habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stages/authenticator_webauthn: make more WebAuthn options configurable

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2022-01-12 22:57:49 +01:00
parent 4d7d700afa
commit e758db5727
10 changed files with 329 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
web/src/locales/en.po
View File

@ -62,6 +62,10 @@ msgstr "6 digits, widely compatible"
msgid "8 digits, not compatible with apps like Google Authenticator"
msgstr "8 digits, not compatible with apps like Google Authenticator"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A \"roaming\" authenticator, like a YubiKey"
msgstr "A \"roaming\" authenticator, like a YubiKey"
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "A code has been sent to you via SMS."
msgstr "A code has been sent to you via SMS."
@ -70,6 +74,10 @@ msgstr "A code has been sent to you via SMS."
msgid "A newer version of the frontend is available."
msgstr "A newer version of the frontend is available."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A non-removable authenticator, like TouchID or Windows Hello"
msgstr "A non-removable authenticator, like TouchID or Windows Hello"
#: src/pages/policies/dummy/DummyPolicyForm.ts
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
msgstr "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
@ -488,6 +496,10 @@ msgstr "Authentication flow"
msgid "Authenticator"
msgstr "Authenticator"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Authenticator Attachment"
msgstr "Authenticator Attachment"
#: src/pages/flows/utils.ts
msgid "Authorization"
msgstr "Authorization"
@ -3147,6 +3159,10 @@ msgstr "No objects found."
msgid "No policies are currently bound to this object."
msgstr "No policies are currently bound to this object."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "No preference is sent"
msgstr "No preference is sent"
#: src/pages/users/UserListPage.ts
msgid "No recovery flow is configured."
msgstr "No recovery flow is configured."
@ -3940,6 +3956,10 @@ msgstr "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
msgid "Reset Password"
msgstr "Reset Password"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Resident key requirement"
msgstr "Resident key requirement"
#: src/interfaces/AdminInterface.ts
#~ msgid "Resources"
#~ msgstr "Resources"
@ -5045,6 +5065,18 @@ msgstr "The Host IP of the docker host"
msgid "The URL \"{0}\" was not found."
msgstr "The URL \"{0}\" was not found."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
msgstr "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
msgstr "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator should not create a dedicated credential"
msgstr "The authenticator should not create a dedicated credential"
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll access the application at. Include any non-standard port."

32
web/src/locales/fr_FR.po
View File

@ -68,6 +68,10 @@ msgstr "6 chiffres, compatibilité large"
msgid "8 digits, not compatible with apps like Google Authenticator"
msgstr "8 chiffres, incompatible avec certaines applications telles que Google Authenticator"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A \"roaming\" authenticator, like a YubiKey"
msgstr ""
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "A code has been sent to you via SMS."
msgstr ""
@ -76,6 +80,10 @@ msgstr ""
msgid "A newer version of the frontend is available."
msgstr "Une nouvelle version de l'interface est disponible."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A non-removable authenticator, like TouchID or Windows Hello"
msgstr ""
#: src/pages/policies/dummy/DummyPolicyForm.ts
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
msgstr "Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire."
@ -493,6 +501,10 @@ msgstr "Flux d'authentification"
msgid "Authenticator"
msgstr "Authentificateur"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Authenticator Attachment"
msgstr ""
#: src/pages/flows/utils.ts
msgid "Authorization"
msgstr "Authorisation"
@ -3126,6 +3138,10 @@ msgstr "Aucun objet trouvé."
msgid "No policies are currently bound to this object."
msgstr "Aucune politique n'est actuellement lié à cet objet."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "No preference is sent"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "No recovery flow is configured."
msgstr "Aucun flux de récupération n'est configuré."
@ -3912,6 +3928,10 @@ msgstr "Obligatoire. 150 caractères ou moins. Lettres, chiffres et @/./+/-/_ un
msgid "Reset Password"
msgstr "Réinitialiser le mot de passe"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Resident key requirement"
msgstr ""
#: src/interfaces/AdminInterface.ts
#~ msgid "Resources"
#~ msgstr "Ressources"
@ -5000,6 +5020,18 @@ msgstr ""
msgid "The URL \"{0}\" was not found."
msgstr "L'URL \"{0}\" est introuvable."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator should not create a dedicated credential"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll access the application at. Include any non-standard port."

32
web/src/locales/pseudo-LOCALE.po
View File

@ -62,6 +62,10 @@ msgstr ""
msgid "8 digits, not compatible with apps like Google Authenticator"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A \"roaming\" authenticator, like a YubiKey"
msgstr ""
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "A code has been sent to you via SMS."
msgstr ""
@ -70,6 +74,10 @@ msgstr ""
msgid "A newer version of the frontend is available."
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A non-removable authenticator, like TouchID or Windows Hello"
msgstr ""
#: src/pages/policies/dummy/DummyPolicyForm.ts
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
msgstr ""
@ -484,6 +492,10 @@ msgstr ""
msgid "Authenticator"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Authenticator Attachment"
msgstr ""
#: src/pages/flows/utils.ts
msgid "Authorization"
msgstr ""
@ -3137,6 +3149,10 @@ msgstr ""
msgid "No policies are currently bound to this object."
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "No preference is sent"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "No recovery flow is configured."
msgstr ""
@ -3930,6 +3946,10 @@ msgstr ""
msgid "Reset Password"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Resident key requirement"
msgstr ""
#: src/interfaces/AdminInterface.ts
#~ msgid "Resources"
#~ msgstr ""
@ -5035,6 +5055,18 @@ msgstr ""
msgid "The URL \"{0}\" was not found."
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator should not create a dedicated credential"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll access the application at. Include any non-standard port."

