feat(dev): add u2f ui for managing devices and signing in

packages/api/src/Domain/Client/Authenticator/AuthenticatorApiOperations.ts

@@ -4,5 +4,4 @@ export enum AuthenticatorApiOperations {
   GenerateRegistrationOptions,
   GenerateAuthenticationOptions,
   VerifyRegistrationResponse,
-  VerifyAuthenticationResponse,
 }

packages/api/src/Domain/Client/Authenticator/AuthenticatorApiService.ts

@@ -9,7 +9,6 @@ import {
   GenerateAuthenticatorRegistrationOptionsResponse,
   VerifyAuthenticatorRegistrationResponseResponse,
   GenerateAuthenticatorAuthenticationOptionsResponse,
-  VerifyAuthenticatorAuthenticationResponseResponse,
 } from '../../Response'
 import { AuthenticatorServerInterface } from '../../Server/Authenticator/AuthenticatorServerInterface'
 
@@ -79,7 +78,7 @@ export class AuthenticatorApiService implements AuthenticatorApiServiceInterface
   async verifyRegistrationResponse(
     userUuid: string,
     name: string,
-    registrationCredential: Record<string, unknown>,
+    attestationResponse: Record<string, unknown>,
   ): Promise<VerifyAuthenticatorRegistrationResponseResponse> {
     if (this.operationsInProgress.get(AuthenticatorApiOperations.VerifyRegistrationResponse)) {
       throw new ApiCallError(ErrorMessage.GenericInProgress)
@@ -91,7 +90,7 @@ export class AuthenticatorApiService implements AuthenticatorApiServiceInterface
       const response = await this.authenticatorServer.verifyRegistrationResponse({
         userUuid,
         name,
-        registrationCredential,
+        attestationResponse,
       })
 
       return response
@@ -102,45 +101,23 @@ export class AuthenticatorApiService implements AuthenticatorApiServiceInterface
     }
   }
 
-  async generateAuthenticationOptions(): Promise<GenerateAuthenticatorAuthenticationOptionsResponse> {
+  async generateAuthenticationOptions(username: string): Promise<GenerateAuthenticatorAuthenticationOptionsResponse> {
     if (this.operationsInProgress.get(AuthenticatorApiOperations.GenerateAuthenticationOptions)) {
       throw new ApiCallError(ErrorMessage.GenericInProgress)
     }
 
     this.operationsInProgress.set(AuthenticatorApiOperations.GenerateAuthenticationOptions, true)
 
     try {
-      const response = await this.authenticatorServer.generateAuthenticationOptions()
-
-      return response
-    } catch (error) {
-      throw new ApiCallError(ErrorMessage.GenericFail)
-    } finally {
-      this.operationsInProgress.set(AuthenticatorApiOperations.GenerateAuthenticationOptions, false)
-    }
-  }
-
-  async verifyAuthenticationResponse(
-    userUuid: string,
-    authenticationCredential: Record<string, unknown>,
-  ): Promise<VerifyAuthenticatorAuthenticationResponseResponse> {
-    if (this.operationsInProgress.get(AuthenticatorApiOperations.VerifyAuthenticationResponse)) {
-      throw new ApiCallError(ErrorMessage.GenericInProgress)
-    }
-
-    this.operationsInProgress.set(AuthenticatorApiOperations.VerifyAuthenticationResponse, true)
-
-    try {
-      const response = await this.authenticatorServer.verifyAuthenticationResponse({
-        authenticationCredential,
-        userUuid,
+      const response = await this.authenticatorServer.generateAuthenticationOptions({
+        username,
       })
 
       return response
     } catch (error) {
       throw new ApiCallError(ErrorMessage.GenericFail)
     } finally {
-      this.operationsInProgress.set(AuthenticatorApiOperations.VerifyAuthenticationResponse, false)
+      this.operationsInProgress.set(AuthenticatorApiOperations.GenerateAuthenticationOptions, false)
     }
   }
 }

