feat: add WebAuthN support for passwordless login and 2fa (#966)

* at least registration prompt works * in memory test for login * buttons to start webauthn process * begin eventstore impl * begin eventstore impl * serialize into bytes * fix: u2f, passwordless types * fix for localhost * fix script * fix: u2f, passwordless types * fix: add u2f * fix: verify u2f * fix: session data in event store * fix: u2f credentials in eventstore * fix: webauthn pkg handles business models * feat: tests * feat: append events * fix: test * fix: check only ready webauthn creds * fix: move u2f methods to authrepo * frontend improvements * fix return * feat: add passwordless * feat: add passwordless * improve ui / error handling * separate call for login * fix login * js * feat: u2f login methods * feat: remove unused session id * feat: error handling * feat: error handling * feat: refactor user eventstore * feat: finish webauthn * feat: u2f and passwordlss in auth.proto * u2f step * passwordless step * cleanup js * EndpointPasswordLessLogin * migration * update mfaChecked test * next step test * token name * cleanup * attribute * passwordless as tokens * remove sms as otp type * add "user" to amr for webauthn * error handling * fixes * fix tests * naming * naming * fixes * session handler * i18n * error handling in login * Update internal/ui/login/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * improvements * merge fixes * fixes * fixes Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 10:57:35 +00:00 · 2020-12-02 17:00:04 +01:00
parent 184e79be97
commit 300ade66a7
115 changed files with 3383 additions and 740 deletions
--- a/internal/user/repository/view/model/user_session.go
+++ b/internal/user/repository/view/model/user_session.go
@@ -32,6 +32,7 @@ type UserSessionView struct {
 	DisplayName                  string    `json:"-" gorm:"column:user_display_name"`
 	SelectedIDPConfigID          string    `json:"selectedIDPConfigID" gorm:"column:selected_idp_config_id"`
 	PasswordVerification         time.Time `json:"-" gorm:"column:password_verification"`
+	PasswordlessVerification     time.Time `json:"-" gorm:"column:passwordless_verification"`
 	ExternalLoginVerification    time.Time `json:"-" gorm:"column:external_login_verification"`
 	SecondFactorVerification     time.Time `json:"-" gorm:"column:second_factor_verification"`
 	SecondFactorVerificationType int32     `json:"-" gorm:"column:second_factor_verification_type"`
@@ -62,6 +63,7 @@ func UserSessionToModel(userSession *UserSessionView) *model.UserSessionView {
 		DisplayName:                  userSession.DisplayName,
 		SelectedIDPConfigID:          userSession.SelectedIDPConfigID,
 		PasswordVerification:         userSession.PasswordVerification,
+		PasswordlessVerification:     userSession.PasswordlessVerification,
 		ExternalLoginVerification:    userSession.ExternalLoginVerification,
 		SecondFactorVerification:     userSession.SecondFactorVerification,
 		SecondFactorVerificationType: req_model.MFAType(userSession.SecondFactorVerificationType),
@@ -93,6 +95,15 @@ func (v *UserSessionView) AppendEvent(event *models.Event) {
 		v.ExternalLoginVerification = event.CreationDate
 		v.SelectedIDPConfigID = data.SelectedIDPConfigID
 		v.State = int32(req_model.UserSessionStateActive)
+	case es_model.HumanPasswordlessTokenCheckSucceeded:
+		v.PasswordlessVerification = event.CreationDate
+		v.MultiFactorVerification = event.CreationDate
+		v.MultiFactorVerificationType = int32(req_model.MFATypeU2FUserVerification)
+		v.State = int32(req_model.UserSessionStateActive)
+	case es_model.HumanPasswordlessTokenCheckFailed,
+		es_model.HumanPasswordlessTokenRemoved:
+		v.PasswordlessVerification = time.Time{}
+		v.MultiFactorVerification = time.Time{}
 	case es_model.UserPasswordCheckFailed,
 		es_model.UserPasswordChanged,
 		es_model.HumanPasswordCheckFailed,
@@ -106,8 +117,14 @@ func (v *UserSessionView) AppendEvent(event *models.Event) {
 	case es_model.MFAOTPCheckFailed,
 		es_model.MFAOTPRemoved,
 		es_model.HumanMFAOTPCheckFailed,
-		es_model.HumanMFAOTPRemoved:
+		es_model.HumanMFAOTPRemoved,
+		es_model.HumanMFAU2FTokenCheckFailed,
+		es_model.HumanMFAU2FTokenRemoved:
 		v.SecondFactorVerification = time.Time{}
+	case es_model.HumanMFAU2FTokenCheckSucceeded:
+		v.SecondFactorVerification = event.CreationDate
+		v.SecondFactorVerificationType = int32(req_model.MFATypeU2F)
+		v.State = int32(req_model.UserSessionStateActive)
 	case es_model.SignedOut,
 		es_model.HumanSignedOut,
 		es_model.UserLocked,