web/flows: improve WebAuthn error messages (#6957)

* web/flows: improve WebAuthn error messages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include localhost Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-25 12:43:24 +02:00
parent 07ca318535
commit 80e86c52e7
14 changed files with 250 additions and 24 deletions
--- a/web/src/common/helpers/webauthn.ts
+++ b/web/src/common/helpers/webauthn.ts
@ -1,5 +1,7 @@
 import * as base64js from "base64-js";

+import { msg } from "@lit/localize";
+
 export function b64enc(buf: Uint8Array): string {
    return base64js.fromByteArray(buf).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
@ -14,6 +16,16 @@ export function u8arr(input: string): Uint8Array {
    );
 }

+export function checkWebAuthnSupport() {
+    if ("credentials" in navigator) {
+        return;
+    }
+    if (window.location.protocol === "http:" && window.location.hostname !== "localhost") {
+        throw new Error(msg("WebAuthn requires this page to be accessed via HTTPS."));
+    }
+    throw new Error(msg("WebAuthn not supported by browser."));
+}
+
 /**
 * Transforms items in the credentialCreateOptions generated on the server
 * into byte arrays expected by the navigator.credentials.create() call
--- a/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
+++ b/web/src/flow/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
@ -1,4 +1,5 @@
 import {
+    checkWebAuthnSupport,
    transformAssertionForServer,
    transformCredentialRequestOptions,
 } from "@goauthentik/common/helpers/webauthn";
@ -57,6 +58,7 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
        // request the authenticator to create an assertion signature using the
        // credential private key
        let assertion;
+        checkWebAuthnSupport();
        try {
            assertion = await navigator.credentials.get({
                publicKey: this.transformedCredentialRequestOptions,
--- a/web/src/flow/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts
+++ b/web/src/flow/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts
@ -1,5 +1,6 @@
 import {
    Assertion,
+    checkWebAuthnSupport,
    transformCredentialCreateOptions,
    transformNewAssertionForServer,
 } from "@goauthentik/common/helpers/webauthn";
@ -47,6 +48,7 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
        if (!this.challenge) {
            return;
        }
+        checkWebAuthnSupport();
        // request the authenticator(s) to create a new credential keypair.
        let credential;
        try {