packages/api/src/Domain/Client/Authenticator/AuthenticatorApiServiceInterface.ts

@@ -4,7 +4,6 @@ import {
   GenerateAuthenticatorRegistrationOptionsResponse,
   VerifyAuthenticatorRegistrationResponseResponse,
   GenerateAuthenticatorAuthenticationOptionsResponse,
-  VerifyAuthenticatorAuthenticationResponseResponse,
 } from '../../Response'
 
 export interface AuthenticatorApiServiceInterface {
@@ -14,11 +13,7 @@ export interface AuthenticatorApiServiceInterface {
   verifyRegistrationResponse(
     userUuid: string,
     name: string,
-    registrationCredential: Record<string, unknown>,
+    attestationResponse: Record<string, unknown>,
   ): Promise<VerifyAuthenticatorRegistrationResponseResponse>
-  generateAuthenticationOptions(): Promise<GenerateAuthenticatorAuthenticationOptionsResponse>
-  verifyAuthenticationResponse(
-    userUuid: string,
-    authenticationCredential: Record<string, unknown>,
-  ): Promise<VerifyAuthenticatorAuthenticationResponseResponse>
+  generateAuthenticationOptions(username: string): Promise<GenerateAuthenticatorAuthenticationOptionsResponse>
 }

packages/api/src/Domain/Request/Authenticator/GenerateAuthenticatorAuthenticationOptionsRequestParams.ts

@@ -0,0 +1,3 @@
+export interface GenerateAuthenticatorAuthenticationOptionsRequestParams {
+  username: string
+}

packages/api/src/Domain/Request/Authenticator/VerifyAuthenticatorRegistrationResponseRequestParams.ts

@@ -1,6 +1,6 @@
 export interface VerifyAuthenticatorRegistrationResponseRequestParams {
   userUuid: string
   name: string
-  registrationCredential: Record<string, unknown>
+  attestationResponse: Record<string, unknown>
   [additionalParam: string]: unknown
 }

packages/api/src/Domain/Request/index.ts

@@ -1,7 +1,7 @@
 export * from './ApiEndpointParam'
 export * from './Authenticator/DeleteAuthenticatorRequestParams'
+export * from './Authenticator/GenerateAuthenticatorAuthenticationOptionsRequestParams'
 export * from './Authenticator/ListAuthenticatorsRequestParams'
-export * from './Authenticator/VerifyAuthenticatorAuthenticationResponseRequestParams'
 export * from './Authenticator/VerifyAuthenticatorRegistrationResponseRequestParams'
 export * from './Recovery/RecoveryKeyParamsRequestParams'
 export * from './Recovery/SignInWithRecoveryCodesRequestParams'

packages/api/src/Domain/Response/index.ts

@@ -8,8 +8,6 @@ export * from './Authenticator/GenerateAuthenticatorRegistrationOptionsResponse'
 export * from './Authenticator/GenerateAuthenticatorRegistrationOptionsResponseBody'
 export * from './Authenticator/ListAuthenticatorsResponse'
 export * from './Authenticator/ListAuthenticatorsResponseBody'
-export * from './Authenticator/VerifyAuthenticatorAuthenticationResponseResponse'
-export * from './Authenticator/VerifyAuthenticatorAuthenticationResponseResponseBody'
 export * from './Authenticator/VerifyAuthenticatorRegistrationResponseResponse'
 export * from './Authenticator/VerifyAuthenticatorRegistrationResponseResponseBody'
 export * from './Recovery/GenerateRecoveryCodesResponse'

