first commit
This commit is contained in:
148
media/plg_multifactorauth_webauthn/js/webauthn.js
Normal file
148
media/plg_multifactorauth_webauthn/js/webauthn.js
Normal file
@ -0,0 +1,148 @@
|
||||
/**
|
||||
* @package Joomla.Plugin
|
||||
* @subpackage Multifactorauth.webauthn
|
||||
*
|
||||
* @copyright (C) 2022 Open Source Matters, Inc. <https://www.joomla.org>
|
||||
* @license GNU General Public License version 2 or later; see LICENSE.txt
|
||||
*/
|
||||
|
||||
((Joomla, document) => {
|
||||
|
||||
let authData = null;
|
||||
const arrayToBase64String = a => btoa(String.fromCharCode(...a));
|
||||
const base64url2base64 = input => {
|
||||
let output = input.replace(/-/g, '+').replace(/_/g, '/');
|
||||
const pad = output.length % 4;
|
||||
if (pad) {
|
||||
if (pad === 1) {
|
||||
throw new Error('InvalidLengthError: Input base64url string is the wrong length to determine padding');
|
||||
}
|
||||
output += new Array(5 - pad).join('=');
|
||||
}
|
||||
return output;
|
||||
};
|
||||
const displayError = message => {
|
||||
try {
|
||||
Joomla.renderMessages({
|
||||
error: message
|
||||
});
|
||||
} catch (e) {
|
||||
alert(message);
|
||||
}
|
||||
};
|
||||
const handleError = message => {
|
||||
try {
|
||||
document.getElementById('plg_multifactorauth_webauthn_validate_button').style.disabled = 'null';
|
||||
} catch (e) {
|
||||
// Do nothing
|
||||
}
|
||||
displayError(message);
|
||||
};
|
||||
const setUp = e => {
|
||||
e.preventDefault();
|
||||
|
||||
// Make sure the browser supports Webauthn
|
||||
if (!('credentials' in navigator)) {
|
||||
displayError(Joomla.Text._('PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD'));
|
||||
return false;
|
||||
}
|
||||
const rawPKData = document.forms['com-users-method-edit'].querySelectorAll('input[name="pkRequest"]')[0].value;
|
||||
const publicKey = JSON.parse(atob(rawPKData));
|
||||
|
||||
// Convert the public key information to a format usable by the browser's credentials manager
|
||||
publicKey.challenge = Uint8Array.from(window.atob(base64url2base64(publicKey.challenge)), c => c.charCodeAt(0));
|
||||
publicKey.user.id = Uint8Array.from(window.atob(publicKey.user.id), c => c.charCodeAt(0));
|
||||
if (publicKey.excludeCredentials) {
|
||||
publicKey.excludeCredentials = publicKey.excludeCredentials.map(data => {
|
||||
data.id = Uint8Array.from(window.atob(base64url2base64(data.id)), c => c.charCodeAt(0));
|
||||
return data;
|
||||
});
|
||||
}
|
||||
|
||||
// Ask the browser to prompt the user for their authenticator
|
||||
navigator.credentials.create({
|
||||
publicKey
|
||||
}).then(data => {
|
||||
const publicKeyCredential = {
|
||||
id: data.id,
|
||||
type: data.type,
|
||||
rawId: arrayToBase64String(new Uint8Array(data.rawId)),
|
||||
response: {
|
||||
clientDataJSON: arrayToBase64String(new Uint8Array(data.response.clientDataJSON)),
|
||||
attestationObject: arrayToBase64String(new Uint8Array(data.response.attestationObject))
|
||||
}
|
||||
};
|
||||
|
||||
// Store the WebAuthn reply
|
||||
document.getElementById('com-users-method-code').value = btoa(JSON.stringify(publicKeyCredential));
|
||||
|
||||
// Submit the form
|
||||
document.forms['com-users-method-edit'].submit();
|
||||
}, error => {
|
||||
// An error occurred: timeout, request to provide the authenticator refused, hardware / software
|
||||
// error...
|
||||
handleError(error);
|
||||
});
|
||||
return false;
|
||||
};
|
||||
const validate = () => {
|
||||
// Make sure the browser supports Webauthn
|
||||
if (!('credentials' in navigator)) {
|
||||
displayError(Joomla.Text._('PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD'));
|
||||
return;
|
||||
}
|
||||
const publicKey = authData;
|
||||
if (!publicKey.challenge) {
|
||||
handleError(Joomla.Text._('PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL'));
|
||||
return;
|
||||
}
|
||||
publicKey.challenge = Uint8Array.from(window.atob(base64url2base64(publicKey.challenge)), c => c.charCodeAt(0));
|
||||
if (publicKey.allowCredentials) {
|
||||
publicKey.allowCredentials = publicKey.allowCredentials.map(data => {
|
||||
data.id = Uint8Array.from(window.atob(base64url2base64(data.id)), c => c.charCodeAt(0));
|
||||
return data;
|
||||
});
|
||||
}
|
||||
navigator.credentials.get({
|
||||
publicKey
|
||||
}).then(data => {
|
||||
const publicKeyCredential = {
|
||||
id: data.id,
|
||||
type: data.type,
|
||||
rawId: arrayToBase64String(new Uint8Array(data.rawId)),
|
||||
response: {
|
||||
authenticatorData: arrayToBase64String(new Uint8Array(data.response.authenticatorData)),
|
||||
clientDataJSON: arrayToBase64String(new Uint8Array(data.response.clientDataJSON)),
|
||||
signature: arrayToBase64String(new Uint8Array(data.response.signature)),
|
||||
userHandle: data.response.userHandle ? arrayToBase64String(new Uint8Array(data.response.userHandle)) : null
|
||||
}
|
||||
};
|
||||
document.getElementById('users-mfa-code').value = btoa(JSON.stringify(publicKeyCredential));
|
||||
document.getElementById('users-mfa-captive-form').submit();
|
||||
}, error => {
|
||||
// Example: timeout, interaction refused...
