updated user verification sample

WebauthnWorks · Jan 20, 2019 · ef12e07 · ef12e07
1 parent ca1bc02
commit ef12e07
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 14 deletions.
diff --git a/WebAuthnIntro/BasicDirectExample.html b/WebAuthnIntro/BasicDirectExample.html
@@ -59,7 +59,7 @@ <h4>Login</h4>
 
             registerPassword({username, password, displayName})
                 .then((serverResponse) => {
-                    if(serverResponse.status !== 'startFIDOEnrollment')
+                    if(serverResponse.status !== 'startFIDOEnrolment')
                         throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
 
                     return getMakeCredentialChallenge({'attestation': 'direct'})

diff --git a/WebAuthnIntro/BasicExample.html b/WebAuthnIntro/BasicExample.html
@@ -59,7 +59,7 @@ <h4>Login</h4>
 
             registerPassword({username, password, displayName})
                 .then((serverResponse) => {
-                    if(serverResponse.status !== 'startFIDOEnrollment')
+                    if(serverResponse.status !== 'startFIDOEnrolment')
                         throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
 
                     return getMakeCredentialChallenge()

diff --git a/WebAuthnIntro/BasicRPIDExample.html b/WebAuthnIntro/BasicRPIDExample.html
@@ -59,7 +59,7 @@ <h4>Login</h4>
 
             registerPassword({username, password, displayName})
                 .then((serverResponse) => {
-                    if(serverResponse.status !== 'startFIDOEnrollment')
+                    if(serverResponse.status !== 'startFIDOEnrolment')
                         throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
 
                     return getMakeCredentialChallenge({'rpId': 'github.io'})

diff --git a/WebAuthnIntro/PasswordlessExample.html b/WebAuthnIntro/PasswordlessExample.html
@@ -54,14 +54,33 @@ <h4>Login</h4>
             let username    = this.username.value;
             let displayName = this.displayName.value;
 
-            startPasswordlessEnrollment({username, displayName})
+            startPasswordlessEnrolment({username, displayName})
                 .then((serverResponse) => {
-                    if(serverResponse.status !== 'startFIDOEnrollmentRK')
+                    if(serverResponse.status !== 'startFIDOEnrolmentPasswordless')
                         throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
 
-                    return getMakeCredentialChallenge()
+                    return getMakeCredentialChallenge({'uv': true})
                 })
                 .then((makeCredChallenge) => {
+                    /*{
+                        "challenge": "YPpAQ5-8yw7ty1GxvZRoosKoYraXWpeNJ4jNffh-gy0",
+                        "rp": {
+                            "name": "Example Inc."
+                        },
+                        "user": {
+                            "id": "pH4atM-uM2FlifiEVD5OtZnSrvxMcS1OXao8fEP6UFs",
+                            "name": "alice@example.com",
+                            "displayName": "Alice von Delingher"
+                        },
+                        "pubKeyCredParams": [
+                            { "type": "public-key", "alg": -7 },
+                            { "type": "public-key", "alg": -257 }
+                        ],
+                        "authenticatorSelection": {
+                            "userVerification": "required"
+                        },
+                        "status": "ok"
+                    }*/
                     makeCredChallenge = preformatMakeCredReq(makeCredChallenge);
                     return navigator.credentials.create({ 'publicKey': makeCredChallenge })
                 })

diff --git a/WebAuthnIntro/UsernamelessExample.html b/WebAuthnIntro/UsernamelessExample.html
@@ -53,9 +53,9 @@ <h4>Login</h4>
             let username    = this.username.value;
             let displayName = this.displayName.value;
 
