zitadel/internal/ui/login/handler/passwordless_registration_handler.go

package handler

import (
	"encoding/base64"
	"net/http"

	http_mw "github.com/caos/zitadel/internal/api/http/middleware"
	"github.com/caos/zitadel/internal/domain"
)

const (
	tmplPasswordlessRegistration        = "passwordlessregistration"
	tmplPasswordlessRegistrationDone    = "passwordlessregistrationdone"
	queryPasswordlessRegistrationCode   = "code"
	queryPasswordlessRegistrationCodeID = "codeID"
	queryPasswordlessRegistrationUserID = "userID"
	queryPasswordlessRegistrationOrgID  = "orgID"
)

type passwordlessRegistrationData struct {
	webAuthNData
	Code     string
	CodeID   string
	UserID   string
	OrgID    string
	Disabled bool
}

type passwordlessRegistrationFormData struct {
	webAuthNFormData
	Code      string `schema:"code"`
	CodeID    string `schema:"codeID"`
	UserID    string `schema:"userID"`
	OrgID     string `schema:"orgID"`
	TokenName string `schema:"name"`
}

func (l *Login) handlePasswordlessRegistration(w http.ResponseWriter, r *http.Request) {
	userID := r.FormValue(queryPasswordlessRegistrationUserID)
	orgID := r.FormValue(queryPasswordlessRegistrationOrgID)
	codeID := r.FormValue(queryPasswordlessRegistrationCodeID)
	code := r.FormValue(queryPasswordlessRegistrationCode)
	l.renderPasswordlessRegistration(w, r, nil, userID, orgID, codeID, code, nil)
}

func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, userID, orgID, codeID, code string, err error) {
	var errID, errMessage, credentialData string
	var disabled bool
	if authReq != nil {
		userID = authReq.UserID
		orgID = authReq.UserOrgID
	}
	var webAuthNToken *domain.WebAuthNToken
	if err == nil {
		if authReq != nil {
			webAuthNToken, err = l.authRepo.BeginPasswordlessSetup(setContext(r.Context(), authReq.UserOrgID), userID, authReq.UserOrgID)
		} else {
			webAuthNToken, err = l.authRepo.BeginPasswordlessInitCodeSetup(setContext(r.Context(), orgID), userID, orgID, codeID, code)
		}
	}
	if err != nil {
		errID, errMessage = l.getErrorMessage(r, err)
		disabled = true
	}
	if webAuthNToken != nil {
		credentialData = base64.RawURLEncoding.EncodeToString(webAuthNToken.CredentialCreationData)
	}
	data := &passwordlessRegistrationData{
		webAuthNData{
			userData:               l.getUserData(r, authReq, "Login Passwordless", errID, errMessage),
			CredentialCreationData: credentialData,
		},
		code,
		codeID,
		userID,
		orgID,
		disabled,
	}
	translator := l.getTranslator(authReq)
	if authReq == nil {
		policy, err := l.authRepo.GetLabelPolicy(r.Context(), orgID)
		if err != nil {

		}
		data.LabelPolicy = policy
		texts, err := l.authRepo.GetLoginText(r.Context(), orgID)
		if err != nil {

		}
		translator, _ = l.renderer.NewTranslator()
		l.addLoginTranslations(translator, texts)
	}
	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPasswordlessRegistration], data, nil)
}

func (l *Login) handlePasswordlessRegistrationCheck(w http.ResponseWriter, r *http.Request) {
	formData := new(passwordlessRegistrationFormData)
	authReq, err := l.getAuthRequestAndParseData(r, formData)
	if err != nil {
		l.renderError(w, r, authReq, err)
		return
	}
	l.checkPasswordlessRegistration(w, r, authReq, formData, nil)
}

