2024-05-10 18:30:48 +02:00
|
|
|
import { useEffect, Fragment } from "react";
|
2024-06-22 14:10:08 +02:00
|
|
|
import { assert } from "keycloakify/tools/assert";
|
2024-06-05 21:13:58 +02:00
|
|
|
import { clsx } from "keycloakify/tools/clsx";
|
2024-06-05 06:10:11 +02:00
|
|
|
import { useInsertScriptTags } from "keycloakify/tools/useInsertScriptTags";
|
2024-06-09 08:27:07 +02:00
|
|
|
import { getKcClsx } from "keycloakify/login/lib/kcClsx";
|
2024-06-05 21:13:58 +02:00
|
|
|
import type { PageProps } from "keycloakify/login/pages/PageProps";
|
|
|
|
|
import type { KcContext } from "../KcContext";
|
2024-06-09 11:20:45 +02:00
|
|
|
import type { I18n } from "../i18n";
|
2024-05-10 18:30:48 +02:00
|
|
|
|
2024-06-09 11:20:45 +02:00
|
|
|
export default function WebauthnAuthenticate(props: PageProps<Extract<KcContext, { pageId: "webauthn-authenticate.ftl" }>, I18n>) {
|
|
|
|
|
const { kcContext, i18n, doUseDefaultCss, Template, classes } = props;
|
2023-03-18 06:14:05 +01:00
|
|
|
|
2024-06-09 08:27:07 +02:00
|
|
|
const { kcClsx } = getKcClsx({ doUseDefaultCss, classes });
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2024-05-10 18:30:48 +02:00
|
|
|
const {
|
|
|
|
|
url,
|
|
|
|
|
isUserIdentified,
|
|
|
|
|
challenge,
|
|
|
|
|
userVerification,
|
|
|
|
|
rpId,
|
|
|
|
|
createTimeout,
|
|
|
|
|
messagesPerField,
|
|
|
|
|
realm,
|
|
|
|
|
registrationDisabled,
|
|
|
|
|
authenticators,
|
|
|
|
|
shouldDisplayAuthenticators
|
|
|
|
|
} = kcContext;
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2024-06-09 11:20:45 +02:00
|
|
|
const { msg, msgStr, advancedMsg } = i18n;
|
2022-10-05 02:40:00 -04:00
|
|
|
|
2024-05-10 18:30:48 +02:00
|
|
|
const { insertScriptTags } = useInsertScriptTags({
|
2024-06-05 06:10:11 +02:00
|
|
|
componentOrHookName: "WebauthnAuthenticate",
|
2024-05-20 15:48:51 +02:00
|
|
|
scriptTags: [
|
2024-05-10 18:30:48 +02:00
|
|
|
{
|
2024-05-20 15:48:51 +02:00
|
|
|
type: "text/javascript",
|
|
|
|
|
src: `${url.resourcesCommonPath}/node_modules/jquery/dist/jquery.min.js`
|
2024-05-10 18:30:48 +02:00
|
|
|
},
|
|
|
|
|
{
|
2024-05-20 15:48:51 +02:00
|
|
|
type: "text/javascript",
|
|
|
|
|
src: `${url.resourcesPath}/js/base64url.js`
|
2024-05-10 18:30:48 +02:00
|
|
|
},
|
|
|
|
|
{
|
2024-05-20 15:48:51 +02:00
|
|
|
type: "text/javascript",
|
|
|
|
|
textContent: `
|
2024-05-10 18:30:48 +02:00
|
|
|
|
|
|
|
|
function webAuthnAuthenticate() {
|
|
|
|
|
let isUserIdentified = ${isUserIdentified};
|
|
|
|
|
if (!isUserIdentified) {
|
|
|
|
|
doAuthenticate([]);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
checkAllowCredentials();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function checkAllowCredentials() {
|
|
|
|
|
let allowCredentials = [];
|
|
|
|
|
let authn_use = document.forms['authn_select'].authn_use_chk;
|
|
|
|
|
|
|
|
|
|
if (authn_use !== undefined) {
|
|
|
|
|
if (authn_use.length === undefined) {