packages/api/src/Domain/Server/Authenticator/AuthenticatorServer.ts

@@ -1,17 +1,16 @@
 import { HttpServiceInterface } from '../../Http/HttpServiceInterface'
 import {
   ListAuthenticatorsRequestParams,
+  GenerateAuthenticatorAuthenticationOptionsRequestParams,
   DeleteAuthenticatorRequestParams,
   VerifyAuthenticatorRegistrationResponseRequestParams,
-  VerifyAuthenticatorAuthenticationResponseRequestParams,
 } from '../../Request'
 import {
   ListAuthenticatorsResponse,
   DeleteAuthenticatorResponse,
   GenerateAuthenticatorRegistrationOptionsResponse,
   VerifyAuthenticatorRegistrationResponseResponse,
   GenerateAuthenticatorAuthenticationOptionsResponse,
-  VerifyAuthenticatorAuthenticationResponseResponse,
 } from '../../Response'
 import { AuthenticatorServerInterface } from './AuthenticatorServerInterface'
 import { Paths } from './Paths'
@@ -45,17 +44,11 @@ export class AuthenticatorServer implements AuthenticatorServerInterface {
     return response as VerifyAuthenticatorRegistrationResponseResponse
   }
 
-  async generateAuthenticationOptions(): Promise<GenerateAuthenticatorAuthenticationOptionsResponse> {
-    const response = await this.httpService.get(Paths.v1.generateAuthenticationOptions)
+  async generateAuthenticationOptions(
+    params: GenerateAuthenticatorAuthenticationOptionsRequestParams,
+  ): Promise<GenerateAuthenticatorAuthenticationOptionsResponse> {
+    const response = await this.httpService.post(Paths.v1.generateAuthenticationOptions, params)
 
     return response as GenerateAuthenticatorAuthenticationOptionsResponse
   }
-
-  async verifyAuthenticationResponse(
-    params: VerifyAuthenticatorAuthenticationResponseRequestParams,
-  ): Promise<VerifyAuthenticatorAuthenticationResponseResponse> {
-    const response = await this.httpService.post(Paths.v1.verifyAuthenticationResponse, params)
-
-    return response as VerifyAuthenticatorAuthenticationResponseResponse
-  }
 }

packages/api/src/Domain/Server/Authenticator/AuthenticatorServerInterface.ts

@@ -2,15 +2,14 @@ import {
   ListAuthenticatorsRequestParams,
   DeleteAuthenticatorRequestParams,
   VerifyAuthenticatorRegistrationResponseRequestParams,
-  VerifyAuthenticatorAuthenticationResponseRequestParams,
+  GenerateAuthenticatorAuthenticationOptionsRequestParams,
 } from '../../Request'
 import {
   ListAuthenticatorsResponse,
   DeleteAuthenticatorResponse,
   GenerateAuthenticatorRegistrationOptionsResponse,
   VerifyAuthenticatorRegistrationResponseResponse,
   GenerateAuthenticatorAuthenticationOptionsResponse,
-  VerifyAuthenticatorAuthenticationResponseResponse,
 } from '../../Response'
 
 export interface AuthenticatorServerInterface {
@@ -20,8 +19,7 @@ export interface AuthenticatorServerInterface {
   verifyRegistrationResponse(
     params: VerifyAuthenticatorRegistrationResponseRequestParams,
   ): Promise<VerifyAuthenticatorRegistrationResponseResponse>
-  generateAuthenticationOptions(): Promise<GenerateAuthenticatorAuthenticationOptionsResponse>
-  verifyAuthenticationResponse(
-    params: VerifyAuthenticatorAuthenticationResponseRequestParams,
-  ): Promise<VerifyAuthenticatorAuthenticationResponseResponse>
+  generateAuthenticationOptions(
+    params: GenerateAuthenticatorAuthenticationOptionsRequestParams,
+  ): Promise<GenerateAuthenticatorAuthenticationOptionsResponse>
 }

packages/api/src/Domain/Server/Authenticator/Paths.ts

@@ -4,7 +4,6 @@ const AuthenticatorPaths = {
   generateRegistrationOptions: '/v1/authenticators/generate-registration-options',
   verifyRegistrationResponse: '/v1/authenticators/verify-registration',
   generateAuthenticationOptions: '/v1/authenticators/generate-authentication-options',
-  verifyAuthenticationResponse: '/v1/authenticators/verify-authentication',
 }
 
 export const Paths = {

packages/services/src/Domain/Authenticator/AuthenticatorClientInterface.ts

@@ -1,4 +1,4 @@
-import { Uuid } from '@standardnotes/domain-core'
+import { Username, Uuid } from '@standardnotes/domain-core'
 
