feat: add WebAuthN support for passwordless login and 2fa (#966)

* at least registration prompt works * in memory test for login * buttons to start webauthn process * begin eventstore impl * begin eventstore impl * serialize into bytes * fix: u2f, passwordless types * fix for localhost * fix script * fix: u2f, passwordless types * fix: add u2f * fix: verify u2f * fix: session data in event store * fix: u2f credentials in eventstore * fix: webauthn pkg handles business models * feat: tests * feat: append events * fix: test * fix: check only ready webauthn creds * fix: move u2f methods to authrepo * frontend improvements * fix return * feat: add passwordless * feat: add passwordless * improve ui / error handling * separate call for login * fix login * js * feat: u2f login methods * feat: remove unused session id * feat: error handling * feat: error handling * feat: refactor user eventstore * feat: finish webauthn * feat: u2f and passwordlss in auth.proto * u2f step * passwordless step * cleanup js * EndpointPasswordLessLogin * migration * update mfaChecked test * next step test * token name * cleanup * attribute * passwordless as tokens * remove sms as otp type * add "user" to amr for webauthn * error handling * fixes * fix tests * naming * naming * fixes * session handler * i18n * error handling in login * Update internal/ui/login/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * improvements * merge fixes * fixes * fixes Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 07:57:32 +00:00 · 2020-12-02 17:00:04 +01:00
parent 184e79be97
commit 300ade66a7
115 changed files with 3383 additions and 740 deletions
--- a/internal/user/repository/eventsourcing/model/user_human.go
+++ b/internal/user/repository/eventsourcing/model/user_human.go
@@ -19,12 +19,16 @@ type Human struct {
 	*Email
 	*Phone
 	*Address
-	ExternalIDPs []*ExternalIDP `json:"-"`
-	InitCode     *InitUserCode  `json:"-"`
-	EmailCode    *EmailCode     `json:"-"`
-	PhoneCode    *PhoneCode     `json:"-"`
-	PasswordCode *PasswordCode  `json:"-"`
-	OTP          *OTP           `json:"-"`
+	ExternalIDPs       []*ExternalIDP   `json:"-"`
+	InitCode           *InitUserCode    `json:"-"`
+	EmailCode          *EmailCode       `json:"-"`
+	PhoneCode          *PhoneCode       `json:"-"`
+	PasswordCode       *PasswordCode    `json:"-"`
+	OTP                *OTP             `json:"-"`
+	U2FTokens          []*WebAuthNToken `json:"-"`
+	PasswordlessTokens []*WebAuthNToken `json:"-"`
+	U2FLogins          []*WebAuthNLogin `json:"-"`
+	PasswordlessLogins []*WebAuthNLogin `json:"-"`
 }

 type InitUserCode struct {
@@ -56,6 +60,15 @@ func HumanFromModel(user *model.Human) *Human {
 	if user.ExternalIDPs != nil {
 		human.ExternalIDPs = ExternalIDPsFromModel(user.ExternalIDPs)
 	}
+	if user.U2FTokens != nil {
+		human.U2FTokens = WebAuthNsFromModel(user.U2FTokens)
+	}
+	if user.PasswordlessTokens != nil {
+		human.PasswordlessTokens = WebAuthNsFromModel(user.PasswordlessTokens)
+	}
+	if user.U2FLogins != nil {
+		human.U2FLogins = WebAuthNLoginsFromModel(user.U2FLogins)
+	}
 	return human
 }

@@ -94,6 +107,15 @@ func HumanToModel(user *Human) *model.Human {
 	if user.OTP != nil {
 		human.OTP = OTPToModel(user.OTP)
 	}
+	if user.U2FTokens != nil {
+		human.U2FTokens = WebAuthNsToModel(user.U2FTokens)
+	}
+	if user.PasswordlessTokens != nil {
+		human.PasswordlessTokens = WebAuthNsToModel(user.PasswordlessTokens)
+	}
+	if user.U2FLogins != nil {
+		human.U2FLogins = WebAuthNLoginsToModel(user.U2FLogins)
+	}
 	return human
 }

@@ -133,10 +155,10 @@ func (h *Human) AppendEvent(event *es_models.Event) (err error) {
 		HumanAdded,
 		HumanRegistered,
 		HumanProfileChanged:
-		h.setData(event)
+		err = h.setData(event)
 	case InitializedUserCodeAdded,
 		InitializedHumanCodeAdded:
-		h.appendInitUsercodeCreatedEvent(event)
+		err = h.appendInitUsercodeCreatedEvent(event)
 	case UserPasswordChanged,
 		HumanPasswordChanged:
 		err = h.appendUserPasswordChangedEvent(event)
@@ -180,6 +202,26 @@ func (h *Human) AppendEvent(event *es_models.Event) (err error) {
 		err = h.appendExternalIDPAddedEvent(event)
 	case HumanExternalIDPRemoved, HumanExternalIDPCascadeRemoved:
 		err = h.appendExternalIDPRemovedEvent(event)
+	case HumanMFAU2FTokenAdded:
+		err = h.appendU2FAddedEvent(event)
+	case HumanMFAU2FTokenVerified:
+		err = h.appendU2FVerifiedEvent(event)
+	case HumanMFAU2FTokenSignCountChanged:
+		err = h.appendU2FChangeSignCountEvent(event)
+	case HumanMFAU2FTokenRemoved:
+		err = h.appendU2FRemovedEvent(event)
+	case HumanPasswordlessTokenAdded:
+		err = h.appendPasswordlessAddedEvent(event)
+	case HumanPasswordlessTokenVerified:
+		err = h.appendPasswordlessVerifiedEvent(event)
+	case HumanPasswordlessTokenChangeSignCount:
+		err = h.appendPasswordlessChangeSignCountEvent(event)
+	case HumanPasswordlessTokenRemoved:
+		err = h.appendPasswordlessRemovedEvent(event)
+	case HumanMFAU2FTokenBeginLogin:
+		err = h.appendU2FLoginEvent(event)
+	case HumanPasswordlessTokenBeginLogin:
+		err = h.appendPasswordlessLoginEvent(event)
 	}
 	if err != nil {
 		return err