From b0a7da353d4ef298e5216ed75148da66b2d6b411 Mon Sep 17 00:00:00 2001 From: Madhumita Subramaniam Date: Fri, 20 Dec 2024 18:16:44 +0530 Subject: [PATCH] =?UTF-8?q?fix(jans-casa):=20enrollment=20of=20a=20passkey?= =?UTF-8?q?=20implies=20the=20enrollment=E2=80=A6=20(#10473)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix(jans-casa): #10470 Enrollment of a passkey implies the enrollment of all three types of authenticator - client-device, hybrid, security-key Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> --- .../io/jans/casa/core/PersistenceService.java | 5 +- .../core/model/Fido2RegistrationData.java | 160 +++++++++++---- .../core/model/Fido2RegistrationEntry.java | 118 ++++++------ .../io/jans/casa/core/pojo/FidoDevice.java | 22 ++- ...2Extension.java => PasskeysExtension.java} | 4 +- ...ollingWS.java => PasskeysEnrollingWS.java} | 9 +- .../authnmethod/service/Fido2Service.java | 74 ++++--- ...2ViewModel.java => PasskeysViewModel.java} | 182 ++++-------------- .../src/main/resources/labels/user.properties | 18 +- .../app/src/main/webapp/user/fido2-detail.zul | 58 +----- 10 files changed, 306 insertions(+), 344 deletions(-) rename jans-casa/app/src/main/java/io/jans/casa/plugins/authnmethod/{SecurityKey2Extension.java => PasskeysExtension.java} (95%) rename jans-casa/app/src/main/java/io/jans/casa/plugins/authnmethod/rs/{SecurityKey2EnrollingWS.java => PasskeysEnrollingWS.java} (94%) rename jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/{SecurityKey2ViewModel.java => PasskeysViewModel.java} (59%) diff --git a/jans-casa/app/src/main/java/io/jans/casa/core/PersistenceService.java b/jans-casa/app/src/main/java/io/jans/casa/core/PersistenceService.java index 35efed6c1bb..5ec61869f0a 100644 --- a/jans-casa/app/src/main/java/io/jans/casa/core/PersistenceService.java +++ b/jans-casa/app/src/main/java/io/jans/casa/core/PersistenceService.java @@ -101,13 +101,16 @@ public List find(Class clazz, String baseDn, Filter filter, int start, } public List find(Class clazz, String baseDn, Filter filter) { - + logger.debug(baseDn); + logger.debug(clazz.toString()); + logger.debug(filter.toString()); try { return entryManager.findEntries(baseDn, clazz, filter); } catch (Exception e) { //logger.error(e.getMessage(), e); //TODO: uncomment the above once https://github.com/GluuFederation/oxCore/issues/160 is solved logger.error(e.getMessage()); + e.printStackTrace(); return Collections.emptyList(); } diff --git a/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationData.java b/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationData.java index 0c3d166a642..cff73853c5e 100644 --- a/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationData.java +++ b/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationData.java @@ -4,28 +4,39 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @JsonIgnoreProperties(ignoreUnknown = true) + public class Fido2RegistrationData { + private static final long serialVersionUID = 4599467930864459334L; + private String username; - private String domain; + private String origin; private String userId; private String challenge; - - private String attenstationRequest; - private String attenstationResponse; - + private String attestationRequest; + private String attestationResponse; private String uncompressedECPoint; private String publicKeyId; - private String type; - + private String status; private int counter; - private String attestationType; - private int signatureAlgorithm; - - private String applicationId; + private String rpId; + // Credential backup eligibility and current backup state is conveyed by the + // backupStateFlag and backupEligibilityFlag flags in the authenticator data. + // See https://w3c.github.io/webauthn/#sctn-authenticator-data + private boolean backupStateFlag; + private boolean backupEligibilityFlag; + private boolean attestedCredentialDataFlag; + private boolean extensionDataFlag; + private boolean userVerifiedFlag; + private boolean userPresentFlag; + + private String authentictatorAttachment; + + private String credId; + private String transports[]; public String getUsername() { return username; @@ -35,14 +46,6 @@ public void setUsername(String username) { this.username = username; } - public String getDomain() { - return