|
|
|
|
|
allowCredentials.push({
|
|
|
|
|
id: base64url.decode(authn_use.value, {loose: true}),
|
|
|
|
|
type: 'public-key',
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
for (let i = 0; i < authn_use.length; i++) {
|
|
|
|
|
allowCredentials.push({
|
|
|
|
|
id: base64url.decode(authn_use[i].value, {loose: true}),
|
|
|
|
|
type: 'public-key',
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
doAuthenticate(allowCredentials);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function doAuthenticate(allowCredentials) {
|
|
|
|
|
|
|
|
|
|
// Check if WebAuthn is supported by this browser
|
|
|
|
|
if (!window.PublicKeyCredential) {
|
|
|
|
|
$("#error").val("${msgStr("webauthn-unsupported-browser-text")}");
|
|
|
|
|
$("#webauth").submit();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let challenge = "${challenge}";
|
|
|
|
|
let userVerification = "${userVerification}";
|
|
|
|
|
let rpId = "${rpId}";
|
|
|
|
|
let publicKey = {
|
|
|
|
|
rpId : rpId,
|
|
|
|
|
challenge: base64url.decode(challenge, { loose: true })
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let createTimeout = ${createTimeout};
|
|
|
|
|
if (createTimeout !== 0) publicKey.timeout = createTimeout * 1000;
|
|
|
|
|
|
|
|
|
|
if (allowCredentials.length) {
|
|
|
|
|
publicKey.allowCredentials = allowCredentials;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (userVerification !== 'not specified') publicKey.userVerification = userVerification;
|
|
|
|
|
|
|
|
|
|
navigator.credentials.get({publicKey})
|
|
|
|
|
.then((result) => {
|
|
|
|
|
window.result = result;
|
|
|
|
|
|
|
|
|
|
let clientDataJSON = result.response.clientDataJSON;
|
|
|
|
|
let authenticatorData = result.response.authenticatorData;
|
|
|
|
|
let signature = result.response.signature;
|
|
|
|
|
|
|
|
|
|
$("#clientDataJSON").val(base64url.encode(new Uint8Array(clientDataJSON), { pad: false }));
|
|
|
|
|
$("#authenticatorData").val(base64url.encode(new Uint8Array(authenticatorData), { pad: false }));
|
|
|
|
|
$("#signature").val(base64url.encode(new Uint8Array(signature), { pad: false }));
|
|
|
|
|
$("#credentialId").val(result.id);
|
|
|
|
|
if(result.response.userHandle) {
|
|
|
|
|
$("#userHandle").val(base64url.encode(new Uint8Array(result.response.userHandle), { pad: false }));
|
|
|
|
|
}
|
|
|
|
|
$("#webauth").submit();
|
|
|
|
|
})
|
|
|
|
|
.catch((err) => {
|
|
|
|
|
$("#error").val(err);
|
|
|
|
|
$("#webauth").submit();
|
|
|
|
|
})
|
|
|
|
|
;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
`
|
2023-04-20 20:08:47 +02:00
|
|
|
}
|
2024-05-10 18:30:48 +02:00
|
|
|
]
|
2022-10-13 11:58:31 +02:00
|
|
|
});
|
|
|
|
|
|
2024-05-10 18:30:48 +02:00
|
|
|
useEffect(() => {
|
|
|
|
|
insertScriptTags();
|
|
|
|
|
}, []);
|
2022-10-13 11:58:31 +02:00
|
|
|
|
|
|
|
|
return (
|
2024-05-10 18:30:48 +02:00
|
|
|
<Template
|
2024-06-09 08:27:07 +02:00
|
|
|
kcContext={kcContext}
|
2024-06-09 11:20:45 +02:00
|
|
|
i18n={i18n}
|
2024-06-09 08:27:07 +02:00
|
|
|
doUseDefaultCss={doUseDefaultCss}
|
|
|
|
|
classes={classes}
|
2024-05-10 18:30:48 +02:00
|
|
|
displayMessage={!messagesPerField.existsError("username")}
|
|
|
|
|
displayInfo={realm.password && realm.registrationAllowed && !registrationDisabled}
|
|
|
|
|
infoNode={
|
|
|
|
|
<div id="kc-registration">
|
|
|
|
|
<span>
|
|
|
|
|
{msg("noAccount")}{" "}
|
|
|
|
|
<a tabIndex={6} href={url.registrationUrl}>
|
|
|
|
|
{msg("doRegister")}
|
|
|
|
|
</a>
|
|
|
|
|
</span>
|
|
|
|
|
</div>
|
|
|
|
|
}
|
|
|
|
|
headerNode={msg("webauthn-login-title")}
|
|
|
|
|
>
|
2024-06-09 08:27:07 +02:00
|
|
|
<div id="kc-form-webauthn" className={kcClsx("kcFormClass")}>
|
2024-05-10 18:30:48 +02:00
|
|
|
<form id="webauth" action={url.loginAction} method="post">
|
|
|
|
|
<input type="hidden" id="clientDataJSON" name="clientDataJSON" />
|
|
|
|
|
<input type="hidden" id="authenticatorData" name="authenticatorData" />
|
|
|
|
|
<input type="hidden" id="signature" name="signature" />
|
|
|
|
|
<input type="hidden" id="credentialId" name="credentialId" />
|
|
|
|
|
<input type="hidden" id="userHandle" name="userHandle" />
|
|
|
|
|
<input type="hidden" id="error" name="error" />
|
2023-03-21 02:36:13 +01:00
|
|
|
</form>
|
2024-06-09 08:27:07 +02:00
|
|
|
<div className={clsx(kcClsx("kcFormGroupClass"), "no-bottom-margin")}>
|
2024-05-10 18:30:48 +02:00
|
|
|
{authenticators && (
|
|
|
|
|
<>
|
2024-06-09 08:27:07 +02:00
|
|
|
<form id="authn_select" className={kcClsx("kcFormClass")}>
|
2023-03-21 02:36:13 +01:00
|
|
|
{authenticators.authenticators.map(authenticator => (
|
2024-05-10 18:30:48 +02:00
|
|
|
<input type="hidden" name="authn_use_chk" value={authenticator.credentialId} />
|
2023-03-21 02:36:13 +01:00
|
|
|
))}
|
|
|
|
|
</form>
|
|
|
|
|
|
2024-05-10 18:30:48 +02:00
|
|
|
{shouldDisplayAuthenticators && (
|
|
|
|
|
<>
|
|
|
|
|
{authenticators.authenticators.length > 1 && (
|
2024-06-09 08:27:07 +02:00
|
|
|
<p className={kcClsx("kcSelectAuthListItemTitle")}>{msg("webauthn-available-authenticators")}</p>
|
2024-05-10 18:30:48 +02:00
|
|
|
)}
|
2024-06-09 08:27:07 +02:00
|
|
|
<div className={kcClsx("kcFormOptionsClass")}>
|
2024-05-10 18:30:48 +02:00
|
|
|
{authenticators.authenticators.map((authenticator, i) => (
|
2024-06-09 08:27:07 +02:00
|
|
|
<div key={i} id="kc-webauthn-authenticator" className={kcClsx("kcSelectAuthListItemClass")}>
|
|
|
|
|
<div className={kcClsx("kcSelectAuthListItemIconClass")}>
|
2024-05-10 18:30:48 +02:00
|
|
|
<i
|
|
|
|
|
className={clsx(
|
|
|
|
|
(() => {
|
2024-06-09 08:27:07 +02:00
|
|
|
const className = kcClsx(authenticator.transports.iconClass as any);
|
2024-05-10 18:30:48 +02:00
|
|
|
if (className === authenticator.transports.iconClass) {
|
2024-06-09 08:27:07 +02:00
|
|
|
return kcClsx("kcWebAuthnDefaultIcon");
|
2024-05-10 18:30:48 +02:00
|
|