 export interface AuthenticatorClientInterface {
   list(): Promise<Array<{ id: string; name: string }>>
@@ -9,6 +9,5 @@ export interface AuthenticatorClientInterface {
     name: string,
     registrationCredential: Record<string, unknown>,
   ): Promise<boolean>
-  generateAuthenticationOptions(): Promise<Record<string, unknown> | null>
-  verifyAuthenticationResponse(userUuid: Uuid, authenticationCredential: Record<string, unknown>): Promise<boolean>
+  generateAuthenticationOptions(username: Username): Promise<Record<string, unknown> | null>
 }

packages/services/src/Domain/Authenticator/AuthenticatorManager.ts

@@ -1,7 +1,7 @@
 /* istanbul ignore file */
 
 import { AuthenticatorApiServiceInterface } from '@standardnotes/api'
-import { Uuid } from '@standardnotes/domain-core'
+import { Username, Uuid } from '@standardnotes/domain-core'
 
 import { InternalEventBusInterface } from '../Internal/InternalEventBusInterface'
 import { AbstractService } from '../Service/AbstractService'
@@ -79,9 +79,9 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
     }
   }
 
-  async generateAuthenticationOptions(): Promise<Record<string, unknown> | null> {
+  async generateAuthenticationOptions(username: Username): Promise<Record<string, unknown> | null> {
     try {
-      const result = await this.authenticatorApiService.generateAuthenticationOptions()
+      const result = await this.authenticatorApiService.generateAuthenticationOptions(username.value)
 
       if (result.data.error) {
         return null
@@ -92,24 +92,4 @@ export class AuthenticatorManager extends AbstractService implements Authenticat
       return null
     }
   }
-
-  async verifyAuthenticationResponse(
-    userUuid: Uuid,
-    authenticationCredential: Record<string, unknown>,
-  ): Promise<boolean> {
-    try {
-      const result = await this.authenticatorApiService.verifyAuthenticationResponse(
-        userUuid.value,
-        authenticationCredential,
-      )
-
-      if (result.data.error) {
-        return false
-      }
-
-      return result.data.success
-    } catch (error) {
-      return false
-    }
-  }
 }

packages/services/src/Domain/Challenge/Prompt/ChallengePrompt.ts

@@ -20,6 +20,7 @@ export class ChallengePrompt implements ChallengePromptInterface {
     public readonly secureTextEntry = true,
     public readonly keyboardType?: ChallengeKeyboardType,
     public readonly initialValue?: ChallengeRawValue,
+    public readonly contextData?: Record<string, unknown>,
   ) {
     switch (this.validation) {
       case ChallengeValidation.AccountPassword:
@@ -37,6 +38,11 @@ export class ChallengePrompt implements ChallengePromptInterface {
         this.placeholder = placeholder ?? ''
         this.validates = true
         break
+      case ChallengeValidation.Authenticator:
+        this.title = title ?? ChallengePromptTitle.U2F
+        this.placeholder = placeholder ?? ''
+        this.validates = true
+        break
       case ChallengeValidation.ProtectionSessionDuration:
         this.title = title ?? ChallengePromptTitle.RememberFor
         this.placeholder = placeholder ?? ''

packages/services/src/Domain/Challenge/Prompt/PromptTitles.ts

@@ -6,4 +6,5 @@ export const ChallengePromptTitle = {
   Biometrics: 'Biometrics',
   RememberFor: 'Remember For',
   Mfa: 'Two-factor Authentication Code',
+  U2F: 'Security Key',
 }

packages/services/src/Domain/Challenge/Types/ChallengeRawValue.ts

@@ -1,3 +1,3 @@
 /* istanbul ignore file */
 
-export type ChallengeRawValue = number | string | boolean
+export type ChallengeRawValue = number | string | boolean | Record<string, unknown>

packages/services/src/Domain/Challenge/Types/ChallengeValidation.ts

@@ -6,4 +6,5 @@ export enum ChallengeValidation {
   AccountPassword = 2,
   Biometric = 3,
   ProtectionSessionDuration = 4,
+  Authenticator = 5,
 }

