forked from ente-io/ente
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[web] Ask the user their preferred 2FA choice if both are enabled (en…
…te-io#4224) Sibling of mobile ente-io#4210. Unlike mobile, we automatically redirect so we need to ask the user their pref beforehand.
- Loading branch information
Showing
6 changed files
with
183 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| import { FocusVisibleButton } from "@/base/components/mui/FocusVisibleButton"; | ||
| import type { ModalVisibilityProps } from "@/base/components/utils/modal"; | ||
| import { Dialog, DialogContent, DialogTitle, Stack } from "@mui/material"; | ||
| import { t } from "i18next"; | ||
| import React from "react"; | ||
|
|
||
| export type SecondFactorType = "totp" | "passkey"; | ||
|
|
||
| type SecondFactorChoiceProps = ModalVisibilityProps & { | ||
| /** | ||
| * Callback invoked with the selected choice. | ||
| * | ||
| * The dialog will automatically be closed before this callback is invoked. | ||
| */ | ||
| onSelect: (factor: SecondFactorType) => void; | ||
| }; | ||
|
|
||
| /** | ||
| * A {@link Dialog} that allow the user to choose which second factor they'd | ||
| * like to verify during login. | ||
| */ | ||
| export const SecondFactorChoice: React.FC<SecondFactorChoiceProps> = ({ | ||
| open, | ||
| onClose, | ||
| onSelect, | ||
| }) => ( | ||
| <Dialog | ||
| open={open} | ||
| onClose={(_, reason) => { | ||
| if (reason != "backdropClick") onClose(); | ||
| }} | ||
| fullWidth | ||
| PaperProps={{ sx: { maxWidth: "360px", padding: "12px" } }} | ||
| > | ||
| <DialogTitle>{t("two_factor")}</DialogTitle> | ||
| <DialogContent> | ||
| <Stack sx={{ gap: "12px" }}> | ||
| <FocusVisibleButton | ||
| color="accent" | ||
| onClick={() => { | ||
| onClose(); | ||
| onSelect("totp"); | ||
| }} | ||
| > | ||
| {t("totp_login")} | ||
| </FocusVisibleButton> | ||
|
|
||
| <FocusVisibleButton | ||
| color="accent" | ||
| onClick={() => { | ||
| onClose(); | ||
| onSelect("passkey"); | ||
| }} | ||
| > | ||
| {t("passkey_login")} | ||
| </FocusVisibleButton> | ||
| </Stack> | ||
| </DialogContent> | ||
| </Dialog> | ||
| ); |
92 changes: 92 additions & 0 deletions
92
web/packages/accounts/components/utils/second-factor-choice.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| /** | ||
| * @file This code is conceputally related to `SecondFactorChoice.tsx`, but | ||
| * needs to be in a separate file to allow fast refresh. | ||
| */ | ||
|
|
||
| import { useModalVisibility } from "@/base/components/utils/modal"; | ||
| import { useCallback, useMemo, useRef } from "react"; | ||
| import type { UserVerificationResponse } from "../../services/user"; | ||
| import type { SecondFactorType } from "../SecondFactorChoice"; | ||
|
|
||
| /** | ||
| * A convenience hook for keeping track of the state and logic that is needed | ||
| * after password verification to determine which second factor (if any) we | ||
| * should be asking the user for. | ||
| * | ||
| * This is a rather ad-hoc abstraction meant to be used in a very specific way; | ||
| * the only intent is to reduce code duplication between the two pages that need | ||
| * this choice. | ||
| */ | ||
| export const useSecondFactorChoiceIfNeeded = () => { | ||
| const resolveSecondFactorChoice = useRef< | ||
| | ((value: SecondFactorType | PromiseLike<SecondFactorType>) => void) | ||
| | undefined | ||
| >(); | ||
| const { | ||
| show: showSecondFactorChoice, | ||
| props: secondFactorChoiceVisibilityProps, | ||
| } = useModalVisibility(); | ||
|
|
||
| const onSelect = useCallback((factor: SecondFactorType) => { | ||
| const resolve = resolveSecondFactorChoice.current!; | ||
| resolveSecondFactorChoice.current = undefined; | ||
| resolve(factor); | ||
| }, []); | ||
|
|
||
| const secondFactorChoiceProps = useMemo( | ||
| () => ({ ...secondFactorChoiceVisibilityProps, onSelect }), | ||
| [secondFactorChoiceVisibilityProps, onSelect], | ||
| ); | ||
|
|
||
| const userVerificationResultAfterResolvingSecondFactorChoice = useCallback( | ||
| async (response: UserVerificationResponse) => { | ||
| const { | ||
| twoFactorSessionID: _twoFactorSessionIDV1, | ||
| twoFactorSessionIDV2: _twoFactorSessionIDV2, | ||
| passkeySessionID: _passkeySessionID, | ||
| } = response; | ||
|
|
||
| // When the user has both TOTP and pk set as the second factor, | ||
| // we'll get two session IDs. For backward compat, the TOTP session | ||
| // ID will be in a V2 attribute during a transient migration period. | ||
| // | ||
| // Note the use of || instead of ?? since _twoFactorSessionIDV1 will | ||
| // be an empty string, not undefined, if it is unset. We might need | ||
| // to add a `xxx-eslint-disable | ||
| // @typescript-eslint/prefer-nullish-coalescing` here too later. | ||
| const _twoFactorSessionID = | ||
| _twoFactorSessionIDV1 || _twoFactorSessionIDV2; | ||
|
|
||
| let passkeySessionID: string | undefined; | ||
| let twoFactorSessionID: string | undefined; | ||
| // If both factors are set, ask the user which one they want to use. | ||
| if (_twoFactorSessionID && _passkeySessionID) { | ||
| const choice = await new Promise<SecondFactorType>( | ||
| (resolve) => { | ||
| resolveSecondFactorChoice.current = resolve; | ||
| showSecondFactorChoice(); | ||
| }, | ||
| ); | ||
| switch (choice) { | ||
| case "passkey": | ||
| passkeySessionID = _passkeySessionID; | ||
| break; | ||
| case "totp": | ||
| twoFactorSessionID = _twoFactorSessionID; | ||
| break; | ||
| } | ||
| } else { | ||
| passkeySessionID = _passkeySessionID; | ||
| twoFactorSessionID = _twoFactorSessionID; | ||
| } | ||
|
|
||
| return { ...response, passkeySessionID, twoFactorSessionID }; | ||
| }, | ||
| [showSecondFactorChoice], | ||
| ); | ||
|
|
||
| return { | ||
| secondFactorChoiceProps, | ||
| userVerificationResultAfterResolvingSecondFactorChoice, | ||
| }; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters