fix: enable login with password when passwordless set up (#1120)

* fix: enable login with password when passwordless set up * enable only it allowed
2025-08-15 01:57:41 +00:00 · 2020-12-18 13:42:21 +01:00
parent 40ced9154e
commit 410a53f15b
6 changed files with 72 additions and 13 deletions
--- a/internal/ui/login/handler/passwordless_login_handler.go
+++ b/internal/ui/login/handler/passwordless_login_handler.go
@@ -13,6 +13,16 @@ const (
 	tmplPasswordlessVerification = "passwordlessverification"
 )

+type passwordlessData struct {
+	webAuthNData
+	PasswordLogin bool
+}
+
+type passwordlessFormData struct {
+	webAuthNFormData
+	PasswordLogin bool `schema:"passwordlogin"`
+}
+
 func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Request, authReq *model.AuthRequest, err error) {
 	var errType, errMessage, credentialData string
 	var webAuthNLogin *user_model.WebAuthNLogin
@@ -26,20 +36,31 @@ func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Re
 	if webAuthNLogin != nil {
 		credentialData = base64.RawURLEncoding.EncodeToString(webAuthNLogin.CredentialAssertionData)
 	}
-	data := &webAuthNData{
-		userData:               l.getUserData(r, authReq, "Login Passwordless", errType, errMessage),
-		CredentialCreationData: credentialData,
+	var passwordLogin bool
+	if authReq.LoginPolicy != nil {
+		passwordLogin = authReq.LoginPolicy.AllowUsernamePassword
+	}
+	data := &passwordlessData{
+		webAuthNData{
+			userData:               l.getUserData(r, authReq, "Login Passwordless", errType, errMessage),
+			CredentialCreationData: credentialData,
+		},
+		passwordLogin,
 	}
 	l.renderer.RenderTemplate(w, r, l.renderer.Templates[tmplPasswordlessVerification], data, nil)
 }

 func (l *Login) handlePasswordlessVerification(w http.ResponseWriter, r *http.Request) {
-	formData := new(webAuthNFormData)
+	formData := new(passwordlessFormData)
 	authReq, err := l.getAuthRequestAndParseData(r, formData)
 	if err != nil {
 		l.renderError(w, r, authReq, err)
 		return
 	}
+	if formData.PasswordLogin {
+		l.renderPassword(w, r, authReq, nil)
+		return
+	}
 	credData, err := base64.URLEncoding.DecodeString(formData.CredentialData)
 	if err != nil {
 		l.renderPasswordlessVerification(w, r, authReq, err)
--- a/internal/ui/login/static/i18n/de.yaml
+++ b/internal/ui/login/static/i18n/de.yaml
@@ -209,6 +209,7 @@ Actions:
  RegisterToken: Token registrieren
  ValidateToken: Token validieren
  Recreate: erneut erstellen
+  PasswordLogin: Mit Passwort anmelden

 Errors:
  Internal: Es ist ein interner Fehler aufgetreten
--- a/internal/ui/login/static/i18n/en.yaml
+++ b/internal/ui/login/static/i18n/en.yaml
@@ -209,6 +209,7 @@ Actions:
  RegisterToken: Register Token
  ValidateToken: Validate Token
  Recreate: recreate
+  PasswordLogin: Login with password

 Errors:
  Internal: An internal error occured
--- a/internal/ui/login/static/templates/passwordless.html
+++ b/internal/ui/login/static/templates/passwordless.html
@@ -26,6 +26,9 @@
    {{ template "error-message" .}}

    <div class="actions">
+        {{if .PasswordLogin}}
+            <button class="secondary" name="passwordlogin" value="true" type="submit">{{t "Actions.PasswordLogin"}}</button>
+        {{end}}
        <a href="{{ loginNameChangeUrl .AuthReqID }}">
            <button class="secondary" type="button">{{t "Actions.Back"}}</button>
        </a>