From 0e835e30037d51bed19edfa6eea558010a204020 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 19 Dec 2019 22:01:54 +0100
Subject: [PATCH] added webauthn error message

---
 composer.json                |  6 +-----
 lam/lib/2factor.inc          |  6 +++++-
 lam/lib/html.inc             |  2 +-
 lam/lib/webauthn.inc         |  3 ++-
 lam/templates/lib/500_lam.js | 20 +++++++++++++++++---
 5 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/composer.json b/composer.json
index de5de7f6..8ffeb2e6 100644
--- a/composer.json
+++ b/composer.json
@@ -1,10 +1,6 @@
 {
-  "require": {
-    "web-auth/webauthn-lib" : "2.1.7",
-    "symfony/http-foundation" : "5.0.0"
-  },
   "require-dev" : {
     "phpunit/phpunit" : "5.7.27",
     "squizlabs/php_codesniffer" : "3.4.0"
   }
-}
\ No newline at end of file
+}
diff --git a/lam/lib/2factor.inc b/lam/lib/2factor.inc
index b3176386..2a63bbdb 100644
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@@ -8,6 +8,7 @@ use \htmlImage;
 use \htmlButton;
 use \htmlJavaScript;
 use \htmlStatusMessage;
+use \htmlOutputText;
 use \htmlDiv;
 use \LAMException;
 use Webauthn\PublicKeyCredentialCreationOptions;
@@ -557,6 +558,10 @@ class WebauthnProvider extends BaseProvider {
 				$row->add($skipButton, 12);
 			}
 		}
+		$errorMessageDiv = new htmlDiv('generic-webauthn-error', new htmlOutputText(''));
+		$errorMessageDiv->addDataAttribute('button', _('Ok'));
+		$errorMessageDiv->addDataAttribute('title', _('Webauthn failed'));
+		$row->add($errorMessageDiv, 12);
 		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\');'), 0);
 	}
 
@@ -567,7 +572,6 @@ class WebauthnProvider extends BaseProvider {
 	public function verify2ndFactor($user, $password, $serial, $twoFactorInput) {
 		logNewMessage(LOG_DEBUG, 'WebauthnProvider: Checking 2nd factor for ' . $user);
 		include_once __DIR__ . '/webauthn.inc';
-		logNewMessage(LOG_ERR, $user);
 		if ($this->config->twoFactorAuthenticationOptional && !hasTokensRegistered($user) && ($_POST['sig_response'] === 'skip')) {
 			return true;
 		}
diff --git a/lam/lib/html.inc b/lam/lib/html.inc
index e199c5d6..14410395 100644
--- a/lam/lib/html.inc
+++ b/lam/lib/html.inc
@@ -3626,7 +3626,7 @@ class htmlDiv extends htmlElement {
 		if (($this->cssClasses != null) && (sizeof($this->cssClasses) > 0)) {
 			$classesValue = ' class="' . implode(' ', $this->cssClasses) . '"';
 		}
-		echo '<div' . $idValue . $classesValue . '>';
+		echo '<div' . $idValue . $classesValue . $this->getDataAttributesAsString() . '>';
 		if ($this->content != null) {
 			$return = $this->content->generateHTML($module, $input, $values, $restricted, $tabindex, $scope);
 		}
diff --git a/lam/lib/webauthn.inc b/lam/lib/webauthn.inc
index cf2cb955..1281c74f 100644
--- a/lam/lib/webauthn.inc
+++ b/lam/lib/webauthn.inc
@@ -40,6 +40,7 @@ use \Webauthn\PublicKeyCredentialUserEntity;
 use \Webauthn\AuthenticationExtensions\AuthenticationExtensionsClientInputs;
 use \Webauthn\AuthenticatorSelectionCriteria;
 use Webauthn\TokenBinding\IgnoreTokenBindingHandler;
+use \LAMException;
 
 /*
 
@@ -104,7 +105,7 @@ function getRegistrationObject($dn, $isSelfService) {
 		new AuthenticatorSelectionCriteria(),
 		PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
 		new AuthenticationExtensionsClientInputs());
-	logNewMessage(LOG_DEBUG, json_encode($registrationObject));
+	logNewMessage(LOG_DEBUG, 'Webauthn registration: ' . json_encode($registrationObject));
 	return $registrationObject;
 }
 
diff --git a/lam/templates/lib/500_lam.js b/lam/templates/lib/500_lam.js
index 954b1e11..67a27338 100644
--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@@ -841,9 +841,14 @@ window.lam.form.autoTrim = function() {
 
 window.lam.dialog = window.lam.dialog || {};
 
-window.lam.dialog.showMessage = function(title, okText, divId) {
+window.lam.dialog.showMessage = function(title, okText, divId, callbackFunction) {
     var buttonList = {};
-    buttonList[okText] = function() { jQuery(this).dialog("close"); };
+    buttonList[okText] = function() {
+    	jQuery(this).dialog("close");
+    	if (callbackFunction) {
+    		callbackFunction();
+		}
+    };
     jQuery('#' + divId).dialog({
 		modal: true,
 		title: title,
@@ -1445,7 +1450,16 @@ window.lam.webauthn.register = function(publicKey) {
 			form.submit();
 		}, function (error) {
 			console.log(error.message);
-			jQuery('#btn_logout').click();
+			let errorDiv = jQuery('#generic-webauthn-error');
+			let buttonLabel = errorDiv.data('button');
+			let dialogTitle = errorDiv.data('title');
+			errorDiv.text(error.message);
+			window.lam.dialog.showMessage(dialogTitle,
+				buttonLabel,
+				'generic-webauthn-error',
+				function () {
+					jQuery('#btn_logout').click();
+				});
 		});
 }