WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

webauthn

This commit is contained in:
Roland Gruber 2020-01-05 17:53:12 +01:00
parent 3299d48e95
commit 03ced7c697
4 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lam/lib/2factor.inc
View File

@ -1,6 +1,7 @@
<?php <?php
namespace LAM\LIB\TWO_FACTOR; namespace LAM\LIB\TWO_FACTOR;
use LAM\LOGIN\WEBAUTHN\WebauthnManager; use \htmlResponsiveRow;
use \LAM\LOGIN\WEBAUTHN\WebauthnManager;
use \selfServiceProfile; use \selfServiceProfile;
use \LAMConfig; use \LAMConfig;
use \htmlScript; use \htmlScript;
@ -12,7 +13,7 @@ use \htmlStatusMessage;
use \htmlOutputText; use \htmlOutputText;
use \htmlDiv; use \htmlDiv;
use \LAMException; use \LAMException;
use Webauthn\PublicKeyCredentialCreationOptions; use \Webauthn\PublicKeyCredentialCreationOptions;
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
@ -537,6 +538,16 @@ class WebauthnProvider extends BaseProvider {
$row->add(new htmlStatusMessage('ERROR', 'Webauthn requires the sqlite PDO driver for PHP.'), 12); $row->add(new htmlStatusMessage('ERROR', 'Webauthn requires the sqlite PDO driver for PHP.'), 12);
return; return;
} }
include_once __DIR__ . '/webauthn.inc';
$webauthnManager = $this->getWebauthnManager();
$hasTokens = $webauthnManager->isRegistered($userDn);
if ($hasTokens) {
$row->add(new htmlStatusMessage('INFO', _('Please authenticate with your security device.')), 12);
}
else {
$row->add(new htmlStatusMessage('INFO', _('Please register a security device.')), 12);
}
$row->addVerticalSpacer('2rem');
$pathPrefix = $this->config->isSelfService ? '../' : ''; $pathPrefix = $this->config->isSelfService ? '../' : '';
$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12); $row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
$row->addVerticalSpacer('1rem'); $row->addVerticalSpacer('1rem');
@ -549,9 +560,6 @@ class WebauthnProvider extends BaseProvider {
$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.')); $errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with "WebAuthn" support.'));
$row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12); $row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12);
if ($this->config->twoFactorAuthenticationOptional === true) { if ($this->config->twoFactorAuthenticationOptional === true) {
include_once __DIR__ . '/webauthn.inc';
$webauthnManager = $this->getWebauthnManager();
$hasTokens = $webauthnManager->isRegistered($userDn);
if (!$hasTokens) { if (!$hasTokens) {
$skipButton = new htmlButton('skip_webauthn', _('Skip')); $skipButton = new htmlButton('skip_webauthn', _('Skip'));
$skipButton->setCSSClasses(array('fullwidth')); $skipButton->setCSSClasses(array('fullwidth'));

2
lam/templates/config/mainmanage.php
View File

@ -480,6 +480,8 @@ printHeaderContents(_("Edit general settings"), '../..');
addSecurityTokenToSession(false); addSecurityTokenToSession(false);
$resultDiv->addDataAttribute('sec_token_value', getSecurityTokenValue()); $resultDiv->addDataAttribute('sec_token_value', getSecurityTokenValue());
$row->add($resultDiv, 12); $row->add($resultDiv, 12);
$confirmationDiv = new htmlDiv('webauthnDeleteConfirm', new htmlOutputText(_('Do you really want to remove this device?')), array('hidden'));
$row->add($confirmationDiv, 12);
} }
} }

41
lam/templates/lib/500_lam.js
View File

@ -1586,6 +1586,34 @@ window.lam.webauthn.addDeviceActionListeners = function() {
window.lam.webauthn.removeDevice = function(event) { window.lam.webauthn.removeDevice = function(event) {
event.preventDefault(); event.preventDefault();
const element = jQuery(event.target); const element = jQuery(event.target);
const dialogTitle = element.data('dialogtitle');
const okText = element.data('oktext');
const cancelText = element.data('canceltext');
let buttonList = {};
buttonList[okText] = function() {
jQuery('#webauthnDeleteConfirm').dialog('close');
window.lam.webauthn.sendRemoveDeviceRequest(element);
};
buttonList[cancelText] = function() {
jQuery(this).dialog("close");
};
jQuery('#webauthnDeleteConfirm').dialog({
modal: true,
title: dialogTitle,
dialogClass: 'defaultBackground',
buttons: buttonList,
width: 'auto'
});
return false;
}
/**
* Sends the remove request to server.
*
* @param element button element
*/
window.lam.webauthn.sendRemoveDeviceRequest = function(element) {
const dn = element.data('dn'); const dn = element.data('dn');
const credential = element.data('credential'); const credential = element.data('credential');
const resultDiv = jQuery('#webauthn_results'); const resultDiv = jQuery('#webauthn_results');
@ -1602,13 +1630,12 @@ window.lam.webauthn.removeDevice = function(event) {
method: 'POST', method: 'POST',
data: data data: data
}) })
.done(function(jsonData) { .done(function(jsonData) {
resultDiv.html(jsonData.content); resultDiv.html(jsonData.content);
}) })
.fail(function() { .fail(function() {
console.log('Webauthn device deletion failed'); console.log('Webauthn device deletion failed');
}); });
return false;
} }
jQuery(document).ready(function() { jQuery(document).ready(function() {

3
lam/templates/misc/ajax.php
View File

@ -274,6 +274,9 @@ class Ajax {
$delButton = new htmlButton('deleteDevice' . $id, 'delete.png', true); $delButton = new htmlButton('deleteDevice' . $id, 'delete.png', true);
$delButton->addDataAttribute('credential', $result['credentialId']); $delButton->addDataAttribute('credential', $result['credentialId']);
$delButton->addDataAttribute('dn', $result['dn']); $delButton->addDataAttribute('dn', $result['dn']);
$delButton->addDataAttribute('dialogtitle', _('Remove device'));
$delButton->addDataAttribute('oktext', _('Ok'));
$delButton->addDataAttribute('canceltext', _('Cancel'));
$delButton->setCSSClasses(array('webauthn-delete')); $delButton->setCSSClasses(array('webauthn-delete'));
$data[] = array( $data[] = array(
new htmlOutputText($result['dn']), new htmlOutputText($result['dn']),