domain; - } - - public void setDomain(String domain) { - this.domain = domain; - } - public String getUserId() { return userId; } @@ -59,20 +62,20 @@ public void setChallenge(String challenge) { this.challenge = challenge; } - public String getAttenstationRequest() { - return attenstationRequest; + public String getAttestationRequest() { + return attestationRequest; } - public void setAttenstationRequest(String attenstationRequest) { - this.attenstationRequest = attenstationRequest; + public void setAttestationRequest(String attestationRequest) { + this.attestationRequest = attestationRequest; } - public String getAttenstationResponse() { - return attenstationResponse; + public String getAttestationResponse() { + return attestationResponse; } - public void setAttenstationResponse(String attenstationResponse) { - this.attenstationResponse = attenstationResponse; + public void setAttestationResponse(String attestationResponse) { + this.attestationResponse = attestationResponse; } public String getUncompressedECPoint() { @@ -99,6 +102,14 @@ public void setType(String type) { this.type = type; } + public String getStatus() { + return status; + } + + public void setStatus(String status) { + this.status = status; + } + public int getCounter() { return counter; } @@ -123,21 +134,92 @@ public void setSignatureAlgorithm(int signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; } - public String getApplicationId() { - return applicationId; + public boolean getBackupStateFlag() { + return this.backupStateFlag; + } + + public void setBackupStateFlag(boolean backupStateFlag) { + this.backupStateFlag = backupStateFlag; + } + + public boolean getBackupEligibilityFlag() { + return this.backupEligibilityFlag; + } + + public void setBackupEligibilityFlag(boolean backupEligibilityFlag) { + this.backupEligibilityFlag = backupEligibilityFlag; + } + + public String getOrigin() { + return origin; + } + + public void setOrigin(String origin) { + this.origin = origin; + } + + public String getRpId() { + return rpId; + } + + public void setRpId(String rpId) { + this.rpId = rpId; + } + + public boolean isAttestedCredentialDataFlag() { + return attestedCredentialDataFlag; + } + + public void setAttestedCredentialDataFlag(boolean attestedCredentialDataFlag) { + this.attestedCredentialDataFlag = attestedCredentialDataFlag; + } + + public boolean isExtensionDataFlag() { + return extensionDataFlag; + } + + public void setExtensionDataFlag(boolean extensionDataFlag) { + this.extensionDataFlag = extensionDataFlag; + } + + public boolean isUserVerifiedFlag() { + return userVerifiedFlag; + } + + public void setUserVerifiedFlag(boolean userVerifiedFlag) { + this.userVerifiedFlag = userVerifiedFlag; + } + + public boolean isUserPresentFlag() { + return userPresentFlag; + } + + public void setUserPresentFlag(boolean userPresentFlag) { + this.userPresentFlag = userPresentFlag; + } + + public String getAuthentictatorAttachment() { + return authentictatorAttachment; } - public void setApplicationId(String applicationId) { - this.applicationId = applicationId; + public void setAuthentictatorAttachment(String authentictatorAttachment) { + this.authentictatorAttachment = authentictatorAttachment; } - @Override - public String toString() { - return "Fido2RegistrationData [username=" + username + ", domain=" + domain + ", userId=" + userId - + ", challenge=" + challenge + ", attenstationRequest=" + attenstationRequest - + ", attenstationResponse=" + attenstationResponse + ", uncompressedECPoint=" + uncompressedECPoint - + ", publicKeyId=" + publicKeyId + ", type=" + type + ", counter=" + counter - + ", attestationType=" + attestationType + ", signatureAlgorithm=" + signatureAlgorithm - + ", applicationId=" + applicationId + "]"; + public String getCredId() { + return credId; } + + public void setCredId(String credId) { + this.credId = credId; + } + + public String[] getTransports() { + return transports; + } + + public void setTransports(String[] transports) { + this.transports = transports; + } + } diff --git a/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationEntry.java b/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationEntry.java index b7a70316869..3b324c6bebd 100644 --- a/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationEntry.java +++ b/jans-casa/app/src/main/java/io/jans/casa/core/model/Fido2RegistrationEntry.java @@ -1,79 +1,77 @@ package io.jans.casa.core.model; + +import java.util.Date; + import io.jans.as.model.fido.u2f.protocol.DeviceData; import io.jans.orm.annotation.AttributeName; import io.jans.orm.annotation.DataEntry; -import io.jans.orm.annotation.ObjectClass; import io.jans.orm.annotation.JsonObject; +import io.jans.orm.annotation.ObjectClass; import io.jans.orm.model.base.Entry; -import java.util.Date; - //Using Fido2RegistrationEntry directly from fido2-model artifact does not work well! @DataEntry @ObjectClass(value = "jansFido2RegistrationEntry") public class Fido2RegistrationEntry extends Entry { - @AttributeName - private String displayName; + @AttributeName + private String displayName; - @AttributeName - private Date creationDate; + @AttributeName + private Date creationDate; - @AttributeName(name = "jansId") - private String id; - - @AttributeName(name = "jansApp") - private String application; + @AttributeName(name = "jansId") + private String id; - @JsonObject - @AttributeName(name = "jansRegistrationData" , ignoreDuringUpdate = true) - private Fido2RegistrationData registrationData; - - @AttributeName(name = "jansCounter", ignoreDuringUpdate = true) + @AttributeName(name = "jansApp") + private String application; + + @JsonObject + @AttributeName(name = "jansRegistrationData", ignoreDuringUpdate = true) + private Fido2RegistrationData registrationData; + + @AttributeName(name = "jansCounter", ignoreDuringUpdate = true) private int counter; - @JsonObject - @AttributeName(name = "jansDeviceData", ignoreDuringUpdate = true) - private DeviceData deviceData; - - - @JsonObject - @AttributeName(name = "jansStatus" , ignoreDuringUpdate = true) - private String registrationStatus; - - - - public String getDisplayName() { - return displayName; - } - - public void setDisplayName(String displayName) { - this.displayName = displayName; - } - - public Date getCreationDate() { - return creationDate; - } - - public void setCreationDate(Date creationDate) { - this.creationDate = creationDate; - } - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - public Fido2RegistrationData getRegistrationData() { - return registrationData; - } - - public void setRegistrationData(Fido2RegistrationData registrationData) { - this.registrationData = registrationData; - } + @JsonObject + @AttributeName(name = "jansDeviceData", ignoreDuringUpdate = true) + private DeviceData deviceData; + + @JsonObject + @AttributeName(name = "jansStatus", ignoreDuringUpdate = true) + private String registrationStatus; + + public String getDisplayName() { + return displayName; + } + + public void setDisplayName(String displayName) { + this.displayName = displayName; + } + + public Date getCreationDate() { + return creationDate; + } + + public void setCreationDate(Date creationDate) { + this.creationDate = creationDate; + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public Fido2RegistrationData getRegistrationData() { + return registrationData; + } + + public void setRegistrationData(Fido2RegistrationData registrationData) { + this.registrationData = registrationData; + } public int getCounter() { return counter; @@ -107,6 +105,4 @@ public void setApplication(String application) { this.application = application; } - - } diff --git a/jans-casa/app/src/main/java/io/jans/casa/core/pojo/FidoDevice.java b/jans-casa/app/src/main/java/io/jans/casa/core/pojo/FidoDevice.java index 067991ead85..c1365ed9d61 100644 --- a/jans-casa/app/src/main/java/io/jans/casa/core/pojo/FidoDevice.java +++ b/jans-casa/app/src/main/java/io/jans/casa/core/pojo/FidoDevice.java @@ -13,7 +13,7 @@ public class FidoDevice extends RegisteredCredential implements Comparable getDevices(String userId, String appId, boolean active) Filter.createEqualityFilter("jansStatus", state), Filter.createEqualityFilter("personInum", userId), Filter.createEqualityFilter("jansApp", appId)); - + logger.trace("Filter:"+filter); List devices = new ArrayList<>(); try { List list = persistenceService.find(Fido2RegistrationEntry.class, String.format("ou=%s,%s", FIDO2_OU, persistenceService.getPersonDn(userId)), filter); + logger.trace(list.toString()+list.size()); for (Fido2RegistrationEntry entry : list) { FidoDevice device = null; - if (Optional.ofNullable(entry.getRegistrationData().getAttenstationRequest()) - .map(ar -> ar.contains("platform")).orElse(false)) { - device = new PlatformAuthenticator(); - - } else { - device = new SecurityKey(); - - } + Set transports = new HashSet<>(Arrays.asList(entry.getRegistrationData().getTransports())); + + // internal implies platform auth + if (transports.contains(Transports.INTERNAL.getValue()) && transports.size() == 1) { + device = new PlatformAuthenticator(); + } + // internal and hybrid implies multidev + else if (transports.contains(Transports.HYBRID.getValue())) { + device = new MultideviceAuthenticator(); + } else if (transports.contains(Transports.USB.getValue()) + || transports.contains(Transports.NFC.getValue()) + || transports.contains(Transports.BLE.getValue())) { + device = new SecurityKey(); + } else { + logger.trace("Transports was not set, ideally flow should never reach here"); + } device.setId(entry.getId()); device.setCreationDate(entry.getCreationDate()); device.setNickName(entry.getDisplayName()); @@ -176,11 +190,10 @@ private Fido2RegistrationEntry getDeviceRegistrationFor(FidoDevice device) { } - public String doRegister(String userName, String displayName, boolean platformAuthenticator) throws Exception { + public String doRegister(String userName, String displayName) throws Exception { AttestationOptions attestationOptions = new AttestationOptions(); attestationOptions.setUsername(userName); attestationOptions.setDisplayName(displayName); - attestationOptions.setAttestation(AttestationConveyancePreference.direct); try (Response response = attestationService.register(attestationOptions)) { String content = response.readEntity(String.class); @@ -200,6 +213,7 @@ public boolean verifyRegistration(String tokenResponse) throws Exception { JsonNode jsonObj=mapper.readTree(tokenResponse); try (Response response = attestationService.verify(mapper.convertValue(jsonObj, io.jans.fido2.model.attestation.AttestationResult.class))) { int status = response.getStatus(); + logger.debug("Status of attestation: "+status); boolean verified = status == Response.Status.OK.getStatusCode(); if (!verified) { @@ -212,7 +226,7 @@ public boolean verifyRegistration(String tokenResponse) throws Exception { } - public FidoDevice getLatestSecurityKey(String userId, long time) { + public FidoDevice getLatestPasskey(String userId, long time) { FidoDevice sk = null; try { diff --git a/jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/SecurityKey2ViewModel.java b/jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/PasskeysViewModel.java similarity index 59% rename from jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/SecurityKey2ViewModel.java rename to jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/PasskeysViewModel.java index c5fa912be33..9764f5d48cc 100644 --- a/jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/SecurityKey2ViewModel.java +++ b/jans-casa/app/src/main/java/io/jans/casa/ui/vm/user/PasskeysViewModel.java @@ -7,7 +7,7 @@ import io.jans.casa.core.pojo.PlatformAuthenticator; import io.jans.casa.core.pojo.SecurityKey; import io.jans.casa.misc.Utils; -import io.jans.casa.plugins.authnmethod.SecurityKey2Extension; +import io.jans.casa.plugins.authnmethod.PasskeysExtension; import io.jans.casa.plugins.authnmethod.service.Fido2Service; import io.jans.casa.ui.UIUtils; @@ -37,43 +37,26 @@ /** * This is the ViewModel of page fido2-detail.zul. It controls the CRUD of - * security keys + * passkeys */ -public class SecurityKey2ViewModel extends UserViewModel { +public class PasskeysViewModel extends UserViewModel { private static final int REGISTRATION_TIMEOUT = 8000; - private Logger logger = LoggerFactory.getLogger(getClass()); + private Logger logger = LoggerFactory.getLogger(getClass()); @WireVariable private Fido2Service fido2Service; private FidoDevice newDevice; - private FidoDevice newTouchId; + private List devices; private String editingId; private boolean uiAwaiting; private boolean uiEnrolled; - - private String editingIdPlatformAuthenticator; - private boolean uiAwaitingPlatformAuthenticator; - private boolean uiEnrolledPlatformAuthenticator; - - private boolean platformAuthenticator; - - private