func (l *Login) checkPasswordlessRegistration(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, formData *passwordlessRegistrationFormData, err error) {
	credData, err := base64.URLEncoding.DecodeString(formData.CredentialData)
	if err != nil {
		l.renderPasswordlessRegistration(w, r, authReq, formData.UserID, formData.OrgID, formData.CodeID, formData.Code, err)
		return
	}
	userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
	if authReq != nil {
		err = l.authRepo.VerifyPasswordlessSetup(setContext(r.Context(), authReq.UserOrgID), formData.UserID, authReq.UserOrgID, userAgentID, formData.TokenName, credData)
	} else {
		err = l.authRepo.VerifyPasswordlessInitCodeSetup(setContext(r.Context(), formData.OrgID), formData.UserID, formData.OrgID, userAgentID, formData.TokenName, formData.CodeID, formData.Code, credData)
	}
	if err != nil {
		l.renderPasswordlessRegistration(w, r, authReq, formData.UserID, formData.OrgID, formData.CodeID, formData.Code, err)
		return
	}
	l.renderPasswordlessRegistrationDone(w, r, authReq, nil)
}

func (l *Login) renderPasswordlessRegistrationDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) {
	var errID, errMessage string
	if err != nil {
		errID, errMessage = l.getErrorMessage(r, err)
	}
	data := l.getUserData(r, authReq, "Passwordless Registration Done", errID, errMessage)
	l.renderer.RenderTemplate(w, r, l.getTranslator(authReq), l.renderer.Templates[tmplPasswordlessRegistrationDone], data, nil)
}
feat: passwordless registration (#2103) * begin pw less registration * create pwless one time codes * send pwless link * separate send and add passwordless link * separate send and add passwordless link events * custom message text for passwordless registration * begin custom login texts for passwordless * i18n * i18n message * i18n message * custom message text * custom login text * org design and texts * create link in human import process * fix import human tests * begin passwordless init required step * passwordless init * passwordless init * do not return link in mgmt api * prompt * passwordless init only (no additional prompt) * cleanup * cleanup * add passwordless prompt to custom login text * increase init code complexity * fix grpc * cleanup * fix and add some cases for nextStep tests * fix tests * Update internal/notification/static/i18n/en.yaml * Update internal/notification/static/i18n/de.yaml * Update proto/zitadel/management.proto * Update internal/ui/login/static/i18n/de.yaml * Update internal/ui/login/static/i18n/de.yaml * Update internal/ui/login/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-08-02 15:24:58 +02:00			`package handler`

			`import (`
			`"encoding/base64"`
			`"net/http"`

			`http_mw "github.com/caos/zitadel/internal/api/http/middleware"`
			`"github.com/caos/zitadel/internal/domain"`
			`)`

			`const (`
			`tmplPasswordlessRegistration = "passwordlessregistration"`
			`tmplPasswordlessRegistrationDone = "passwordlessregistrationdone"`
			`queryPasswordlessRegistrationCode = "code"`
			`queryPasswordlessRegistrationCodeID = "codeID"`
			`queryPasswordlessRegistrationUserID = "userID"`
			`queryPasswordlessRegistrationOrgID = "orgID"`
			`)`

			`type passwordlessRegistrationData struct {`
			`webAuthNData`
			`Code string`
			`CodeID string`
			`UserID string`
			`OrgID string`
			`Disabled bool`
			`}`

			`type passwordlessRegistrationFormData struct {`
			`webAuthNFormData`
			Code string `schema:"code"`
			CodeID string `schema:"codeID"`
			UserID string `schema:"userID"`
			OrgID string `schema:"orgID"`
			TokenName string `schema:"name"`
			`}`

			`func (l Login) handlePasswordlessRegistration(w http.ResponseWriter, r http.Request) {`
			`userID := r.FormValue(queryPasswordlessRegistrationUserID)`
			`orgID := r.FormValue(queryPasswordlessRegistrationOrgID)`
			`codeID := r.FormValue(queryPasswordlessRegistrationCodeID)`
			`code := r.FormValue(queryPasswordlessRegistrationCode)`
			`l.renderPasswordlessRegistration(w, r, nil, userID, orgID, codeID, code, nil)`
			`}`

