;
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2022-10-13 11:58:31 +02:00
|
|
|
const { authenticators, challenge, shouldDisplayAuthenticators, userVerification, rpId } = kcContext;
|
|
|
|
|
const createTimeout = Number(kcContext.createTimeout);
|
|
|
|
|
const isUserIdentified = kcContext.isUserIdentified == "true";
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2022-10-13 11:58:31 +02:00
|
|
|
const webAuthnAuthenticate = useConstCallback(async () => {
|
|
|
|
|
if (!isUserIdentified) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const allowCredentials = authenticators.authenticators.map(
|
|
|
|
|
authenticator =>
|
|
|
|
|
({
|
|
|
|
|
id: base64url.parse(authenticator.credentialId, { loose: true }),
|
|
|
|
|
type: "public-key"
|
|
|
|
|
} as PublicKeyCredentialDescriptor)
|
|
|
|
|
);
|
|
|
|
|
// Check if WebAuthn is supported by this browser
|
|
|
|
|
if (!window.PublicKeyCredential) {
|
|
|
|
|
setError(msgStr("webauthn-unsupported-browser-text"));
|
|
|
|
|
submitForm();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const publicKey: PublicKeyCredentialRequestOptions = {
|
|
|
|
|
rpId,
|
|
|
|
|
challenge: base64url.parse(challenge, { loose: true })
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (createTimeout !== 0) {
|
|
|
|
|
publicKey.timeout = createTimeout * 1000;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (allowCredentials.length) {
|
|
|
|
|
publicKey.allowCredentials = allowCredentials;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (userVerification !== "not specified") {
|
|
|
|
|
publicKey.userVerification = userVerification;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const resultRaw = await navigator.credentials.get({ publicKey });
|
|
|
|
|
if (!resultRaw || resultRaw.type != "public-key") return;
|
|
|
|
|
const result = resultRaw as PublicKeyCredential;
|
|
|
|
|
if (!("authenticatorData" in result.response)) return;
|
|
|
|
|
const response = result.response as AuthenticatorAssertionResponse;
|
|
|
|
|
const clientDataJSON = response.clientDataJSON;
|
|
|
|
|
const authenticatorData = response.authenticatorData;
|
|
|
|
|
const signature = response.signature;
|
|
|
|
|
|
|
|
|
|
setClientDataJSON(base64url.stringify(new Uint8Array(clientDataJSON), { pad: false }));
|
|
|
|
|
setAuthenticatorData(base64url.stringify(new Uint8Array(authenticatorData), { pad: false }));
|
|
|
|
|
setSignature(base64url.stringify(new Uint8Array(signature), { pad: false }));
|
|
|
|
|
setCredentialId(result.id);
|
|
|
|
|
setUserHandle(base64url.stringify(new Uint8Array(response.userHandle!), { pad: false }));
|
|
|
|
|
submitForm();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
setError(String(err));
|
|
|
|
|
submitForm();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const webAuthForm = useRef<HTMLFormElement>(null);
|
|
|
|
|
const submitForm = useConstCallback(() => {
|
|
|
|
|
webAuthForm.current!.submit();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const [clientDataJSON, setClientDataJSON] = useState("");
|
|
|
|
|
const [authenticatorData, setAuthenticatorData] = useState("");
|
|
|
|
|
const [signature, setSignature] = useState("");
|
|
|
|
|
const [credentialId, setCredentialId] = useState("");
|
|
|
|
|
const [userHandle, setUserHandle] = useState("");
|
|
|
|
|
const [error, setError] = useState("");
|
|
|
|
|
|
|
|
|
|
return (
|
|
|
|
|
<Template
|
2023-03-18 06:14:05 +01:00
|
|
|
{...{ kcContext, i18n, doUseDefaultCss, classes }}
|
2022-10-13 11:58:31 +02:00
|
|
|
headerNode={msg("webauthn-login-title")}
|
|
|
|
|
formNode={
|
2023-03-18 06:14:05 +01:00
|
|
|
<div id="kc-form-webauthn" className={getClassName("kcFormClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
<form id="webauth" action={url.loginAction} ref={webAuthForm} method="post">
|
|
|
|
|
<input type="hidden" id="clientDataJSON" name="clientDataJSON" value={clientDataJSON} />
|
|
|
|
|
<input type="hidden" id="authenticatorData" name="authenticatorData" value={authenticatorData} />
|
|
|
|
|
<input type="hidden" id="signature" name="signature" value={signature} />
|
|
|
|
|
<input type="hidden" id="credentialId" name="credentialId" value={credentialId} />
|
|
|
|
|
<input type="hidden" id="userHandle" name="userHandle" value={userHandle} />
|
|
|
|
|
<input type="hidden" id="error" name="error" value={error} />
|
|
|
|
|
</form>
|
2023-03-18 06:14:05 +01:00
|
|
|
<div className={getClassName("kcFormGroupClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
