From e329c28c3eab93d3894fffa4b1c3686927afbe00 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 21 Nov 2019 22:03:42 +0100
Subject: [PATCH] webauthn

---
 lam/composer.json              |  8 ++++++
 lam/lib/webauthn.inc           | 49 ++++++++++++++++++++++++++++++++++
 lam/templates/lib/500_lam.js   |  1 +
 lam/templates/login2Factor.php |  4 ++-
 lam/templates/misc/ajax.php    | 12 +++++++++
 5 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 lam/composer.json
 create mode 100644 lam/lib/webauthn.inc

diff --git a/lam/composer.json b/lam/composer.json
new file mode 100644
index 00000000..a78d3bba
--- /dev/null
+++ b/lam/composer.json
@@ -0,0 +1,8 @@
+{
+  "config": {
+    "vendor-dir": "lib/3rdParty/composer"
+  },
+  "require" : {
+    "web-auth/webauthn-lib" : "2.1.7"
+  }
+}
\ No newline at end of file
diff --git a/lam/lib/webauthn.inc b/lam/lib/webauthn.inc
new file mode 100644
index 00000000..8d105fea
--- /dev/null
+++ b/lam/lib/webauthn.inc
@@ -0,0 +1,49 @@
+<?php
+namespace LAM\LOGIN\WEBAUTHN;
+/*
+
+  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+  Copyright (C) 2019  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+/**
+* Manages webauthn requests.
+*
+* @author Roland Gruber
+*/
+
+/**
+ * Returns if the given DN is registered for webauthn.
+ *
+ * @param string $dn DN
+ * @return boolean is registered
+ */
+function isRegistered($dn) {
+	return false;
+}
+
+/**
+ * Returns a challenge for a new token.
+ *
+ * @return string challenge
+ */
+function getChallenge() {
+
+}
+
+
diff --git a/lam/templates/lib/500_lam.js b/lam/templates/lib/500_lam.js
index b6c17635..1413f807 100644
--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@@ -1386,6 +1386,7 @@ window.lam.webauthn.run = function(prefix) {
 
 	var data = {
 			action: 'status',
+			jsonInput: '',
 			sec_token: token
 	};
 	jQuery.ajax({
diff --git a/lam/templates/login2Factor.php b/lam/templates/login2Factor.php
index 30c00064..5182c7c0 100644
--- a/lam/templates/login2Factor.php
+++ b/lam/templates/login2Factor.php
@@ -190,7 +190,9 @@ echo $config->getTwoFactorAuthenticationCaption();
 
 	<script type="text/javascript">
 		myElement = document.getElementsByName('2factor')[0];
-		myElement.focus();
+		if (myElement) {
+			myElement.focus();
+		}
 	</script>
 </body>
 </html>
diff --git a/lam/templates/misc/ajax.php b/lam/templates/misc/ajax.php
index eff89675..09383d35 100644
--- a/lam/templates/misc/ajax.php
+++ b/lam/templates/misc/ajax.php
@@ -101,6 +101,11 @@ class Ajax {
 			$this->checkPasswordStrength($jsonInput);
 			die();
 		}
+		if ($function === 'webauthn') {
+			enforceUserIsLoggedIn(false);
+			$this->manageWebauthn();
+			die();
+		}
 		enforceUserIsLoggedIn();
 		if ($function == 'passwordChange') {
 			$this->managePasswordChange($jsonInput);
@@ -177,6 +182,13 @@ class Ajax {
 		echo json_encode(array("result" => $result));
 	}
 
+	/**
+	 * Manages webauthn requests.
+	 */
+	private function manageWebauthn() {
+		$userDN = $_SESSION['ldap']->getUserName();
+	}
+
 	/**
 	 * Handles DN selection fields.
 	 *