boolean showUIPlatformAuthenticator; - private ObjectMapper mapper; - public boolean isShowUIPlatformAuthenticator() { - return showUIPlatformAuthenticator; - } - - public void setShowUIPlatformAuthenticator(boolean showUIPlatformAuthenticator) { - this.showUIPlatformAuthenticator = showUIPlatformAuthenticator; - } - public FidoDevice getNewDevice() { return newDevice; } @@ -82,26 +65,10 @@ public List getDevices() { return devices; } - public boolean getPlatformAuthenticator() { - return platformAuthenticator; - } - - public void setPlatformAuthenticator(boolean platformAuthenticator) { - this.platformAuthenticator = platformAuthenticator; - } - public String getEditingId() { return editingId; } - public FidoDevice getNewTouchId() { - return newTouchId; - } - - public void setNewTouchId(FidoDevice newTouchId) { - this.newTouchId = newTouchId; - } - public void setNewDevice(FidoDevice newDevice) { this.newDevice = newDevice; } @@ -114,24 +81,11 @@ public boolean isUiEnrolled() { return uiEnrolled; } - public String getEditingIdPlatformAuthenticator() { - return editingIdPlatformAuthenticator; - } - - public boolean isUiAwaitingPlatformAuthenticator() { - return uiAwaitingPlatformAuthenticator; - } - - public boolean isUiEnrolledPlatformAuthenticator() { - return uiEnrolledPlatformAuthenticator; - } - @Init(superclass = true) public void childInit() throws Exception { logger.debug("childInit"); mapper = new ObjectMapper(); - newDevice = new SecurityKey(); - newTouchId = new PlatformAuthenticator(); + newDevice = new FidoDevice(); devices = fido2Service.getDevices(user.getId(), fido2Service.appId(), true); } @@ -140,33 +94,20 @@ public void childInit() throws Exception { public void afterCompose(@ContextParam(ContextType.VIEW) Component view) { logger.debug("afterCompose"); Selectors.wireEventListeners(view, this); - } - public void triggerAttestationRequestPlatformAuthenticator() { - platformAuthenticator = true; - triggerAttestationRequest(); - } - public void triggerAttestationRequest() { - logger.debug("triggerAttestationRequest : "+platformAuthenticator); try { - if (platformAuthenticator) { - uiAwaitingPlatformAuthenticator = true; - BindUtils.postNotifyChange(this, "uiAwaitingPlatforAuthenticator"); - } else { - uiAwaiting = true; - BindUtils.postNotifyChange(this, "uiAwaiting"); - } + uiAwaiting = true; + BindUtils.postNotifyChange(this, "uiAwaiting"); String uid = user.getUserName(); - String jsonRequest = fido2Service.doRegister(uid, Optional.ofNullable(user.getGivenName()).orElse(uid), - platformAuthenticator); + String jsonRequest = fido2Service.doRegister(uid, Optional.ofNullable(user.getGivenName()).orElse(uid)); logger.debug("JSONrequest - " + jsonRequest); // Notify browser to exec proper function UIUtils.showMessageUI(Clients.NOTIFICATION_TYPE_INFO, Labels.getLabel("usr.fido2_touch")); Clients.response( - new AuInvoke(platformAuthenticator? "triggerFido2AttestationPA" : "triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT)); + new AuInvoke("triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT)); } catch (Exception e) { UIUtils.showMessageUI(false); logger.error(e.getMessage(), e); @@ -177,35 +118,24 @@ public void triggerAttestationRequest() { @Listen("onData=#readyButton") public void notified(Event event) throws Exception { logger.debug("notified ready" + event.getTarget()); + logger.debug("attestation response :"+event.getData()); + logger.debug("attestation response :"+event.toString()); String errMessage = null; try { + if (fido2Service.verifyRegistration(mapper.writeValueAsString(event.getData()))) { - if (platformAuthenticator) { - newTouchId = fido2Service.getLatestSecurityKey(user.getId(), System.currentTimeMillis()); - if (newTouchId != null) { - uiEnrolledPlatformAuthenticator = true; - BindUtils.postNotifyChange(this, "uiEnrolledPlatformAuthenticator"); - - uiAwaitingPlatformAuthenticator = false; - BindUtils.postNotifyChange(this, "uiAwaitingPlatformAuthenticator"); - } else { - errMessage = Labels.getLabel("general.error.general"); - } - } else { - // pick the most suitable recent entry - newDevice = fido2Service.getLatestSecurityKey(user.getId(), System.currentTimeMillis()); - if (newDevice != null) { - - uiEnrolled = true; - BindUtils.postNotifyChange(this, "uiEnrolled"); + // pick the most suitable recent entry + newDevice = fido2Service.getLatestPasskey(user.getId(), System.currentTimeMillis()); + if (newDevice != null) { - uiAwaiting = false; - BindUtils.postNotifyChange(this, "uiAwaiting"); - } else { - errMessage = Labels.getLabel("general.error.general"); - } + uiEnrolled = true; + BindUtils.postNotifyChange(this, "uiEnrolled"); + uiAwaiting = false; + BindUtils.postNotifyChange(this, "uiAwaiting"); + } else { + errMessage = Labels.getLabel("general.error.general"); } } else { @@ -222,18 +152,6 @@ public void notified(Event event) throws Exception { } - @Listen("onData=#readyPlatformButton") - public void notifiedPlatform(Event event) throws Exception { - logger.debug("notified platform ready" + event.getTarget()); - notified(event); - } - - @Listen("onError=#readyPlatformButton") - public void notifiedErrPlatform(Event event) throws Exception { - logger.debug("notified notifiedErrPlatform" + event.getTarget()); - notifiedErr(event); - } - @Listen("onError=#readyButton") public void notifiedErr(Event event) throws Exception { logger.debug("notifiedErr - " + event.getTarget()); @@ -252,24 +170,19 @@ public void notifiedErr(Event event) throws Exception { } else { message = Labels.getLabel("general.error.detailed", new String[] { msg }); } - if (platformAuthenticator) { - uiAwaitingPlatformAuthenticator = false; - BindUtils.postNotifyChange(this, "uiAwaitingPlatformAuthenticator"); - } else { - uiAwaiting = false; - BindUtils.postNotifyChange(this, "uiAwaiting"); - } + + uiAwaiting = false; + BindUtils.postNotifyChange(this, "uiAwaiting"); + UIUtils.showMessageUI(false, message); } - @NotifyChange({ "uiEnrolled", "uiEnrolledPlatformAuthenticator", "newDevice", "newTouchId", "devices" }) + @NotifyChange({ "uiEnrolled", "newDevice", "devices" }) public void add() { logger.debug("add - "); FidoDevice dev = null; - if (platformAuthenticator && Utils.isNotEmpty(newTouchId.getNickName())) { - dev = newTouchId; - } else if (Utils.isNotEmpty(newDevice.getNickName())) { + if (Utils.isNotEmpty(newDevice.getNickName())) { dev = newDevice; } if (dev != null) { @@ -277,7 +190,7 @@ public void add() { fido2Service.updateDevice(dev); devices.add(dev); UIUtils.showMessageUI(true, Labels.getLabel("usr.enroll.success")); - userService.notifyEnrollment(user, SecurityKey2Extension.ACR); + userService.notifyEnrollment(user, PasskeysExtension.ACR); } catch (Exception e) { UIUtils.showMessageUI(false, Labels.getLabel("usr.error_updating")); logger.error(e.getMessage(), e); @@ -287,9 +200,9 @@ public void add() { } - @NotifyChange({ "uiEnrolled", "uiEnrolledPlatformAuthenticator", "newDevice", "newTouchId" }) + @NotifyChange({ "uiEnrolled", "newDevice" }) public void cancel() { - + boolean success = false; try { /* @@ -299,10 +212,7 @@ public void cancel() { * pressing cancel), we need to be obliterate the entry */ FidoDevice dev = null; - if (platformAuthenticator && Utils.isNotEmpty(newTouchId.getId())) { - dev = newTouchId; - logger.debug("cancel invoked - platform authenticator"); - } else if (Utils.isNotEmpty(newDevice.getId())) { + if (Utils.isNotEmpty(newDevice.getId())) { dev = newDevice; logger.debug("cancel invoked"); } @@ -320,7 +230,7 @@ public void cancel() { } - @NotifyChange({ "editingId", "editingIdPlatformAuthenticator", "newDevice" }) + @NotifyChange({ "editingId", "newDevice" }) public void prepareForUpdate(FidoDevice dev) { logger.debug("prepareForUpdate"); // This will make the modal window to become visible @@ -329,7 +239,7 @@ public void prepareForUpdate(FidoDevice dev) { newDevice.setNickName(dev.getNickName()); } - @NotifyChange({ "editingId", "editingIdPlatformAuthenticator", "newDevice" }) + @NotifyChange({ "editingId", "newDevice" }) public void cancelUpdate(Event event) { logger.debug("cancelUpdate"); newDevice.setNickName(null); @@ -339,7 +249,7 @@ public void cancelUpdate(Event event) { } } - @NotifyChange({ "devices", "editingId", "editingIdPlatformAuthenticator", "newDevice" }) + @NotifyChange({ "devices", "editingId", "newDevice" }) public void update() { logger.debug("update"); String nick = newDevice.getNickName(); @@ -364,7 +274,7 @@ public void update() { public void delete(FidoDevice device) { logger.debug("delete invoked"); - String