ui: window/Settings / WebAuthn: add browser setting for userVerificationo
some fido2/webauthn keys can have a pin, and the client can request a mode for the user verification. 'default' (no value set), lets the browser/device decide if the user has to enter the pin of the device 'discouraged' requests that the user should not need to enter the pin 'preferred' requests that the user should need to enter the pin (if possible) since we use webauthn only as a 2nd factor, having the user enter the device pin on login may seem too much hassle for some users, so give them the option since this is a client option anyway, do not save it in the backend, but in the browser local storage Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
parent
85eedfb78b
commit
aca4c2b5a9
|
@ -390,6 +390,11 @@ Ext.define('PBS.login.TfaWindow', {
|
||||||
// Byte array fixup, keep challenge string:
|
// Byte array fixup, keep challenge string:
|
||||||
challenge.string = challenge.publicKey.challenge;
|
challenge.string = challenge.publicKey.challenge;
|
||||||
challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string);
|
challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string);
|
||||||
|
let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
|
||||||
|
if (userVerification !== undefined) {
|
||||||
|
challenge.publicKey.userVerification = userVerification;
|
||||||
|
}
|
||||||
|
|
||||||
for (const cred of challenge.publicKey.allowCredentials) {
|
for (const cred of challenge.publicKey.allowCredentials) {
|
||||||
cred.id = PBS.Utils.base64url_to_bytes(cred.id);
|
cred.id = PBS.Utils.base64url_to_bytes(cred.id);
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,6 +79,13 @@ Ext.define('PBS.window.AddWebauthn', {
|
||||||
// string to pass in the response:
|
// string to pass in the response:
|
||||||
let challenge_str = challenge_obj.publicKey.challenge;
|
let challenge_str = challenge_obj.publicKey.challenge;
|
||||||
challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
|
challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str);
|
||||||
|
let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification');
|
||||||
|
if (userVerification !== undefined) {
|
||||||
|
challenge_obj.publicKey.authenticatorSelection = {
|
||||||
|
userVerification,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
challenge_obj.publicKey.user.id =
|
challenge_obj.publicKey.user.id =
|
||||||
PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id);
|
PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id);
|
||||||
|
|
||||||
|
|
|
@ -30,6 +30,9 @@ Ext.define('PBS.window.Settings', {
|
||||||
let username = sp.get('login-username') || Proxmox.Utils.noneText;
|
let username = sp.get('login-username') || Proxmox.Utils.noneText;
|
||||||
me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));
|
me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username));
|
||||||
|
|
||||||
|
let userverification= sp.get('webauthn-user-verification') || '__default__';
|
||||||
|
me.lookupReference('webauthnUserVerification').setValue(userverification);
|
||||||
|
|
||||||
let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight'];
|
let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight'];
|
||||||
settings.forEach(function(setting) {
|
settings.forEach(function(setting) {
|
||||||
let val = localStorage.getItem('pve-xterm-' + setting);
|
let val = localStorage.getItem('pve-xterm-' + setting);
|
||||||
|
@ -91,7 +94,7 @@ Ext.define('PBS.window.Settings', {
|
||||||
},
|
},
|
||||||
'button[name=reset]': {
|
'button[name=reset]': {
|
||||||
click: function() {
|
click: function() {
|
||||||
let blacklist = ['login-username'];
|
let blacklist = ['login-username', 'webauthn-user-verification'];
|
||||||
let sp = Ext.state.Manager.getProvider();
|
let sp = Ext.state.Manager.getProvider();
|
||||||
for (const state of Object.values(sp.state)) {
|
for (const state of Object.values(sp.state)) {
|
||||||
if (blacklist.indexOf(state) !== -1) {
|
if (blacklist.indexOf(state) !== -1) {
|
||||||
|
@ -114,6 +117,14 @@ Ext.define('PBS.window.Settings', {
|
||||||
sp.clear('login-username');
|
sp.clear('login-username');
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'field[reference=webauthnUserVerification]': {
|
||||||
|
change: function(e, v) {
|
||||||
|
if (v === '__default__') {
|
||||||
|
v = undefined;
|
||||||
|
}
|
||||||
|
Ext.state.Manager.getProvider().set('webauthn-user-verification', v);
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -174,6 +185,23 @@ Ext.define('PBS.window.Settings', {
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
xtype: 'box',
|
||||||
|
autoEl: { tag: 'hr' },
|
||||||
|
},
|
||||||
|
{
|
||||||
|
xtype: 'proxmoxKVComboBox',
|
||||||
|
fieldLabel: gettext('WebAuthn User Verification') + ':',
|
||||||
|
labelWidth: 150,
|
||||||
|
stateId: 'webauthn-user-verification',
|
||||||
|
reference: 'webauthnUserVerification',
|
||||||
|
value: '__default__',
|
||||||
|
comboItems: [
|
||||||
|
['__default__', Proxmox.Utils.defaultText],
|
||||||
|
['discouraged', gettext('Discouraged')],
|
||||||
|
['preferred', gettext('Preferred')],
|
||||||
|
],
|
||||||
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue