From e3b58c6b809876350df395b872856054697902eb Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Wed, 1 Sep 2021 16:28:37 +0200 Subject: [PATCH] [Web] Fido2 support for M1 Macs with Touch ID (#4255) Signed-off-by: Kristian Feldsam --- data/web/admin.php | 10 +++++++++- data/web/inc/footer.inc.php | 12 +++++++++++- data/web/lang/lang.cs.json | 1 + data/web/lang/lang.de.json | 1 + data/web/lang/lang.en.json | 1 + data/web/lang/lang.sk.json | 1 + 6 files changed, 24 insertions(+), 2 deletions(-) diff --git a/data/web/admin.php b/data/web/admin.php index 1a28776c..3c2dbfc7 100644 --- a/data/web/admin.php +++ b/data/web/admin.php @@ -156,7 +156,15 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
- +
+ + +
    +
    • +
+

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index f99c86db..1e8ea0f3 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -176,12 +176,15 @@ $(document).ready(function() { }); }); // Set TFA/FIDO2 - $("#register-fido2").click(function(){ + $("#register-fido2, #register-fido2-touchid").click(function(){ + let t = $(this); + $("option:selected").prop("selected", false); if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { window.alert('Browser not supported.'); return; } + window.fetch("/api/v1/get/fido2-registration/", {method:'GET',cache:'no-cache'}).then(function(response) { return response.json(); }).then(function(json) { @@ -189,6 +192,13 @@ $(document).ready(function() { throw new Error(json.msg); } recursiveBase64StrToArrayBuffer(json); + + // set attestation to node if we are registering apple touch id + if(t.attr('id') === 'register-fido2-touchid') { + json.publicKey.attestation = 'none'; + json.publicKey.authenticatorSelection.authenticatorAttachment = "platform"; + } + return json; }).then(function(createCredentialArgs) { console.log(createCredentialArgs); diff --git a/data/web/lang/lang.cs.json b/data/web/lang/lang.cs.json index 5299f10d..1d658c3b 100644 --- a/data/web/lang/lang.cs.json +++ b/data/web/lang/lang.cs.json @@ -622,6 +622,7 @@ "register_status": "Stav registrace", "rename": "Přejmenovat", "set_fido2": "Registrovat FIDO2 zařízení", + "set_fido2_touchid": "Registrovat Touch ID na Apple M1", "set_fn": "Nastavi uživatelsky přívětivý název", "start_fido2_validation": "Spustit FIDO2 ověření" }, diff --git a/data/web/lang/lang.de.json b/data/web/lang/lang.de.json index 193df904..83d73b54 100644 --- a/data/web/lang/lang.de.json +++ b/data/web/lang/lang.de.json @@ -646,6 +646,7 @@ "register_status": "Registrierungsstatus", "rename": "Umbenennen", "set_fido2": "Registriere FIDO2-Gerät", + "set_fido2_touchid": "Registriere Touch ID auf Apple M1", "set_fn": "Benutzerfreundlichen Namen konfigurieren", "start_fido2_validation": "Starte FIDO2-Validierung" }, diff --git a/data/web/lang/lang.en.json b/data/web/lang/lang.en.json index b24ac6b9..4850b142 100644 --- a/data/web/lang/lang.en.json +++ b/data/web/lang/lang.en.json @@ -648,6 +648,7 @@ "register_status": "Registration status", "rename": "Rename", "set_fido2": "Register FIDO2 device", + "set_fido2_touchid": "Register Touch ID on Apple M1", "set_fn": "Set friendly name", "start_fido2_validation": "Start FIDO2 validation" }, diff --git a/data/web/lang/lang.sk.json b/data/web/lang/lang.sk.json index 40ed5c67..ee5a7a72 100644 --- a/data/web/lang/lang.sk.json +++ b/data/web/lang/lang.sk.json @@ -646,6 +646,7 @@ "register_status": "Stav registrácie", "rename": "Premenovať", "set_fido2": "Registrovať FIDO2 zariadenie", + "set_fido2_touchid": "Registrovať Touch ID na Apple M1", "set_fn": "Nastaviť zjednodušené meno", "start_fido2_validation": "Spustiť FIDO2 overenie" },