|
}
|
|
|
|
|
return className;
|
|
|
|
|
})(),
|
2024-06-09 08:27:07 +02:00
|
|
|
kcClsx("kcSelectAuthListItemIconPropertyClass")
|
2024-05-10 18:30:48 +02:00
|
|
|
)}
|
|
|
|
|
/>
|
|
|
|
|
</div>
|
2024-06-09 08:27:07 +02:00
|
|
|
<div className={kcClsx("kcSelectAuthListItemArrowIconClass")}>
|
|
|
|
|
<div id="kc-webauthn-authenticator-label" className={kcClsx("kcSelectAuthListItemHeadingClass")}>
|
2024-05-27 23:44:41 +02:00
|
|
|
{advancedMsg(authenticator.label)}
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
2024-05-10 18:30:48 +02:00
|
|
|
{authenticator.transports.displayNameProperties?.length && (
|
|
|
|
|
<div
|
|
|
|
|
id="kc-webauthn-authenticator-transport"
|
2024-06-09 08:27:07 +02:00
|
|
|
className={kcClsx("kcSelectAuthListItemDescriptionClass")}
|
2024-05-10 18:30:48 +02:00
|
|
|
>
|
|
|
|
|
{authenticator.transports.displayNameProperties
|
2024-05-20 15:48:51 +02:00
|
|
|
.map((nameProperty, i, arr) => ({
|
|
|
|
|
nameProperty,
|
|
|
|
|
hasNext: i !== arr.length - 1
|
|
|
|
|
}))
|
2024-05-10 18:30:48 +02:00
|
|
|
.map(({ nameProperty, hasNext }) => (
|
|
|
|
|
<Fragment key={nameProperty}>
|
|
|
|
|
<span>{msg(nameProperty)}</span>
|
|
|
|
|
{hasNext && <span>, </span>}
|
|
|
|
|
</Fragment>
|
|
|
|
|
))}
|
|
|
|
|
</div>
|
|
|
|
|
)}
|
2024-06-09 08:27:07 +02:00
|
|
|
<div className={kcClsx("kcSelectAuthListItemDescriptionClass")}>
|
2024-05-10 18:30:48 +02:00
|
|
|
<span id="kc-webauthn-authenticator-created-label">{msg("webauthn-createdAt-label")}</span>
|
|
|
|
|
<span id="kc-webauthn-authenticator-created">{authenticator.createdAt}</span>
|
|
|
|
|
</div>
|
2024-06-09 08:27:07 +02:00
|
|
|
<div className={kcClsx("kcSelectAuthListItemFillClass")} />
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
2022-10-13 11:58:31 +02:00
|
|
|
</div>
|
2024-05-10 18:30:48 +02:00
|
|
|
))}
|
|
|
|
|
</div>
|
|
|
|
|
</>
|
|
|
|
|
)}
|
|
|
|
|
</>
|
|
|
|
|
)}
|
|
|
|
|
|
2024-06-09 08:27:07 +02:00
|
|
|
<div id="kc-form-buttons" className={kcClsx("kcFormButtonsClass")}>
|
2023-03-21 02:36:13 +01:00
|
|
|
<input
|
|
|
|
|
id="authenticateWebAuthnButton"
|
|
|
|
|
type="button"
|
2024-05-10 18:30:48 +02:00
|
|
|
onClick={() => {
|
|
|
|
|
assert("webAuthnAuthenticate" in window);
|
2024-05-10 21:12:35 +02:00
|
|
|
assert(typeof window.webAuthnAuthenticate === "function");
|
2024-05-10 18:30:48 +02:00
|
|
|
window.webAuthnAuthenticate();
|
|
|
|
|
}}
|
|
|
|
|
autoFocus
|
2023-03-21 02:36:13 +01:00
|
|
|
value={msgStr("webauthn-doAuthenticate")}
|
2024-06-09 08:27:07 +02:00
|
|
|
className={kcClsx("kcButtonClass", "kcButtonPrimaryClass", "kcButtonBlockClass", "kcButtonLargeClass")}
|
2023-03-21 02:36:13 +01:00
|
|
|
/>
|
2022-10-05 02:40:00 -04:00
|
|
|
</div>
|
2022-10-13 11:58:31 +02:00
|
|
|
</div>
|
2023-03-21 02:36:13 +01:00
|
|
|
</div>
|
|
|
|
|
</Template>
|
2022-10-13 11:58:31 +02:00
|
|
|
);
|
2023-02-25 18:11:23 +01:00
|
|
|
}
|
