[Web] Fido2 support for M1 Macs with Touch ID (#4255)

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
master
Kristian Feldsam 2021-09-01 16:28:37 +02:00 committed by GitHub
parent bdf601ff28
commit e3b58c6b80
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 24 additions and 2 deletions

View File

@ -156,7 +156,15 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</div> </div>
<div class="row"> <div class="row">
<div class="col-sm-offset-3 col-sm-9"> <div class="col-sm-offset-3 col-sm-9">
<button class="btn btn-sm btn-primary visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline" id="register-fido2"><?=$lang['fido2']['set_fido2'];?></button> <div class="btn-group">
<button class="btn btn-sm btn-xs-lg btn-primary" id="register-fido2"><?=$lang['fido2']['set_fido2'];?></button>
<button type="button" class="btn btn-sm btn-xs-lg btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<span class="caret"></span>
</button>
<ul class="dropdown-menu">
<li><a href="#" id="register-fido2-touchid" style="line-height:1.4;"><i class="bi bi-shield-fill-check"></i> <?=$lang['fido2']['set_fido2_touchid'];?></a></li>
</ul>
</div>
</div> </div>
</div> </div>
<br> <br>

View File

@ -176,12 +176,15 @@ $(document).ready(function() {
}); });
}); });
// Set TFA/FIDO2 // Set TFA/FIDO2
$("#register-fido2").click(function(){ $("#register-fido2, #register-fido2-touchid").click(function(){
let t = $(this);
$("option:selected").prop("selected", false); $("option:selected").prop("selected", false);
if (!window.fetch || !navigator.credentials || !navigator.credentials.create) { if (!window.fetch || !navigator.credentials || !navigator.credentials.create) {
window.alert('Browser not supported.'); window.alert('Browser not supported.');
return; return;
} }
window.fetch("/api/v1/get/fido2-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? rawurlencode($_SESSION['mailcow_cc_username']) : null; ?>", {method:'GET',cache:'no-cache'}).then(function(response) { window.fetch("/api/v1/get/fido2-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? rawurlencode($_SESSION['mailcow_cc_username']) : null; ?>", {method:'GET',cache:'no-cache'}).then(function(response) {
return response.json(); return response.json();
}).then(function(json) { }).then(function(json) {
@ -189,6 +192,13 @@ $(document).ready(function() {
throw new Error(json.msg); throw new Error(json.msg);
} }
recursiveBase64StrToArrayBuffer(json); recursiveBase64StrToArrayBuffer(json);
// set attestation to node if we are registering apple touch id
if(t.attr('id') === 'register-fido2-touchid') {
json.publicKey.attestation = 'none';
json.publicKey.authenticatorSelection.authenticatorAttachment = "platform";
}
return json; return json;
}).then(function(createCredentialArgs) { }).then(function(createCredentialArgs) {
console.log(createCredentialArgs); console.log(createCredentialArgs);

View File

@ -622,6 +622,7 @@
"register_status": "Stav registrace", "register_status": "Stav registrace",
"rename": "Přejmenovat", "rename": "Přejmenovat",
"set_fido2": "Registrovat FIDO2 zařízení", "set_fido2": "Registrovat FIDO2 zařízení",
"set_fido2_touchid": "Registrovat Touch ID na Apple M1",
"set_fn": "Nastavi uživatelsky přívětivý název", "set_fn": "Nastavi uživatelsky přívětivý název",
"start_fido2_validation": "Spustit FIDO2 ověření" "start_fido2_validation": "Spustit FIDO2 ověření"
}, },

View File

@ -646,6 +646,7 @@
"register_status": "Registrierungsstatus", "register_status": "Registrierungsstatus",
"rename": "Umbenennen", "rename": "Umbenennen",
"set_fido2": "Registriere FIDO2-Gerät", "set_fido2": "Registriere FIDO2-Gerät",
"set_fido2_touchid": "Registriere Touch ID auf Apple M1",
"set_fn": "Benutzerfreundlichen Namen konfigurieren", "set_fn": "Benutzerfreundlichen Namen konfigurieren",
"start_fido2_validation": "Starte FIDO2-Validierung" "start_fido2_validation": "Starte FIDO2-Validierung"
}, },

View File

@ -648,6 +648,7 @@
"register_status": "Registration status", "register_status": "Registration status",
"rename": "Rename", "rename": "Rename",
"set_fido2": "Register FIDO2 device", "set_fido2": "Register FIDO2 device",
"set_fido2_touchid": "Register Touch ID on Apple M1",
"set_fn": "Set friendly name", "set_fn": "Set friendly name",
"start_fido2_validation": "Start FIDO2 validation" "start_fido2_validation": "Start FIDO2 validation"
}, },

View File

@ -646,6 +646,7 @@
"register_status": "Stav registrácie", "register_status": "Stav registrácie",
"rename": "Premenovať", "rename": "Premenovať",
"set_fido2": "Registrovať FIDO2 zariadenie", "set_fido2": "Registrovať FIDO2 zariadenie",
"set_fido2_touchid": "Registrovať Touch ID na Apple M1",
"set_fn": "Nastaviť zjednodušené meno", "set_fn": "Nastaviť zjednodušené meno",
"start_fido2_validation": "Spustiť FIDO2 overenie" "start_fido2_validation": "Spustiť FIDO2 overenie"
}, },