			`func (l Login) renderPasswordlessRegistration(w http.ResponseWriter, r http.Request, authReq *domain.AuthRequest, userID, orgID, codeID, code string, err error) {`
			`var errID, errMessage, credentialData string`
			`var disabled bool`
			`if authReq != nil {`
			`userID = authReq.UserID`
			`orgID = authReq.UserOrgID`
			`}`
			`var webAuthNToken *domain.WebAuthNToken`
			`if err == nil {`
			`if authReq != nil {`
			`webAuthNToken, err = l.authRepo.BeginPasswordlessSetup(setContext(r.Context(), authReq.UserOrgID), userID, authReq.UserOrgID)`
			`} else {`
			`webAuthNToken, err = l.authRepo.BeginPasswordlessInitCodeSetup(setContext(r.Context(), orgID), userID, orgID, codeID, code)`
			`}`
			`}`
			`if err != nil {`
			`errID, errMessage = l.getErrorMessage(r, err)`
			`disabled = true`
			`}`
			`if webAuthNToken != nil {`
			`credentialData = base64.RawURLEncoding.EncodeToString(webAuthNToken.CredentialCreationData)`
			`}`
			`data := &passwordlessRegistrationData{`
			`webAuthNData{`
			`userData: l.getUserData(r, authReq, "Login Passwordless", errID, errMessage),`
			`CredentialCreationData: credentialData,`
			`},`
			`code,`
			`codeID,`
			`userID,`
			`orgID,`
			`disabled,`
			`}`
			`translator := l.getTranslator(authReq)`
			`if authReq == nil {`
			`policy, err := l.authRepo.GetLabelPolicy(r.Context(), orgID)`
			`if err != nil {`

			`}`
			`data.LabelPolicy = policy`
			`texts, err := l.authRepo.GetLoginText(r.Context(), orgID)`
			`if err != nil {`

			`}`
			`translator, _ = l.renderer.NewTranslator()`
			`l.addLoginTranslations(translator, texts)`
			`}`
			`l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplPasswordlessRegistration], data, nil)`
			`}`

			`func (l Login) handlePasswordlessRegistrationCheck(w http.ResponseWriter, r http.Request) {`
			`formData := new(passwordlessRegistrationFormData)`
			`authReq, err := l.getAuthRequestAndParseData(r, formData)`
			`if err != nil {`
			`l.renderError(w, r, authReq, err)`
			`return`
			`}`
			`l.checkPasswordlessRegistration(w, r, authReq, formData, nil)`
			`}`

			`func (l Login) checkPasswordlessRegistration(w http.ResponseWriter, r http.Request, authReq domain.AuthRequest, formData passwordlessRegistrationFormData, err error) {`
			`credData, err := base64.URLEncoding.DecodeString(formData.CredentialData)`
			`if err != nil {`
			`l.renderPasswordlessRegistration(w, r, authReq, formData.UserID, formData.OrgID, formData.CodeID, formData.Code, err)`
			`return`
			`}`
			`userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())`
			`if authReq != nil {`
			`err = l.authRepo.VerifyPasswordlessSetup(setContext(r.Context(), authReq.UserOrgID), formData.UserID, authReq.UserOrgID, userAgentID, formData.TokenName, credData)`
			`} else {`
			`err = l.authRepo.VerifyPasswordlessInitCodeSetup(setContext(r.Context(), formData.OrgID), formData.UserID, formData.OrgID, userAgentID, formData.TokenName, formData.CodeID, formData.Code, credData)`
			`}`
			`if err != nil {`
			`l.renderPasswordlessRegistration(w, r, authReq, formData.UserID, formData.OrgID, formData.CodeID, formData.Code, err)`
			`return`
			`}`
			`l.renderPasswordlessRegistrationDone(w, r, authReq, nil)`
			`}`

			`func (l Login) renderPasswordlessRegistrationDone(w http.ResponseWriter, r http.Request, authReq *domain.AuthRequest, err error) {`
			`var errID, errMessage string`
			`if err != nil {`
			`errID, errMessage = l.getErrorMessage(r, err)`
			`}`
			`data := l.getUserData(r, authReq, "Passwordless Registration Done", errID, errMessage)`
			`l.renderer.RenderTemplate(w, r, l.getTranslator(authReq), l.renderer.Templates[tmplPasswordlessRegistrationDone], data, nil)`
			`}`