Started work on adding FIDO2 support.

2025-03-09 15:40:18 +00:00 · 2019-03-22 22:33:53 -07:00 · 2019-03-22 22:33:53 -07:00 · 06f2911ddc
commit 06f2911ddc
parent 7687c62100
7 changed files with 140 additions and 9 deletions
--- a/views/login.handlebars
+++ b/views/login.handlebars
@ -372,7 +372,37 @@

            if ('{{loginmode}}' == '4') {
                try { if (hardwareKeyChallenge.length > 0) { hardwareKeyChallenge = JSON.parse(hardwareKeyChallenge); } else { hardwareKeyChallenge = null; } } catch (ex) { hardwareKeyChallenge = null }
-                if ((hardwareKeyChallenge != null) && u2fSupported()) {
+                if ((hardwareKeyChallenge != null) && (hardwareKeyChallenge.type == 'webAuthn')) {
+                    hardwareKeyChallenge.challenge = Uint8Array.from(atob(hardwareKeyChallenge.challenge), c => c.charCodeAt(0)).buffer;
+
+                    const publicKeyCredentialRequestOptions = { challenge: hardwareKeyChallenge.challenge, allowCredentials: [], timeout: hardwareKeyChallenge.timeout }
+                    for (var i = 0; i < hardwareKeyChallenge.keyIds.length; i++) {
+                        publicKeyCredentialRequestOptions.allowCredentials.push(
+                            { id: Uint8Array.from(atob(hardwareKeyChallenge.keyIds[i]), c => c.charCodeAt(0)), type: 'public-key', transports: ['usb', 'ble', 'nfc'], }
+                        );
+                    }
+
+                    // New WebAuthn hardware keys
+                    navigator.credentials.get({ publicKey: publicKeyCredentialRequestOptions }).then(
+                        function (rawAssertion) {
+                            console.log(rawAssertion);
+                            /*
+                            var assertion = {
+                                id: base64encode(rawAssertion.rawId),
+                                clientDataJSON: arrayBufferToString(rawAssertion.response.clientDataJSON),
+                                userHandle: base64encode(rawAssertion.response.userHandle),
+                                signature: base64encode(rawAssertion.response.signature),
+                                authenticatorData: base64encode(rawAssertion.response.authenticatorData)
+                            };
+                            console.log(assertion);
+                            */
+                        },
+                        function (error) {
+                            console.log('credentials-get error', error);
+                        }
+                    );
+                } else if ((hardwareKeyChallenge != null) && u2fSupported()) {
+                    // Old U2F hardware keys
                    window.u2f.sign(hardwareKeyChallenge.appId, hardwareKeyChallenge.challenge, hardwareKeyChallenge.registeredKeys, function (authResponse) {
                        if ((currentpanel == 4) && authResponse.signatureData) {
                            Q('hwtokenInput').value = JSON.stringify(authResponse);