From ffd47f8ca51ac6cfafa11b1b225d08996372fa6f Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 21 Nov 2019 19:34:01 +0100
Subject: [PATCH] webauthn

---
 lam/lib/2factor.inc          | 14 +++++++++++
 lam/templates/lib/500_lam.js | 46 ++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)

diff --git a/lam/lib/2factor.inc b/lam/lib/2factor.inc
index 65619772..a4a3f976 100644
--- a/lam/lib/2factor.inc
+++ b/lam/lib/2factor.inc
@@ -5,6 +5,10 @@ use \LAMConfig;
 use \htmlScript;
 use \htmlIframe;
 use \htmlImage;
+use \htmlButton;
+use \htmlJavaScript;
+use \htmlStatusMessage;
+use \htmlDiv;
 use \LAMException;
 
 /*
@@ -519,6 +523,16 @@ class WebauthnProvider extends BaseProvider {
 	public function addCustomInput(&$row, $userDn) {
 		$pathPrefix = $this->config->isSelfService ? '../' : '';
 		$row->add(new htmlImage($pathPrefix . '../graphics/webauthn.svg'), 12);
+		$row->addVerticalSpacer('1rem');
+		$registerButton = new htmlButton('register_webauthn', _('Register new key'));
+		$registerButton->setCSSClasses(array('fullwidth hidden'));
+		$row->add($registerButton, 12);
+		$loginButton = new htmlButton('login_webauthn', _('Login'));
+		$loginButton->setCSSClasses(array('fullwidth hidden'));
+		$row->add($loginButton, 12);
+		$errorMessage = new htmlStatusMessage('ERROR', '', _('This service requires a browser with webauthn support.'));
+		$row->add(new htmlDiv(null, $errorMessage, array('hidden webauthn-error')), 12);
+		$row->add(new htmlJavaScript('window.lam.webauthn.start(\'' . $pathPrefix . '\');'), 0);
 	}
 
 	/**
diff --git a/lam/templates/lib/500_lam.js b/lam/templates/lib/500_lam.js
index efd7251e..b6c17635 100644
--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@@ -1356,6 +1356,52 @@ window.lam.selfservice.addMultiValue = function(fieldNamePrefix, addButton) {
 	jQuery(addButton).remove();
 };
 
+window.lam.webauthn = window.lam.webauthn || {};
+
+/**
+ * Starts the webauthn process.
+ *
+ * @param prefix path prefix for Ajax endpoint
+ */
+window.lam.webauthn.start = function(prefix) {
+	jQuery(document).ready(
+		function() {
+			window.lam.webauthn.run(prefix);
+		}
+	);
+}
+
+/**
+ * Checks if the user is registered and starts login/registration.
+ *
+ * @param prefix path prefix for Ajax endpoint
+ */
+window.lam.webauthn.run = function(prefix) {
+	var token = jQuery('#sec_token').val();
+	// check for webauthn support
+	if (!navigator.credentials || (typeof(PublicKeyCredential) === "undefined")) {
+		jQuery('.webauthn-error').show();
+		return;
+	}
+
+	var data = {
+			action: 'status',
+			sec_token: token
+	};
+	jQuery.ajax({
+		url: prefix + 'misc/ajax.php?function=webauthn',
+		method: 'POST',
+		data: data
+	})
+	.done(function(jsonData) {
+		console.log(jsonData);
+	})
+	.fail(function() {
+		console.log('Webauthn failed');
+	});
+}
+
+
 jQuery(document).ready(function() {
 	window.lam.gui.equalHeight();
 	window.lam.form.autoTrim();