|
||||
handleError(error);
|
||||
});
|
||||
};
|
||||
const onValidateClick = event => {
|
||||
event.preventDefault();
|
||||
authData = JSON.parse(window.atob(Joomla.getOptions('com_users.authData')));
|
||||
document.getElementById('users-mfa-captive-button-submit').style.disabled = 'disabled';
|
||||
validate();
|
||||
return false;
|
||||
};
|
||||
document.getElementById('multifactorauth-webauthn-missing').style.display = 'none';
|
||||
if (typeof navigator.credentials === 'undefined') {
|
||||
document.getElementById('multifactorauth-webauthn-missing').style.display = 'block';
|
||||
document.getElementById('multifactorauth-webauthn-controls').style.display = 'none';
|
||||
}
|
||||
window.addEventListener('DOMContentLoaded', () => {
|
||||
if (Joomla.getOptions('com_users.pagetype') === 'validate') {
|
||||
document.getElementById('users-mfa-captive-button-submit').addEventListener('click', onValidateClick);
|
||||
} else {
|
||||
document.querySelectorAll('.multifactorauth_webauthn_setup').forEach(btn => {
|
||||
btn.addEventListener('click', setUp);
|
||||
});
|
||||
}
|
||||
});
|
||||
})(Joomla, document);
|
||||
1
media/plg_multifactorauth_webauthn/js/webauthn.min.js
vendored
Normal file
1
media/plg_multifactorauth_webauthn/js/webauthn.min.js
vendored
Normal file
@ -0,0 +1 @@
|
||||
((e,t)=>{let a=null;const n=e=>btoa(String.fromCharCode(...e)),r=e=>{let t=e.replace(/-/g,"+").replace(/_/g,"/");const a=t.length%4;if(a){if(1===a)throw new Error("InvalidLengthError: Input base64url string is the wrong length to determine padding");t+=new Array(5-a).join("=")}return t},i=t=>{try{e.renderMessages({error:t})}catch(e){alert(t)}},o=e=>{try{t.getElementById("plg_multifactorauth_webauthn_validate_button").style.disabled="null"}catch(e){}i(e)},s=a=>{if(a.preventDefault(),!("credentials"in navigator))return i(e.Text._("PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD")),!1;const s=t.forms["com-users-method-edit"].querySelectorAll('input[name="pkRequest"]')[0].value,l=JSON.parse(atob(s));return l.challenge=Uint8Array.from(window.atob(r(l.challenge)),(e=>e.charCodeAt(0))),l.user.id=Uint8Array.from(window.atob(l.user.id),(e=>e.charCodeAt(0))),l.excludeCredentials&&(l.excludeCredentials=l.excludeCredentials.map((e=>(e.id=Uint8Array.from(window.atob(r(e.id)),(e=>e.charCodeAt(0))),e)))),navigator.credentials.create({publicKey:l}).then((e=>{const a={id:e.id,type:e.type,rawId:n(new Uint8Array(e.rawId)),response:{clientDataJSON:n(new Uint8Array(e.response.clientDataJSON)),attestationObject:n(new Uint8Array(e.response.attestationObject))}};t.getElementById("com-users-method-code").value=btoa(JSON.stringify(a)),t.forms["com-users-method-edit"].submit()}),(e=>{o(e)})),!1},l=s=>(s.preventDefault(),a=JSON.parse(window.atob(e.getOptions("com_users.authData"))),t.getElementById("users-mfa-captive-button-submit").style.disabled="disabled",(()=>{if(!("credentials"in navigator))return void i(e.Text._("PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD"));const s=a;s.challenge?(s.challenge=Uint8Array.from(window.atob(r(s.challenge)),(e=>e.charCodeAt(0))),s.allowCredentials&&(s.allowCredentials=s.allowCredentials.map((e=>(e.id=Uint8Array.from(window.atob(r(e.id)),(e=>e.charCodeAt(0))),e)))),navigator.credentials.get({publicKey:s}).then((e=>{const a={id:e.id,type:e.type,rawId:n(new Uint8Array(e.rawId)),response:{authenticatorData:n(new Uint8Array(e.response.authenticatorData)),clientDataJSON:n(new Uint8Array(e.response.clientDataJSON)),signature:n(new Uint8Array(e.response.signature)),userHandle:e.response.userHandle?n(new Uint8Array(e.response.userHandle)):null}};t.getElementById("users-mfa-code").value=btoa(JSON.stringify(a)),t.getElementById("users-mfa-captive-form").submit()}),(e=>{o(e)}))):o(e.Text._("PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL"))})(),!1);t.getElementById("multifactorauth-webauthn-missing").style.display="none",void 0===navigator.credentials&&(t.getElementById("multifactorauth-webauthn-missing").style.display="block",t.getElementById("multifactorauth-webauthn-controls").style.display="none"),window.addEventListener("DOMContentLoaded",(()=>{"validate"===e.getOptions("com_users.pagetype")?t.getElementById("users-mfa-captive-button-submit").addEventListener("click",l):t.querySelectorAll(".multifactorauth_webauthn_setup").forEach((e=>{e.addEventListener("click",s)}))}))})(Joomla,document);
|
||||
BIN
media/plg_multifactorauth_webauthn/js/webauthn.min.js.gz
Normal file
BIN
media/plg_multifactorauth_webauthn/js/webauthn.min.js.gz
Normal file
Binary file not shown.
Reference in New Issue
Block a user