packages/services/src/Domain/Strings/Messages.ts

@@ -121,6 +121,7 @@ export const SessionStrings = {
   },
   SessionRestored: 'Your session has been successfully restored.',
   EnterMfa: 'Please enter your two-factor authentication code.',
+  InputU2FDevice: 'Please authenticate with your U2F device.',
   MfaInputPlaceholder: 'Two-factor authentication code',
   EmailInputPlaceholder: 'Email',
   PasswordInputPlaceholder: 'Password',

packages/snjs/lib/Application/Application.ts

@@ -105,11 +105,11 @@ import { GetRecoveryCodes } from '@Lib/Domain/UseCase/GetRecoveryCodes/GetRecove
 import { AddAuthenticator } from '@Lib/Domain/UseCase/AddAuthenticator/AddAuthenticator'
 import { ListAuthenticators } from '@Lib/Domain/UseCase/ListAuthenticators/ListAuthenticators'
 import { DeleteAuthenticator } from '@Lib/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator'
-import { VerifyAuthenticator } from '@Lib/Domain/UseCase/VerifyAuthenticator/VerifyAuthenticator'
 import { ListRevisions } from '@Lib/Domain/UseCase/ListRevisions/ListRevisions'
 import { GetRevision } from '@Lib/Domain/UseCase/GetRevision/GetRevision'
 import { DeleteRevision } from '@Lib/Domain/UseCase/DeleteRevision/DeleteRevision'
 import { RevisionMetadata } from '@Lib/Domain/Revision/RevisionMetadata'
+import { GetAuthenticatorAuthenticationResponse } from '@Lib/Domain/UseCase/GetAuthenticatorAuthenticationResponse/GetAuthenticatorAuthenticationResponse'
 
 /** How often to automatically sync, in milliseconds */
 const DEFAULT_AUTO_SYNC_INTERVAL = 30_000
@@ -193,7 +193,7 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
   private declare _addAuthenticator: AddAuthenticator
   private declare _listAuthenticators: ListAuthenticators
   private declare _deleteAuthenticator: DeleteAuthenticator
-  private declare _verifyAuthenticator: VerifyAuthenticator
+  private declare _getAuthenticatorAuthenticationResponse: GetAuthenticatorAuthenticationResponse
   private declare _listRevisions: ListRevisions
   private declare _getRevision: GetRevision
   private declare _deleteRevision: DeleteRevision
@@ -299,8 +299,8 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
     return this._deleteAuthenticator
   }
 
-  get verifyAuthenticator(): UseCaseInterface<void> {
-    return this._verifyAuthenticator
+  get getAuthenticatorAuthenticationResponse(): UseCaseInterface<Record<string, unknown>> {
+    return this._getAuthenticatorAuthenticationResponse
   }
 
   get listRevisions(): UseCaseInterface<Array<RevisionMetadata>> {
@@ -1272,7 +1272,7 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
     ;(this._addAuthenticator as unknown) = undefined
     ;(this._listAuthenticators as unknown) = undefined
     ;(this._deleteAuthenticator as unknown) = undefined
-    ;(this._verifyAuthenticator as unknown) = undefined
+    ;(this._getAuthenticatorAuthenticationResponse as unknown) = undefined
     ;(this._listRevisions as unknown) = undefined
     ;(this._getRevision as unknown) = undefined
     ;(this._deleteRevision as unknown) = undefined
@@ -1849,7 +1849,7 @@ export class SNApplication implements ApplicationInterface, AppGroupManagedAppli
 
     this._deleteAuthenticator = new DeleteAuthenticator(this.authenticatorManager)
 
-    this._verifyAuthenticator = new VerifyAuthenticator(
+    this._getAuthenticatorAuthenticationResponse = new GetAuthenticatorAuthenticationResponse(
       this.authenticatorManager,
       this.options.u2fAuthenticatorVerificationPromptFunction,
     )