{authenticators &&
|
|
|
|
|
(() => (
|
2023-03-18 06:14:05 +01:00
|
|
|
<form id="authn_select" className={getClassName("kcFormClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
{authenticators.authenticators.map(authenticator => (
|
|
|
|
|
<input
|
|
|
|
|
type="hidden"
|
|
|
|
|
name="authn_use_chk"
|
|
|
|
|
value={authenticator.credentialId}
|
|
|
|
|
key={authenticator.credentialId}
|
|
|
|
|
/>
|
|
|
|
|
))}
|
|
|
|
|
</form>
|
|
|
|
|
))()}
|
|
|
|
|
{authenticators &&
|
|
|
|
|
shouldDisplayAuthenticators &&
|
|
|
|
|
(() => (
|
|
|
|
|
<>
|
|
|
|
|
{authenticators.authenticators.length > 1 && (
|
2023-03-18 06:14:05 +01:00
|
|
|
<p className={getClassName("kcSelectAuthListItemTitle")}>{msg("webauthn-available-authenticators")}</p>
|
2022-10-13 11:58:31 +02:00
|
|
|
)}
|
2023-03-18 06:14:05 +01:00
|
|
|
<div className={getClassName("kcFormClass")}>
|
2022-10-05 02:40:00 -04:00
|
|
|
{authenticators.authenticators.map(authenticator => (
|
2023-03-18 06:14:05 +01:00
|
|
|
<div id="kc-webauthn-authenticator" className={getClassName("kcSelectAuthListItemClass")}>
|
|
|
|
|
<div className={getClassName("kcSelectAuthListItemIconClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
<i
|
2022-10-16 00:49:49 +02:00
|
|
|
className={clsx(
|
2023-03-18 06:14:05 +01:00
|
|
|
(() => {
|
|
|
|
|
const className = getClassName(authenticator.transports.iconClass as any);
|
|
|
|
|
return className.includes(" ")
|
|
|
|
|
? className
|
|
|
|
|
: [className, getClassName("kcWebAuthnDefaultIcon")];
|
|
|
|
|
})(),
|
|
|
|
|
getClassName("kcSelectAuthListItemIconPropertyClass")
|
2022-10-13 11:58:31 +02:00
|
|
|
)}
|
|
|
|
|
/>
|
|
|
|
|
</div>
|
2023-03-18 06:14:05 +01:00
|
|
|
<div className={getClassName("kcSelectAuthListItemBodyClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
<div
|
|
|
|
|
id="kc-webauthn-authenticator-label"
|
2023-03-18 06:14:05 +01:00
|
|
|
className={getClassName("kcSelectAuthListItemHeadingClass")}
|
2022-10-13 11:58:31 +02:00
|
|
|
>
|
|
|
|
|
{authenticator.label}
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
2022-10-13 11:58:31 +02:00
|
|
|
|
|
|
|
|
{authenticator.transports && authenticator.transports.displayNameProperties.length && (
|
2022-10-05 02:40:00 -04:00
|
|
|
<div
|
2022-10-13 11:58:31 +02:00
|
|
|
id="kc-webauthn-authenticator-transport"
|
2023-03-18 06:14:05 +01:00
|
|
|
className={getClassName("kcSelectAuthListItemDescriptionClass")}
|
2022-10-05 02:40:00 -04:00
|
|
|
>
|
2022-10-13 11:58:31 +02:00
|
|
|
{authenticator.transports.displayNameProperties.map(
|
2023-03-19 14:48:01 +01:00
|
|
|
(transport: MessageKey, index: number) => (
|
2022-10-13 11:58:31 +02:00
|
|
|
<>
|
|
|
|
|
<span>{msg(transport)}</span>
|
|
|
|
|
{index < authenticator.transports.displayNameProperties.length - 1 && (
|
|
|
|
|
<span>{", "}</span>
|
|
|
|
|
)}
|
|
|
|
|
</>
|
|
|
|
|
)
|
|
|
|
|
)}
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
2022-10-13 11:58:31 +02:00
|
|
|
)}
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2023-03-18 06:14:05 +01:00
|
|
|
<div className={getClassName("kcSelectAuthListItemDescriptionClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
<span id="kc-webauthn-authenticator-created-label">{msg("webauthn-createdAt-label")}</span>
|
|
|
|
|
<span id="kc-webauthn-authenticator-created">{authenticator.createdAt}</span>
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
|
|
|
|
</div>
|
2023-03-18 06:14:05 +01:00
|
|
|
<div className={getClassName("kcSelectAuthListItemFillClass")} />
|
2022-10-13 11:58:31 +02:00
|
|
|
</div>
|
|
|
|
|
))}
|
|
|
|
|
</div>
|
|
|
|
|
</>
|
|
|
|
|
))()}
|
2023-03-18 06:14:05 +01:00
|
|
|
<div id="kc-form-buttons" className={getClassName("kcFormButtonsClass")}>
|
2022-10-13 11:58:31 +02:00
|
|
|
<input
|
|
|
|
|
id="authenticateWebAuthnButton"
|
|
|
|
|
type="button"
|
|
|
|
|
onClick={webAuthnAuthenticate}
|
|
|
|
|
autoFocus={true}
|
|
|
|
|
value={msgStr("webauthn-doAuthenticate")}
|
2022-10-16 00:49:49 +02:00
|
|
|
className={clsx(
|
2023-03-18 06:14:05 +01:00
|
|
|
getClassName("kcButtonClass"),
|
|
|
|
|
getClassName("kcButtonPrimaryClass"),
|
|
|
|
|
getClassName("kcButtonBlockClass"),
|
|
|
|
|
getClassName("kcButtonLargeClass")
|
2022-10-13 11:58:31 +02:00
|
|
|
)}
|
|
|
|
|
/>
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
|
|
|
|
</div>
|
2022-10-13 11:58:31 +02:00
|
|
|
</div>
|
|
|
|
|
}
|
|
|
|
|
/>
|
|
|
|
|
);
|
2023-02-25 18:11:23 +01:00
|
|
|
}
|