32
web/src/locales/tr.po
View File

@ -65,6 +65,10 @@ msgstr "6 basamaklı, yaygın olarak uyumlu"
msgid "8 digits, not compatible with apps like Google Authenticator"
msgstr "Google Authenticator gibi uygulamalarla uyumlu olmayan 8 haneli"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A \"roaming\" authenticator, like a YubiKey"
msgstr ""
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
msgid "A code has been sent to you via SMS."
msgstr "SMS ile size bir kod gönderildi."
@ -73,6 +77,10 @@ msgstr "SMS ile size bir kod gönderildi."
msgid "A newer version of the frontend is available."
msgstr "Ön yüzün daha yeni bir sürümü mevcuttur."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "A non-removable authenticator, like TouchID or Windows Hello"
msgstr ""
#: src/pages/policies/dummy/DummyPolicyForm.ts
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
msgstr "Test için kullanılan bir ilke. Her zaman rastgele bir süre bekledikten sonra aşağıda belirtilen sonucu döndürür."
@ -487,6 +495,10 @@ msgstr "Kimlik doğrulama akışı"
msgid "Authenticator"
msgstr "Kimlik Doğrulayıcı"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Authenticator Attachment"
msgstr ""
#: src/pages/flows/utils.ts
msgid "Authorization"
msgstr "Yetkilendirme"
@ -3096,6 +3108,10 @@ msgstr "Nesne bulunamadı."
msgid "No policies are currently bound to this object."
msgstr "Hiçbir ilke şu anda bu nesneye bağlı değildir."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "No preference is sent"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "No recovery flow is configured."
msgstr "Kurtarma akışı yapılandırılmamış."
@ -3867,6 +3883,10 @@ msgstr "Gerekli. 150 karakter veya daha az. Harfler, rakamlar ve yalnızca @/./+
msgid "Reset Password"
msgstr "Parolayı Sıfırla"
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "Resident key requirement"
msgstr ""
#~ msgid "Resources"
#~ msgstr "Kaynaklar"
@ -4938,6 +4958,18 @@ msgstr "Docker ana bilgisayarının Ana Bilgisayar IP'si"
msgid "The URL \"{0}\" was not found."
msgstr "“{0}” URL'si bulunamadı."
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
msgstr ""
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
msgid "The authenticator should not create a dedicated credential"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll access the application at. Include any non-standard port."

64
web/src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
View File

@ -9,8 +9,10 @@ import { until } from "lit/directives/until.js";
import {
AuthenticateWebAuthnStage,
AuthenticatorAttachmentEnum,
FlowsApi,
FlowsInstancesListDesignationEnum,
ResidentKeyRequirementEnum,
StagesApi,
} from "@goauthentik/api";
@ -35,6 +37,9 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
}
send = (data: AuthenticateWebAuthnStage): Promise<AuthenticateWebAuthnStage> => {
if (data.authenticatorAttachment?.toString() === "") {
data.authenticatorAttachment = null;
}
if (this.instance) {
return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnUpdate({
stageUuid: this.instance.pk || "",
@ -68,7 +73,7 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
?required=${true}
name="userVerification"
>
<select name="users" class="pf-c-form-control">
<select class="pf-c-form-control">
<option
value="${UserVerificationEnum.Required}"
?selected=${this.instance?.userVerification ===
@ -92,6 +97,63 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
</option>
</select>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Resident key requirement`}
?required=${true}
name="residentKeyRequirement"
>
<select class="pf-c-form-control">
<option
value="${ResidentKeyRequirementEnum.Discouraged}"
?selected=${this.instance?.residentKeyRequirement ===
ResidentKeyRequirementEnum.Discouraged}
>
${t`The authenticator should not create a dedicated credential`}
</option>
<option
value="${ResidentKeyRequirementEnum.Preferred}"
?selected=${this.instance?.residentKeyRequirement ===
ResidentKeyRequirementEnum.Preferred}
>
${t`The authenticator can create and store a dedicated credential, but if it doesn't that's alright too`}
</option>
<option
value="${ResidentKeyRequirementEnum.Required}"
?selected=${this.instance?.residentKeyRequirement ===
ResidentKeyRequirementEnum.Required}
>
${t`The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur`}
</option>
</select>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${t`Authenticator Attachment`}
?required=${true}
name="authenticatorAttachment"
>
<select class="pf-c-form-control">
<option
value=""
?selected=${this.instance?.authenticatorAttachment === null}
>
${t`No preference is sent`}
</option>
<option
value="${AuthenticatorAttachmentEnum.Platform}"
?selected=${this.instance?.authenticatorAttachment ===
AuthenticatorAttachmentEnum.Platform}
>
${t`A non-removable authenticator, like TouchID or Windows Hello`}
</option>
<option
value="${AuthenticatorAttachmentEnum.CrossPlatform}"
?selected=${this.instance?.authenticatorAttachment ===
AuthenticatorAttachmentEnum.CrossPlatform}
>
${t`A "roaming" authenticator, like a YubiKey`}
</option>
</select>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Configuration flow`} name="configureFlow">
<select class="pf-c-form-control">
<option