web/flows: fix error when webauthn operations failed and user retries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
goauthentik · Jun 12, 2022 · 5be45eb · 5be45eb
1 parent ad8fe9f
commit 5be45eb
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 22 deletions.
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
@@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     @property({ type: Boolean })
     showBackButton = false;
 
+    transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions;
+
     static get styles(): CSSResult[] {
         return [
             PFBase,
@@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     }
 
     async authenticate(): Promise<void> {
-        // convert certain members of the PublicKeyCredentialRequestOptions into
-        // byte arrays as expected by the spec.
-        const credentialRequestOptions = this.deviceChallenge
-            ?.challenge as PublicKeyCredentialRequestOptions;
-        const transformedCredentialRequestOptions =
-            transformCredentialRequestOptions(credentialRequestOptions);
-
         // request the authenticator to create an assertion signature using the
         // credential private key
         let assertion;
         try {
             assertion = await navigator.credentials.get({
-                publicKey: transformedCredentialRequestOptions,
+                publicKey: this.transformedCredentialRequestOptions,
             });
             if (!assertion) {
                 throw new Error(t`Assertions is empty`);
@@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     }
 
     firstUpdated(): void {
+        // convert certain members of the PublicKeyCredentialRequestOptions into
+        // byte arrays as expected by the spec.
+        const credentialRequestOptions = this.deviceChallenge
+            ?.challenge as PublicKeyCredentialRequestOptions;
+        this.transformedCredentialRequestOptions =
+            transformCredentialRequestOptions(credentialRequestOptions);
         this.authenticateWrapper();
     }
 

diff --git a/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts b/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts
@@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
     @property()
     registerMessage = "";
 
+    publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions;
+
     static get styles(): CSSResult[] {
         return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal];
     }
@@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
         if (!this.challenge) {
             return;
         }
-        // convert certain members of the PublicKeyCredentialCreateOptions into
-        // byte arrays as expected by the spec.
-        const publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
-            this.challenge?.registration as PublicKeyCredentialCreationOptions,
-            this.challenge?.registration.user.id,
-        );
-
         // request the authenticator(s) to create a new credential keypair.
         let credential;
         try {
             credential = (await navigator.credentials.create({
-                publicKey: publicKeyCredentialCreateOptions,
+                publicKey: this.publicKeyCredentialCreateOptions,
             })) as PublicKeyCredential;
             if (!credential) {
                 throw new Error("Credential is empty");
@@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
     }
 
     firstUpdated(): void {
+        // convert certain members of the PublicKeyCredentialCreateOptions into
+        // byte arrays as expected by the spec.
+        this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
+            this.challenge?.registration as PublicKeyCredentialCreationOptions,
+            this.challenge?.registration.user.id,
+        );
         this.registerWrapper();
     }
 

diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po
@@ -1538,7 +1538,6 @@ msgstr "删除 {0}"
 msgid "Deny the user access"
 msgstr "拒绝用户访问"
 
-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
 msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
@@ -2448,7 +2447,6 @@ msgstr "隐藏服务账户"
 #: src/pages/outposts/OutpostForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/saml/SAMLProviderForm.ts
 #: src/pages/sources/ldap/LDAPSourceForm.ts
@@ -2731,7 +2729,6 @@ msgstr ""
 #~ msgid "JWT Algorithm"
 #~ msgstr "JWT 算法"
 
-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
 msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
@@ -2913,7 +2910,6 @@ msgstr "正在加载"
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
 #: src/pages/providers/proxy/ProxyProviderForm.ts
@@ -6261,8 +6257,8 @@ msgid "Verification Certificate"
 msgstr "验证证书"
 
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Verification certificates"
-msgstr "验证证书"
+#~ msgid "Verification certificates"
+#~ msgstr "验证证书"
 
 #~ msgid "Verify only"
 #~ msgstr "仅验证"