resetMessages = resetPreferenceMessage(SecurityKey2Extension.ACR, devices.size()); + String resetMessages = resetPreferenceMessage(PasskeysExtension.ACR, devices.size()); boolean reset = resetMessages != null; Pair delMessages = getDeleteMessages(device.getNickName(), resetMessages); @@ -373,14 +283,14 @@ public void delete(FidoDevice device) { if (Messagebox.ON_YES.equals(event.getName())) { try { devices.remove(device); - boolean success = fido2Service.removeDevice(device, user.getId(), - fido2Service.appId(), true); + boolean success = fido2Service.removeDevice(device, user.getId(), fido2Service.appId(), + true); if (success) { if (reset) { userService.turn2faOff(user); } // trigger refresh (this method is asynchronous...) - BindUtils.postNotifyChange(SecurityKey2ViewModel.this, "devices"); + BindUtils.postNotifyChange(PasskeysViewModel.this, "devices"); } else { devices.add(device); } @@ -396,18 +306,6 @@ public void delete(FidoDevice device) { private void resetAddSettings() { logger.debug("resetAddSettings"); uiEnrolled = false; - uiEnrolledPlatformAuthenticator = false; - newDevice = new SecurityKey(); - newTouchId = new PlatformAuthenticator(); - } - - @Listen("onData=#platformAuthenticator") - public void updatePlatform(Event event) throws Exception { - - showUIPlatformAuthenticator = Boolean.valueOf(event.getData().toString()); - logger.debug("updatePlatform"); - BindUtils.postNotifyChange(this, "showUIPlatformAuthenticator"); - + newDevice = new FidoDevice(); } - } diff --git a/jans-casa/app/src/main/resources/labels/user.properties b/jans-casa/app/src/main/resources/labels/user.properties index 7d6bd253d9e..400478236bc 100644 --- a/jans-casa/app/src/main/resources/labels/user.properties +++ b/jans-casa/app/src/main/resources/labels/user.properties @@ -23,7 +23,7 @@ usr.mfa_notenough=You cannot turn on 2FA until you register at least {0} credent #fido 2 security keys usr.fido2_label=Passkeys usr.fido2_title=Passkeys -usr.fido2_text= +usr.fido2_text= Use device biometrics, screen locks, or security keys to protect your account against unauthorized access. #Protect your online account against unauthorized access by using two-factor authentication with Security keys (USB / NFC) and built-in Platform authenticators (Apple's PassKey). usr.fido2_buy_title=Buy security keys from Amazon or Yubico @@ -31,20 +31,12 @@ usr.fido2_buy_link1=https://www.amazon.com/fido2/s?k=fido2 usr.fido2_buy_link2=https://www.yubico.com/store usr.fido2_manage=Manage passkeys -usr.fido2_add=Register a security key -usr.fido2_touch=Touch your key button -usr.fido2_pressready=Insert your security key and press the "${general.ready}" button below -usr.fido2_edit=Change nickname of your security key +usr.fido2_add=Register your passkey +usr.fido2_touch=Follow the instructions on your browser +usr.fido2_pressready=Have your passkey handy and click the "${general.ready}" button +usr.fido2_edit=Change nickname of your passkey usr.fido2_del=Remove this key from your credentials -usr.fido2_add_touchId=Register a PassKey -usr.fido2_touchId=Place your finger on the PassKey -usr.fido2_pressready_touchId=A PassKey on a MacBook Pro or MacBook Air lets you use it to sign in to some third-party apps. -usr.fido2_del_touchId=Remove the PassKey from your credentials -usr.fido2.use_touchID=Enroll PassKey -usr.fido2_enroll_fingerprint_apple_help=See the link on Apple's support site to know how you register a fingerprint on your device. -usr.fido2_apple_support_site=https://support.apple.com/en-in/guide/mac-help/mchl16fbf90a/mac - usr.fido2.error_exclude=Credential creation failed, probably because an already registered credential is available usr.fido2.error_cancel=Operation cancelled by user usr.fido2.error_invalid=An invalid registration status was obtained by the server diff --git a/jans-casa/app/src/main/webapp/user/fido2-detail.zul b/jans-casa/app/src/main/webapp/user/fido2-detail.zul index 60bdd2aa2ee..58a12ed5537 100644 --- a/jans-casa/app/src/main/webapp/user/fido2-detail.zul +++ b/jans-casa/app/src/main/webapp/user/fido2-detail.zul @@ -9,7 +9,7 @@ ${zkService.appName} - ${labels.usr.fido2_title} - @@ -33,10 +33,13 @@ - + + + + - +


@@ -86,32 +89,7 @@ - - -

${labels.usr.fido2_add_touchId}

- @@ -137,25 +115,5 @@ - - - +