TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-12 15:03:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

provide domain for u2f

Browse Source
This commit is contained in:
peintnermax
2024-04-17 15:58:32 +02:00
parent c4a6af4061
commit 8e23e2d583
3 changed files with 259 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/login/app/(login)/otp/[method]/page.tsx
View File

@@ -48,7 +48,6 @@ export default async function Page({
sessionId={sessionId} sessionId={sessionId}
authRequestId={authRequestId} authRequestId={authRequestId}
organization={organization} organization={organization}
submit={submit === "true"}
></VerifyU2F> ></VerifyU2F>
)} )}
</div> </div>

14
apps/login/app/api/session/route.ts
View File

@@ -92,6 +92,10 @@ export async function PUT(request: NextRequest) {
const domain: string = request.nextUrl.hostname; const domain: string = request.nextUrl.hostname;
if (challenges && challenges.webAuthN && !challenges.webAuthN.domain) {
challenges.webAuthN.domain = domain;
}
return recentPromise return recentPromise
.then(async (recent) => { .then(async (recent) => {
if ( if (
@@ -140,15 +144,7 @@ export async function PUT(request: NextRequest) {
authFactors = response.result; authFactors = response.result;
} }
} }
if (challenges && challenges.o && session.factors?.user?.id) {
const response = await listHumanAuthFactors(
server,
session.factors?.user?.id
);
if (response.result && response.result.length) {
authFactors = response.result;
}
}
return NextResponse.json({ return NextResponse.json({
sessionId: session.id, sessionId: session.id,
factors: session.factors, factors: session.factors,

259
apps/login/ui/VerifyU2F.tsx
View File

@@ -1,16 +1,265 @@
"use client";
import { useEffect, useRef, useState } from "react";
import { useRouter } from "next/navigation";
import { coerceToArrayBuffer, coerceToBase64Url } from "#/utils/base64";
import { Button, ButtonVariants } from "./Button";
import Alert from "./Alert";
import { Spinner } from "./Spinner";
import { Checks } from "@zitadel/server";
// either loginName or sessionId must be provided
type Props = { type Props = {
loginName: string | undefined; loginName?: string;
sessionId: string | undefined; sessionId?: string;
authRequestId?: string; authRequestId?: string;
organization?: string; organization?: string;
submit: boolean;
}; };
export default function VerifyU2F({ export default function VerifyU2F({
loginName, loginName,
sessionId,
authRequestId, authRequestId,
organization, organization,
submit,
}: Props) { }: Props) {
return <div>Verify U2F</div>; const [error, setError] = useState<string>("");
const [loading, setLoading] = useState<boolean>(false);
const router = useRouter();
const initialized = useRef(false);
useEffect(() => {
if (!initialized.current) {
initialized.current = true;
setLoading(true);
updateSessionForChallenge()
.then((response) => {
const pK =
response.challenges.webAuthN.publicKeyCredentialRequestOptions
.publicKey;
if (pK) {
submitLoginAndContinue(pK)
.then(() => {
setLoading(false);
})
.catch((error) => {
setError(error);
setLoading(false);
});
} else {
setError("Could not request passkey challenge");
setLoading(false);
}
})
.catch((error) => {
setError(error);
setLoading(false);
});
}
}, []);
async function updateSessionForChallenge() {
setLoading(true);
const res = await fetch("/api/session", {
method: "PUT",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
loginName,
sessionId,
organization,
challenges: {
webAuthN: {
domain: "",
userVerificationRequirement: 1,
},
},
authRequestId,
}),
});
setLoading(false);
if (!res.ok) {
const error = await res.json();
throw error.details.details;
}
return res.json();
}
async function submitLogin(data: any) {
setLoading(true);
const res = await fetch("/api/session", {
method: "PUT",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
loginName,
sessionId,
organization,
checks: {
webAuthN: { credentialAssertionData: data },
} as Checks,
authRequestId,
}),
});
const response = await res.json();
setLoading(false);
if (!res.ok) {
setError(response.details);
return Promise.reject(response.details);
}
return response;
}
async function submitLoginAndContinue(
publicKey: any
): Promise<boolean | void> {
publicKey.challenge = coerceToArrayBuffer(
publicKey.challenge,
"publicKey.challenge"
);
publicKey.allowCredentials.map((listItem: any) => {
listItem.id = coerceToArrayBuffer(
listItem.id,
"publicKey.allowCredentials.id"
);
});
navigator.credentials
.get({
publicKey,
})
.then((assertedCredential: any) => {
if (assertedCredential) {
const authData = new Uint8Array(
assertedCredential.response.authenticatorData
);
const clientDataJSON = new Uint8Array(
assertedCredential.response.clientDataJSON
);
const rawId = new Uint8Array(assertedCredential.rawId);
const sig = new Uint8Array(assertedCredential.response.signature);
const userHandle = new Uint8Array(
assertedCredential.response.userHandle
);
const data = {
id: assertedCredential.id,
rawId: coerceToBase64Url(rawId, "rawId"),
type: assertedCredential.type,
response: {
authenticatorData: coerceToBase64Url(authData, "authData"),
clientDataJSON: coerceToBase64Url(
clientDataJSON,
"clientDataJSON"
),
signature: coerceToBase64Url(sig, "sig"),
userHandle: coerceToBase64Url(userHandle, "userHandle"),
},
};
return submitLogin(data).then((resp) => {
if (authRequestId && resp && resp.sessionId) {
return router.push(
`/login?` +
new URLSearchParams({
sessionId: resp.sessionId,
authRequest: authRequestId,
})
);
} else {
return router.push(
`/signedin?` +
new URLSearchParams(
authRequestId
? {
loginName: resp.factors.user.loginName,
authRequestId,
}
: {
loginName: resp.factors.user.loginName,
}
)
);
}
});
} else {
setLoading(false);
setError("An error on retrieving passkey");
return null;
}
})
.catch((error) => {
console.error(error);
setLoading(false);
// setError(error);
return null;
});
}
return (
<div className="w-full">
{error && (
<div className="py-4">
<Alert>{error}</Alert>
</div>
)}
<div className="mt-8 flex w-full flex-row items-center">
{altPassword ? (
<Button
type="button"
variant={ButtonVariants.Secondary}
onClick={() => {
const params: any = { alt: "true" };
if (loginName) {
params.loginName = loginName;
}
if (sessionId) {
params.sessionId = sessionId;
}
if (authRequestId) {
params.authRequestId = authRequestId;
}
if (organization) {
params.organization = organization;
}
return router.push(
"/password?" + new URLSearchParams(params) // alt is set because password is requested as alternative auth method, so passwordless prompt can be escaped
);
}}
>
use password
</Button>
) : (
<Button
type="button"
variant={ButtonVariants.Secondary}
onClick={() => router.back()}
>
back
</Button>
)}
<span className="flex-grow"></span>
<Button
type="submit"
className="self-end"
variant={ButtonVariants.Primary}
disabled={loading}
onClick={() => updateSessionForChallenge()}
>
{loading && <Spinner className="h-5 w-5 mr-2" />}
continue
</Button>
</div>
</div>
);
} }