agtic/keycloak_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update webauthn-autenticate.ftl

Browse Source
This commit is contained in:
Joseph Garrone 2024-05-10 18:30:48 +02:00
parent f8bf54835d
commit 1d87e8fe8b
3 changed files with 222 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/login/kcContext/KcContext.ts
View File

@ -340,6 +340,14 @@ export declare namespace KcContext {
displayInfo: boolean; displayInfo: boolean;
}; };
login: {}; login: {};
realm: {
password: boolean;
registrationAllowed: boolean;
};
registrationDisabled?: boolean;
url: {
registrationUrl?: string;
};
}; };
export namespace WebauthnAuthenticate { export namespace WebauthnAuthenticate {
@ -347,7 +355,7 @@ export declare namespace KcContext {
credentialId: string; credentialId: string;
transports: { transports: {
iconClass: string; iconClass: string;
displayNameProperties: MessageKey[]; displayNameProperties?: MessageKey[];
}; };
label: string; label: string;
createdAt: string; createdAt: string;

6
src/login/pages/Login.tsx
View File

@ -25,11 +25,9 @@ export default function Login(props: PageProps<Extract<KcContext, { pageId: "log
<Template <Template
{...{ kcContext, i18n, doUseDefaultCss, classes }} {...{ kcContext, i18n, doUseDefaultCss, classes }}
displayMessage={!messagesPerField.existsError("username", "password")} displayMessage={!messagesPerField.existsError("username", "password")}
displayInfo={realm.password && realm.registrationAllowed && !registrationDisabled}
headerNode={msg("loginAccountTitle")} headerNode={msg("loginAccountTitle")}
displayInfo={realm.password && realm.registrationAllowed && !registrationDisabled}
infoNode={ infoNode={
<>
{realm.password && realm.registrationAllowed && !registrationDisabled && (
<div id="kc-registration-container"> <div id="kc-registration-container">
<div id="kc-registration"> <div id="kc-registration">
<span> <span>
@ -40,8 +38,6 @@ export default function Login(props: PageProps<Extract<KcContext, { pageId: "log
</span> </span>
</div> </div>
</div> </div>
)}
</>
} }
socialProvidersNode={ socialProvidersNode={
<> <>

272
src/login/pages/WebauthnAuthenticate.tsx
View File

@ -1,204 +1,244 @@
import { useRef, useState } from "react"; import { useEffect, Fragment } from "react";
import { clsx } from "keycloakify/tools/clsx"; import { clsx } from "keycloakify/tools/clsx";
import type { MessageKey } from "keycloakify/login/i18n/i18n"; import type { MessageKey } from "keycloakify/login/i18n/i18n";
import { base64url } from "rfc4648";
import { useConstCallback } from "keycloakify/tools/useConstCallback";
import type { PageProps } from "keycloakify/login/pages/PageProps"; import type { PageProps } from "keycloakify/login/pages/PageProps";
import { useGetClassName } from "keycloakify/login/lib/useGetClassName"; import { useGetClassName } from "keycloakify/login/lib/useGetClassName";
import { assert } from "tsafe/assert";
import { createUseInsertScriptTags } from "keycloakify/tools/useInsertScriptTags";
import type { KcContext } from "../kcContext"; import type { KcContext } from "../kcContext";
import type { I18n } from "../i18n"; import type { I18n } from "../i18n";
import { assert } from "tsafe/assert";
import { is } from "tsafe/is"; const { useInsertScriptTags } = createUseInsertScriptTags();
import { typeGuard } from "tsafe/typeGuard";
export default function WebauthnAuthenticate(props: PageProps<Extract<KcContext, { pageId: "webauthn-authenticate.ftl" }>, I18n>) { export default function WebauthnAuthenticate(props: PageProps<Extract<KcContext, { pageId: "webauthn-authenticate.ftl" }>, I18n>) {
const { kcContext, i18n, doUseDefaultCss, Template, classes } = props; const { kcContext, i18n, doUseDefaultCss, Template, classes } = props;
const { getClassName } = useGetClassName({ doUseDefaultCss, classes }); const { getClassName } = useGetClassName({ doUseDefaultCss, classes });
const { url } = kcContext; const {
url,
isUserIdentified,
challenge,
userVerification,
rpId,
createTimeout,
messagesPerField,
realm,
registrationDisabled,
authenticators,
shouldDisplayAuthenticators
} = kcContext;
const { msg, msgStr } = i18n; const { msg, msgStr } = i18n;
const { authenticators, challenge, shouldDisplayAuthenticators, userVerification, rpId } = kcContext; const { insertScriptTags } = useInsertScriptTags({
const createTimeout = Number(kcContext.createTimeout); "scriptTags": [
const isUserIdentified = kcContext.isUserIdentified == "true"; {
"type": "text/javascript",
"src": `${url.resourcesCommonPath}/node_modules/jquery/dist/jquery.min.js`
},
{
"type": "text/javascript",
"src": `${url.resourcesPath}/js/base64url.js`
},
{
"type": "text/javascript",
"textContent": `
const formElementRef = useRef<HTMLFormElement>(null); function webAuthnAuthenticate() {
let isUserIdentified = ${isUserIdentified};
const webAuthnAuthenticate = useConstCallback(async () => {
if (!isUserIdentified) { if (!isUserIdentified) {
doAuthenticate([]);
return; return;
} }
checkAllowCredentials();
const submitForm = async (): Promise<void> => {
const formElement = formElementRef.current;
if (formElement === null) {
await new Promise(resolve => setTimeout(resolve, 100));
return submitForm();
} }
formElement.submit(); function checkAllowCredentials() {
}; let allowCredentials = [];
let authn_use = document.forms['authn_select'].authn_use_chk;
if (authn_use !== undefined) {
if (authn_use.length === undefined) {
allowCredentials.push({
id: base64url.decode(authn_use.value, {loose: true}),
type: 'public-key',
});
} else {
for (let i = 0; i < authn_use.length; i++) {
allowCredentials.push({
id: base64url.decode(authn_use[i].value, {loose: true}),
type: 'public-key',
});
}
}
}
doAuthenticate(allowCredentials);
}
function doAuthenticate(allowCredentials) {
const allowCredentials = authenticators.authenticators.map(
authenticator =>
({
id: base64url.parse(authenticator.credentialId, { loose: true }),
type: "public-key"
} as PublicKeyCredentialDescriptor)
);
// Check if WebAuthn is supported by this browser // Check if WebAuthn is supported by this browser
if (!window.PublicKeyCredential) { if (!window.PublicKeyCredential) {
setError(msgStr("webauthn-unsupported-browser-text")); $("#error").val("${msgStr("webauthn-unsupported-browser-text")}");
submitForm(); $("#webauth").submit();
return; return;
} }
const publicKey: PublicKeyCredentialRequestOptions = { let challenge = "${challenge}";
rpId, let userVerification = "${userVerification}";
challenge: base64url.parse(challenge, { loose: true }) let rpId = "${rpId}";
let publicKey = {
rpId : rpId,
challenge: base64url.decode(challenge, { loose: true })
}; };
if (createTimeout !== 0) { let createTimeout = ${createTimeout};
publicKey.timeout = createTimeout * 1000; if (createTimeout !== 0) publicKey.timeout = createTimeout * 1000;
}
if (allowCredentials.length) { if (allowCredentials.length) {
publicKey.allowCredentials = allowCredentials; publicKey.allowCredentials = allowCredentials;
} }
if (userVerification !== "not specified") { if (userVerification !== 'not specified') publicKey.userVerification = userVerification;
publicKey.userVerification = userVerification;
navigator.credentials.get({publicKey})
.then((result) => {
window.result = result;
let clientDataJSON = result.response.clientDataJSON;
let authenticatorData = result.response.authenticatorData;
let signature = result.response.signature;
$("#clientDataJSON").val(base64url.encode(new Uint8Array(clientDataJSON), { pad: false }));
$("#authenticatorData").val(base64url.encode(new Uint8Array(authenticatorData), { pad: false }));
$("#signature").val(base64url.encode(new Uint8Array(signature), { pad: false }));
$("#credentialId").val(result.id);
if(result.response.userHandle) {
$("#userHandle").val(base64url.encode(new Uint8Array(result.response.userHandle), { pad: false }));
}
$("#webauth").submit();
})
.catch((err) => {
$("#error").val(err);
$("#webauth").submit();
