From c11b6557dbd6dfa49a5038a4e5ec333903bf8594 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Jan 2022 20:26:26 +0100
Subject: [PATCH] migrating from u2f-api.js to webauthn [cleanup]

---
 data/web/templates/base.twig          | 34 ++++++++++-----------------
 data/web/templates/modals/footer.twig |  4 ++--
 2 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index b7c0138f..a5e61ab3 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -182,12 +182,11 @@ function recursiveBase64StrToArrayBuffer(obj) {
       keyboard: false
     });
 
-    $('#webauthn_status_auth').html('<p>Press to start authentication</p>');
+    // validate WebAuthn tfa
     $('#start_webauthn_confirmation').click(function(){
       $('#webauthn_status_auth').html('<p><i class="bi bi-arrow-repeat icon-spin"></i> ' + lang_tfa.init_webauthn + '</p>');
 
       $(this).find('input[name=token]').focus();
-      // If WebAuthn
       if(document.getElementById("webauthn_auth_data") !== null) {
         // Check Browser support
         if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
@@ -195,19 +194,18 @@ function recursiveBase64StrToArrayBuffer(obj) {
             return;
         }
 
+        // fetch webauthn auth args
         window.fetch("/api/v1/get/webauthn-tfa-get-args", {method:'GET',cache:'no-cache'}).then(response => {
             return response.json();
         }).then(json => {
-            console.log(json);
             if (json.success === false) throw new Error();
       
             recursiveBase64StrToArrayBuffer(json);
             return json;
         }).then(getCredentialArgs => {
-            console.log(getCredentialArgs);
+            // get credentials
             return navigator.credentials.get(getCredentialArgs);
         }).then(cred => {
-            console.log(cred);
             return {
                 id: cred.rawId ? arrayBufferToBase64(cred.rawId) : null,
                 clientDataJSON: cred.response.clientDataJSON  ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
@@ -215,23 +213,20 @@ function recursiveBase64StrToArrayBuffer(obj) {
                 signature : cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null
             };
         }).then(JSON.stringify).then(function(AuthenticatorAttestationResponse) {
-            console.log(AuthenticatorAttestationResponse);
-
+            // send request by submit
             var form = document.getElementById('webauthn_auth_form');
             var auth = document.getElementById('webauthn_auth_data');
-            console.log("Authenticate callback", AuthenticatorAttestationResponse);
             auth.value = AuthenticatorAttestationResponse;
             form.submit();
         }).catch(function(err) {
-            if (typeof err.message === 'undefined') {
-                mailcow_alert_box(lang_fido2.fido2_validation_failed, "danger");
-            } else {
-                mailcow_alert_box(lang_fido2.fido2_validation_failed + ":<br><i>" + err.message + "</i>", "danger");
-            }
+            var webauthn_return_code = document.getElementById('webauthn_return_code');
+            webauthn_return_code.style.display = webauthn_return_code.style.display === 'none' ? '' : null;
+            webauthn_return_code.innerHTML = lang_tfa.error_code + ': ' + err + ' ' + lang_tfa.reload_retry;
         });
       } 
     });
     $('#ConfirmTFAModal').on('hidden.bs.modal', function(){
+      // cancel pending login
       $.ajax({
         type: "GET",
         cache: false,
@@ -364,18 +359,16 @@ function recursiveBase64StrToArrayBuffer(obj) {
         $("#start_webauthn_register").click(() => {
             var key_id = document.getElementsByName('key_id')[1].value;
 
-            // fetch WebAuthn CreateArgs
+            // fetch WebAuthn create args
             window.fetch("/api/v1/get/webauthn-tfa-registration/{{ mailcow_cc_username|url_encode(true)|default('null') }}", {method:'GET',cache:'no-cache'}).then(response => {
                 return response.json();
             }).then(json => {
-                console.log(json);
-
                 if (json.success === false) throw new Error(json.msg);
-
                 recursiveBase64StrToArrayBuffer(json);
 