-            startPasswordlessEnrollment({username, displayName})
+            startUsernamelessEnrolment({username, displayName})
                 .then((serverResponse) => {
-                    if(serverResponse.status !== 'startFIDOEnrollmentRK')
+                    if(serverResponse.status !== 'startFIDOEnrolmentRK')
                         throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
 
                     return getMakeCredentialChallenge()

diff --git a/index.html b/index.html
@@ -31,7 +31,7 @@ <h2>WebAuthn Intro samples</h2>
                             <li><a href="WebAuthnIntro/getAssertionExample.html">GetAssertion</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/getAssertionExample.html">(SOURCE)</a></li>
                             <li><a href="WebAuthnIntro/BasicExample.html">Basic Authentication Example</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/BasicExample.html">(SOURCE)</a></li>
                             <li><a href="WebAuthnIntro/BasicDirectExample.html">Basic Authentication with Attestation direct Example</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/BasicDirectExample.html">(SOURCE)</a></li>
-                            <li><a href="WebAuthnIntro/PasswordlessExample.html">Passwordless authentication Example (EDGE FIDO2 KEY ONLY)</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/PasswordlessExample.html">(SOURCE)</a></li>
+                            <li><a href="WebAuthnIntro/PasswordlessExample.html">Passwordless authentication Example</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/PasswordlessExample.html">(SOURCE)</a></li>
                             <li><a href="WebAuthnIntro/UsernamelessExample.html">Usernamekess authentication Example (EDGE FIDO2 KEY ONLY)</a> <a href="https://github.com/herrjemand/FIDO2WebAuthnSeries/blob/master/WebAuthnIntro/UsernamelessExample.html">(SOURCE)</a></li>
                         </ul>
 

diff --git a/lib/server.sample.js b/lib/server.sample.js
@@ -91,7 +91,7 @@ let session = {};
 
         session.username = payload.username;
 
-        return Promise.resolve({'status': 'startFIDOEnrollment'})
+        return Promise.resolve({'status': 'startFIDOEnrolment'})
     }
 
     let loginPassword = (payload) => {
@@ -109,7 +109,25 @@ let session = {};
 /* Password section ends */
 
 /* RK passwordless section */
-    let startPasswordlessEnrollment = (payload) => {
+    let startPasswordlessEnrolment = (payload) => {
+        session = {};
+        if(db.userExists(payload.username) && db.getUser(payload.username).registrationComplete)
+            return Promise.reject({'status': 'failed', 'errorMessage': 'User already exists!'})
+
+        db.deleteUser(payload.username)
+
+        payload.id = base64url.encode(generateRandomBuffer(32));
+        payload.credentials = [];
+
+        db.addUser(payload.username, payload)
+
+        session.username = payload.username;
+        session.uv = true;
+
+        return Promise.resolve({'status': 'startFIDOEnrolmentPasswordless'})
+    }
+
+    let startUsernamelessEnrolment = (payload) => {
         session = {};
         if(db.userExists(payload.username) && db.getUser(payload.username).registrationComplete)
             return Promise.reject({'status': 'failed', 'errorMessage': 'User already exists!'})
@@ -124,17 +142,17 @@ let session = {};
         session.username = payload.username;
         session.rk = true;
 
-        return Promise.resolve({'status': 'startFIDOEnrollmentRK'})
+        return Promise.resolve({'status': 'startFIDOEnrolmentRK'})
     }
 
     let startAuthenticationPasswordless = (payload) => {
         if(!db.userExists(payload.username))
             return Promise.reject('Wrong username or password!');
 
         session.username = payload.username;
-        session.rk = true;
+        session.uv = true;
 
-        return Promise.resolve({'status': 'startFIDOAuthenticationRK'})
+        return Promise.resolve({'status': 'startFIDOAuthentication'})
     }
 /* RK passwordless section ends */
 
@@ -168,11 +186,17 @@ let session = {};
         }
 
         if(options) {
+            if(!publicKey.authenticatorSelection)
+                publicKey.authenticatorSelection = {};
+
             if(options.attestation)
                 publicKey.attestation = options.attestation;
 
             if(options.rpId)
                 publicKey.rp.id = options.rpId;
+
+            if(options.uv)
+                publicKey.authenticatorSelection.userVerification = 'required';
         }
 
         if(session.rk) {
@@ -222,6 +246,10 @@ let session = {};
             delete publicKey.allowCredentials
         }
 
+        if(session.uv) {
+            publicKey.userVerification = 'required';
+        }
+
         return Promise.resolve(publicKey)
     }