})
;
} }
try { `
const result = await navigator.credentials.get({ publicKey });
if (!result || result.type != "public-key") {
return;
} }
assert(is<PublicKeyCredential>(result)); ]
if (!("authenticatorData" in result.response)) {
return;
}
const response = result.response;
const clientDataJSON = response.clientDataJSON;
assert(
typeGuard<AuthenticatorAssertionResponse>(response, "signature" in response && response.authenticatorData instanceof ArrayBuffer),
"response not an AuthenticatorAssertionResponse"
);
const authenticatorData = response.authenticatorData;
const signature = response.signature;
setClientDataJSON(base64url.stringify(new Uint8Array(clientDataJSON), { "pad": false }));
setAuthenticatorData(base64url.stringify(new Uint8Array(authenticatorData), { "pad": false }));
setSignature(base64url.stringify(new Uint8Array(signature), { "pad": false }));
setCredentialId(result.id);
setUserHandle(base64url.stringify(new Uint8Array(response.userHandle!), { "pad": false }));
} catch (err) {
setError(String(err));
}
submitForm();
}); });
const [clientDataJSON, setClientDataJSON] = useState(""); useEffect(() => {
const [authenticatorData, setAuthenticatorData] = useState(""); insertScriptTags();
const [signature, setSignature] = useState(""); }, []);
const [credentialId, setCredentialId] = useState("");
const [userHandle, setUserHandle] = useState("");
const [error, setError] = useState("");
return ( return (
<Template {...{ kcContext, i18n, doUseDefaultCss, classes }} headerNode={msg("webauthn-login-title")}> <Template
{...{ kcContext, i18n, doUseDefaultCss, classes }}
displayMessage={!messagesPerField.existsError("username")}
displayInfo={realm.password && realm.registrationAllowed && !registrationDisabled}
infoNode={
<div id="kc-registration">
<span>
{msg("noAccount")}{" "}
<a tabIndex={6} href={url.registrationUrl}>
{msg("doRegister")}
</a>
</span>
</div>
}
headerNode={msg("webauthn-login-title")}
>
<div id="kc-form-webauthn" className={getClassName("kcFormClass")}> <div id="kc-form-webauthn" className={getClassName("kcFormClass")}>
<form id="webauth" action={url.loginAction} ref={formElementRef} method="post"> <form id="webauth" action={url.loginAction} method="post">
<input type="hidden" id="clientDataJSON" name="clientDataJSON" value={clientDataJSON} /> <input type="hidden" id="clientDataJSON" name="clientDataJSON" />
<input type="hidden" id="authenticatorData" name="authenticatorData" value={authenticatorData} /> <input type="hidden" id="authenticatorData" name="authenticatorData" />
<input type="hidden" id="signature" name="signature" value={signature} /> <input type="hidden" id="signature" name="signature" />
<input type="hidden" id="credentialId" name="credentialId" value={credentialId} /> <input type="hidden" id="credentialId" name="credentialId" />
<input type="hidden" id="userHandle" name="userHandle" value={userHandle} /> <input type="hidden" id="userHandle" name="userHandle" />
<input type="hidden" id="error" name="error" value={error} /> <input type="hidden" id="error" name="error" />
</form> </form>
<div className={getClassName("kcFormGroupClass")}> <div className={clsx(getClassName("kcFormGroupClass"), "no-bottom-margin")}>
{authenticators && {authenticators && (
(() => ( <>
<form id="authn_select" className={getClassName("kcFormClass")}> <form id="authn_select" className={getClassName("kcFormClass")}>
{authenticators.authenticators.map(authenticator => ( {authenticators.authenticators.map(authenticator => (
<input type="hidden" name="authn_use_chk" value={authenticator.credentialId} key={authenticator.credentialId} /> <input type="hidden" name="authn_use_chk" value={authenticator.credentialId} />
))} ))}
</form> </form>
))()}
{authenticators && {shouldDisplayAuthenticators && (
shouldDisplayAuthenticators &&
(() => (
<> <>
{authenticators.authenticators.length > 1 && ( {authenticators.authenticators.length > 1 && (
<p className={getClassName("kcSelectAuthListItemTitle")}>{msg("webauthn-available-authenticators")}</p> <p className={getClassName("kcSelectAuthListItemTitle")}>{msg("webauthn-available-authenticators")}</p>
)} )}
<div className={getClassName("kcFormClass")}> <div className={getClassName("kcFormOptionsClass")}>
{authenticators.authenticators.map(authenticator => ( {authenticators.authenticators.map((authenticator, i) => (
<div id="kc-webauthn-authenticator" className={getClassName("kcSelectAuthListItemClass")}> <div key={i} id="kc-webauthn-authenticator" className={getClassName("kcSelectAuthListItemClass")}>
<div className={getClassName("kcSelectAuthListItemIconClass")}> <div className={getClassName("kcSelectAuthListItemIconClass")}>
<i <i
className={clsx( className={clsx(
(() => { (() => {
const className = getClassName(authenticator.transports.iconClass as any); const className = getClassName(authenticator.transports.iconClass as any);
return className.includes(" ") if (className === authenticator.transports.iconClass) {
? className return getClassName("kcWebAuthnDefaultIcon");
: [className, getClassName("kcWebAuthnDefaultIcon")]; }
return className;
})(), })(),
getClassName("kcSelectAuthListItemIconPropertyClass") getClassName("kcSelectAuthListItemIconPropertyClass")
)} )}
/> />
</div> </div>
<div className={getClassName("kcSelectAuthListItemBodyClass")}> <div className={getClassName("kcSelectAuthListItemArrowIconClass")}>
<div <div
id="kc-webauthn-authenticator-label" id="kc-webauthn-authenticator-label"
className={getClassName("kcSelectAuthListItemHeadingClass")} className={getClassName("kcSelectAuthListItemHeadingClass")}
> >
{authenticator.label} {msg(authenticator.label as MessageKey)}
</div> </div>
{authenticator.transports.displayNameProperties?.length && (
{authenticator.transports && authenticator.transports.displayNameProperties.length && (
<div <div
id="kc-webauthn-authenticator-transport" id="kc-webauthn-authenticator-transport"
className={getClassName("kcSelectAuthListItemDescriptionClass")} className={getClassName("kcSelectAuthListItemDescriptionClass")}
> >
{authenticator.transports.displayNameProperties.map( {authenticator.transports.displayNameProperties
(transport: MessageKey, index: number) => ( .map((nameProperty, i, arr) => ({ nameProperty, "hasNext": i !== arr.length - 1 }))
<> .map(({ nameProperty, hasNext }) => (
<span>{msg(transport)}</span> <Fragment key={nameProperty}>
{index < authenticator.transports.displayNameProperties.length - 1 && ( <span>{msg(nameProperty)}</span>
<span>{", "}</span> {hasNext && <span>, </span>}
)} </Fragment>
</> ))}
)
)}
</div> </div>
)} )}
<div className={getClassName("kcSelectAuthListItemDescriptionClass")}> <div className={getClassName("kcSelectAuthListItemDescriptionClass")}>
<span id="kc-webauthn-authenticator-created-label">{msg("webauthn-createdAt-label")}</span> <span id="kc-webauthn-authenticator-created-label">{msg("webauthn-createdAt-label")}</span>
<span id="kc-webauthn-authenticator-created">{authenticator.createdAt}</span> <span id="kc-webauthn-authenticator-created">{authenticator.createdAt}</span>
</div> </div>
</div>
<div className={getClassName("kcSelectAuthListItemFillClass")} /> <div className={getClassName("kcSelectAuthListItemFillClass")} />
</div> </div>
</div>
))} ))}
</div> </div>
</> </>
))()} )}
</>
)}
<div id="kc-form-buttons" className={getClassName("kcFormButtonsClass")}> <div id="kc-form-buttons" className={getClassName("kcFormButtonsClass")}>
<input <input
id="authenticateWebAuthnButton" id="authenticateWebAuthnButton"
type="button" type="button"
onClick={webAuthnAuthenticate} onClick={() => {
autoFocus={true} assert("webAuthnAuthenticate" in window);
assert(window.webAuthnAuthenticate instanceof Function);
window.webAuthnAuthenticate();
}}
autoFocus
value={msgStr("webauthn-doAuthenticate")} value={msgStr("webauthn-doAuthenticate")}
className={clsx( className={clsx(
getClassName("kcButtonClass"), getClassName("kcButtonClass"),