webauthn

3 years ago · 03ced7c697
4 changed files with 52 additions and 12 deletions
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@ -1,6 +1,7 @@
 <?php
 namespace LAM\LIB\TWO_FACTOR;
-use LAM\LOGIN\WEBAUTHN\WebauthnManager;
+use \htmlResponsiveRow;
+use \LAM\LOGIN\WEBAUTHN\WebauthnManager;
 use \selfServiceProfile;
 use \LAMConfig;
 use \htmlScript;
@ -12,7 +13,7 @@ use \htmlStatusMessage;
 use \htmlOutputText;
 use \htmlDiv;
 use \LAMException;
-use Webauthn\PublicKeyCredentialCreationOptions;
+use \Webauthn\PublicKeyCredentialCreationOptions;

 /*
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -537,6 +538,16 @@ class WebauthnProvider extends BaseProvider {
 			$row->add(new htmlStatusMessage('ERROR', 'Webauthn requires the sqlite PDO driver for PHP.'), 12);
 			return;
 		}
+		include_once __DIR__ . '/webauthn.inc';
+		$webauthnManager = $this->getWebauthnManager();
+		$hasTokens = $webauthnManager->isRegistered($userDn);
+		if ($hasTokens) {
+			$row->add(new htmlStatusMessage('INFO', _('Please authenticate with your security device.')), 12);
+		}
+		else {
+			$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')), 12);
+		}
+		$row->addVerticalSpacer('2rem');
 		$pathPrefix = $this->config->isSelfService ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
 		$row->addVerticalSpacer('1rem');
@ -549,9 +560,6 @@ class WebauthnProvider extends BaseProvider {
 		$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
 		$row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12);
 		if ($this->config->twoFactorAuthenticationOptional === true) {
-			include_once __DIR__ . '/webauthn.inc';
-			$webauthnManager = $this->getWebauthnManager();
-			$hasTokens = $webauthnManager->isRegistered($userDn);
 			if (!$hasTokens) {
 				$skipButton = new htmlButton('skip_webauthn', _('Skip'));
 				$skipButton->setCSSClasses(array('fullwidth'));
--- a/lam/templates/config/mainmanage.php
+++ b/lam/templates/config/mainmanage.php
@ -480,6 +480,8 @@ printHeaderContents(_("Edit general settings"), '../..');
 			addSecurityTokenToSession(false);
 			$resultDiv->addDataAttribute('sec_token_value', getSecurityTokenValue());
 			$row->add($resultDiv, 12);
+			$confirmationDiv = new htmlDiv('webauthnDeleteConfirm', new htmlOutputText(_('Do you really want to remove this device?')), array('hidden'));
+			$row->add($confirmationDiv, 12);
 		}
 	}

--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@ -1586,6 +1586,34 @@ window.lam.webauthn.addDeviceActionListeners = function() {
 window.lam.webauthn.removeDevice = function(event) {
 	event.preventDefault();
 	const element = jQuery(event.target);
+	const dialogTitle = element.data('dialogtitle');
+	const okText = element.data('oktext');
+	const cancelText = element.data('canceltext');
+	let buttonList = {};
+	buttonList[okText] = function() {
+		jQuery('#webauthnDeleteConfirm').dialog('close');
+		window.lam.webauthn.sendRemoveDeviceRequest(element);
+	};
+	buttonList[cancelText] = function() {
+		jQuery(this).dialog("close");
+	};
+	jQuery('#webauthnDeleteConfirm').dialog({
+		modal: true,
+		title: dialogTitle,
+		dialogClass: 'defaultBackground',
+		buttons: buttonList,
+		width: 'auto'
+	});
+
+	return false;
+}
+
+/**
+ * Sends the remove request to server.
+ *
+ * @param element button element
+ */
+window.lam.webauthn.sendRemoveDeviceRequest = function(element) {
 	const dn = element.data('dn');
 	const credential = element.data('credential');
 	const resultDiv = jQuery('#webauthn_results');
@ -1602,13 +1630,12 @@ window.lam.webauthn.removeDevice = function(event) {
 		method: 'POST',
 		data: data
 	})
-	.done(function(jsonData) {
-		resultDiv.html(jsonData.content);
-	})
-	.fail(function() {
-		console.log('Webauthn device deletion failed');
-	});
-	return false;
+		.done(function(jsonData) {
+			resultDiv.html(jsonData.content);
+		})
+		.fail(function() {
+			console.log('Webauthn device deletion failed');
+		});
 }

 jQuery(document).ready(function() {
--- a/lam/templates/misc/ajax.php
+++ b/lam/templates/misc/ajax.php
@ -274,6 +274,9 @@ class Ajax {
 				$delButton = new htmlButton('deleteDevice' . $id, 'delete.png', true);
 				$delButton->addDataAttribute('credential', $result['credentialId']);
 				$delButton->addDataAttribute('dn', $result['dn']);
+				$delButton->addDataAttribute('dialogtitle', _('Remove device'));
+				$delButton->addDataAttribute('oktext', _('Ok'));
+				$delButton->addDataAttribute('canceltext', _('Cancel'));
 				$delButton->setCSSClasses(array('webauthn-delete'));
 				$data[] = array(
 					new htmlOutputText($result['dn']),