2020-11-02 13:36:10 +00:00
Ext.define('PBS.window.AddWebauthn', {
extend: 'Ext.window.Window',
alias: 'widget.pbsAddWebauthn',
mixins: ['Proxmox.Mixin.CBind'],
onlineHelp: 'user_mgmt',
modal: true,
resizable: false,
title: gettext('Add a Webauthn login token'),
width: 512,
user: undefined,
fixedUser: false,
initComponent: function() {
let me = this;
Ext.GlobalEvents.fireEvent('proxmoxShowHelp', me.onlineHelp);
viewModel: {
data: {
valid: false,
2021-01-21 14:06:15 +00:00
userid: null,
2021-01-18 09:12:21 +00:00
2020-11-02 13:36:10 +00:00
controller: {
xclass: 'Ext.app.ViewController',
control: {
'field': {
validitychange: function(field, valid) {
let me = this;
let viewmodel = me.getViewModel();
let form = me.lookup('webauthn_form');
viewmodel.set('valid', form.isValid());
'#': {
show: function() {
let me = this;
let view = me.getView();
if (Proxmox.UserName === 'root@pam') {
registerWebauthn: async function() {
let me = this;
let values = me.lookup('webauthn_form').getValues();
values.type = "webauthn";
let userid = values.user;
delete values.user;
2021-01-08 10:54:12 +00:00
me.getView().mask(gettext('Please wait...'), 'x-mask-loading');
2020-11-02 13:36:10 +00:00
try {
let register_response = await PBS.Async.api2({
url: `/api2/extjs/access/tfa/${userid}`,
method: 'POST',
params: values,
let data = register_response.result.data;
if (!data.challenge) {
throw "server did not respond with a challenge";
let challenge_obj = JSON.parse(data.challenge);
// Fix this up before passing it to the browser, but keep a copy of the original
// string to pass in the response:
let challenge_str = challenge_obj.publicKey.challenge;
challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
challenge_obj.publicKey.user.id =
2021-02-25 09:01:21 +00:00
// convert existing authenticators structure
challenge_obj.publicKey.excludeCredentials =
(challenge_obj.publicKey.excludeCredentials || []).map((cred) => ({
id: PBS.Utils.base64url_to_bytes(cred.id),
type: cred.type,
2020-11-02 13:36:10 +00:00
let msg = Ext.Msg.show({
title: `Webauthn: ${gettext('Setup')}`,
message: gettext('Please press the button on your Webauthn Device'),
buttons: [],
2021-02-25 09:01:21 +00:00
let token_response;
try {
token_response = await navigator.credentials.create(challenge_obj);
} catch (error) {
let errmsg = `<i class="fa fa-warning warning"></i>
${error.name}: ${error.message}`;
if (error.name === 'InvalidStateError') {
// probably a duplicate token
throw `${gettext('There was an error during authenticator registration.')}
${gettext('This probably means that this authenticator is already registered.')}
} else {
throw `${gettext('There was an error during token registration.')}
2020-11-02 13:36:10 +00:00
// We cannot pass ArrayBuffers to the API, so extract & convert the data.
let response = {
id: token_response.id,
type: token_response.type,
rawId: PBS.Utils.bytes_to_base64url(token_response.rawId),
response: {
attestationObject: PBS.Utils.bytes_to_base64url(
clientDataJSON: PBS.Utils.bytes_to_base64url(
let params = {
type: "webauthn",
challenge: challenge_str,
value: JSON.stringify(response),
if (values.password) {
params.password = values.password;
await PBS.Async.api2({
url: `/api2/extjs/access/tfa/${userid}`,
method: 'POST',
} catch (error) {
console.error(error); // for debugging if it's not displayable...
Ext.Msg.alert(gettext('Error'), error);
items: [
xtype: 'form',
reference: 'webauthn_form',
layout: 'anchor',
2021-01-13 11:06:54 +00:00
border: false,
2020-11-02 13:36:10 +00:00
bodyPadding: 10,
fieldDefaults: {
anchor: '100%',
items: [
xtype: 'pmxDisplayEditField',
name: 'user',
cbind: {
editable: (get) => !get('fixedUser'),
2021-01-21 14:06:15 +00:00
value: () => Proxmox.UserName,
2020-11-02 13:36:10 +00:00
fieldLabel: gettext('User'),
editConfig: {
xtype: 'pbsUserSelector',
allowBlank: false,
renderer: Ext.String.htmlEncode,
2021-01-18 09:12:21 +00:00
listeners: {
change: function(field, newValue, oldValue) {
let vm = this.up('window').getViewModel();
vm.set('userid', newValue);
2020-11-02 13:36:10 +00:00
xtype: 'textfield',
fieldLabel: gettext('Description'),
allowBlank: false,
name: 'description',
maxLength: 256,
2021-01-18 09:12:21 +00:00
emptyText: gettext('For example: TFA device ID, required to identify multiple factors.'),
2020-11-02 13:36:10 +00:00
xtype: 'textfield',
2021-01-21 14:09:22 +00:00
name: 'password',
reference: 'password',
2021-01-18 09:12:21 +00:00
fieldLabel: gettext('Verify Password'),
2021-01-21 14:09:22 +00:00
inputType: 'password',
2020-11-02 13:36:10 +00:00
minLength: 5,
allowBlank: false,
validateBlank: true,
2021-01-21 14:06:15 +00:00
cbind: {
hidden: () => Proxmox.UserName === 'root@pam',
disabled: () => Proxmox.UserName === 'root@pam',
2021-02-03 09:21:56 +00:00
emptyText: () =>
Ext.String.format(gettext("Confirm your ({0}) password"), Proxmox.UserName),
2021-01-18 09:12:21 +00:00
2020-11-02 13:36:10 +00:00
buttons: [
xtype: 'proxmoxHelpButton',
xtype: 'button',
text: gettext('Register Webauthn Device'),
handler: 'registerWebauthn',
bind: {
disabled: '{!valid}',