                 return json;
             }).then(createCredentialArgs => {
+                // create credentials
                 return navigator.credentials.create(createCredentialArgs);
             }).then(cred => {
                 return {
@@ -385,16 +378,13 @@ function recursiveBase64StrToArrayBuffer(obj) {
                     tfa_method: "webauthn"
                 };
             }).then(JSON.stringify).then(AuthenticatorAttestationResponse => {
-                console.log(AuthenticatorAttestationResponse);
-
+                // send request
                 return window.fetch("/api/v1/add/webauthn-tfa-registration", {method:'POST', body: AuthenticatorAttestationResponse, cache:'no-cache'});
             }).then(response => {
                 return response.json();
             }).then(json => {
-                console.log(json);
-
                 if (json.success) {
-                    console.log("success");
+                    // reload on success
                     window.location.href = window.location.href;
                 } else {
                     throw new Error(json.msg);
diff --git a/data/web/templates/modals/footer.twig b/data/web/templates/modals/footer.twig
index 306005a1..7e2aa361 100644
--- a/data/web/templates/modals/footer.twig
+++ b/data/web/templates/modals/footer.twig
@@ -173,7 +173,7 @@
         {% if pending_tfa_method == 'webauthn' %}
         <form role="form" method="post" id="webauthn_auth_form">
           <center>
-            <div id="start_webauthn_confirmation">
+            <div style="cursor:pointer" id="start_webauthn_confirmation">
               <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">
                 <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>
               </svg>
@@ -192,7 +192,7 @@
         {% if pending_tfa_method == 'u2f' %}
         <form role="form" method="post" id="webauthn_auth_form">
           <center>
-            <div id="start_webauthn_confirmation">
+            <div style="cursor:pointer" id="start_webauthn_confirmation">
               <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 24 24">
                 <path d="M17.81 4.47c-.08 0-.16-.02-.23-.06C15.66 3.42 14 3 12.01 3c-1.98 0-3.86.47-5.57 1.41-.24.13-.54.04-.68-.2-.13-.24-.04-.55.2-.68C7.82 2.52 9.86 2 12.01 2c2.13 0 3.99.47 6.03 1.52.25.13.34.43.21.67-.09.18-.26.28-.44.28zM3.5 9.72c-.1 0-.2-.03-.29-.09-.23-.16-.28-.47-.12-.7.99-1.4 2.25-2.5 3.75-3.27C9.98 4.04 14 4.03 17.15 5.65c1.5.77 2.76 1.86 3.75 3.25.16.22.11.54-.12.7-.23.16-.54.11-.7-.12-.9-1.26-2.04-2.25-3.39-2.94-2.87-1.47-6.54-1.47-9.4.01-1.36.7-2.5 1.7-3.4 2.96-.08.14-.23.21-.39.21zm6.25 12.07c-.13 0-.26-.05-.35-.15-.87-.87-1.34-1.43-2.01-2.64-.69-1.23-1.05-2.73-1.05-4.34 0-2.97 2.54-5.39 5.66-5.39s5.66 2.42 5.66 5.39c0 .28-.22.5-.5.5s-.5-.22-.5-.5c0-2.42-2.09-4.39-4.66-4.39-2.57 0-4.66 1.97-4.66 4.39 0 1.44.32 2.77.93 3.85.64 1.15 1.08 1.64 1.85 2.42.19.2.19.51 0 .71-.11.1-.24.15-.37.15zm7.17-1.85c-1.19 0-2.24-.3-3.1-.89-1.49-1.01-2.38-2.65-2.38-4.39 0-.28.22-.5.5-.5s.5.22.5.5c0 1.41.72 2.74 1.94 3.56.71.48 1.54.71 2.54.71.24 0 .64-.03 1.04-.1.27-.05.53.13.58.41.05.27-.13.53-.41.58-.57.11-1.07.12-1.21.12zM14.91 22c-.04 0-.09-.01-.13-.02-1.59-.44-2.63-1.03-3.72-2.1-1.4-1.39-2.17-3.24-2.17-5.22 0-1.62 1.38-2.94 3.08-2.94 1.7 0 3.08 1.32 3.08 2.94 0 1.07.93 1.94 2.08 1.94s2.08-.87 2.08-1.94c0-3.77-3.25-6.83-7.25-6.83-2.84 0-5.44 1.58-6.61 4.03-.39.81-.59 1.76-.59 2.8 0 .78.07 2.01.67 3.61.1.26-.03.55-.29.64-.26.1-.55-.04-.64-.29-.49-1.31-.73-2.61-.73-3.96 0-1.2.23-2.29.68-3.24 1.33-2.79 4.28-4.6 7.51-4.6 4.55 0 8.25 3.51 8.25 7.83 0 1.62-1.38 2.94-3.08 2.94s-3.08-1.32-3.08-2.94c0-1.07-.93-1.94-2.08-1.94s-2.08.87-2.08 1.94c0 1.71.66 3.31 1.87 4.51.95.94 1.86 1.46 3.27 1.85.27.07.42.35.35.61-.05.23-.26.38-.47.38z"></path>
               </svg>