U2F skeleton (#1148)
This commit is contained in:
parent
5299f16f01
commit
a14d718351
4
COPYING
4
COPYING
|
@ -94,6 +94,10 @@ Files: lemonldap-ng-manager/site/static/bwr/angular/* lemonldap-ng-manager/site/
|
||||||
Copyright: 2010-2015, Google, Inc. http://angularjs.org
|
Copyright: 2010-2015, Google, Inc. http://angularjs.org
|
||||||
License: Expat
|
License: Expat
|
||||||
|
|
||||||
|
Files: lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.*
|
||||||
|
Copyright: 2014-2015, Google Inc.
|
||||||
|
License: Expat
|
||||||
|
|
||||||
Files: lemonldap-ng-manager/site/static/bwr/angular-bootstrap/*
|
Files: lemonldap-ng-manager/site/static/bwr/angular-bootstrap/*
|
||||||
Copyright: 2012-2016, the AngularUI Team, https://github.com/organizations/angular-ui/teams/291112
|
Copyright: 2012-2016, the AngularUI Team, https://github.com/organizations/angular-ui/teams/291112
|
||||||
License: Expat
|
License: Expat
|
||||||
|
|
4
debian/copyright
vendored
4
debian/copyright
vendored
|
@ -94,6 +94,10 @@ Files: lemonldap-ng-manager/site/static/bwr/angular/* lemonldap-ng-manager/site/
|
||||||
Copyright: 2010-2015, Google, Inc. http://angularjs.org
|
Copyright: 2010-2015, Google, Inc. http://angularjs.org
|
||||||
License: Expat
|
License: Expat
|
||||||
|
|
||||||
|
Files: lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.*
|
||||||
|
Copyright: 2014-2015, Google Inc.
|
||||||
|
License: Expat
|
||||||
|
|
||||||
Files: lemonldap-ng-manager/site/static/bwr/angular-bootstrap/*
|
Files: lemonldap-ng-manager/site/static/bwr/angular-bootstrap/*
|
||||||
Copyright: 2012-2016, the AngularUI Team, https://github.com/organizations/angular-ui/teams/291112
|
Copyright: 2012-2016, the AngularUI Team, https://github.com/organizations/angular-ui/teams/291112
|
||||||
License: Expat
|
License: Expat
|
||||||
|
|
|
@ -243,6 +243,7 @@ sub defaultValues {
|
||||||
'timeoutActivityInterval' => 60,
|
'timeoutActivityInterval' => 60,
|
||||||
'trustedProxies' => '',
|
'trustedProxies' => '',
|
||||||
'twitterAuthnLevel' => 1,
|
'twitterAuthnLevel' => 1,
|
||||||
|
'u2fAppId' => 'Lemonldap::NG',
|
||||||
'userControl' => '^[\\w\\.\\-@]+$',
|
'userControl' => '^[\\w\\.\\-@]+$',
|
||||||
'userDB' => 'Demo',
|
'userDB' => 'Demo',
|
||||||
'useRedirectOnError' => 1,
|
'useRedirectOnError' => 1,
|
||||||
|
|
|
@ -2826,6 +2826,14 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
|
||||||
'twitterSecret' => {
|
'twitterSecret' => {
|
||||||
'type' => 'text'
|
'type' => 'text'
|
||||||
},
|
},
|
||||||
|
'u2fActivation' => {
|
||||||
|
'default' => 0,
|
||||||
|
'type' => 'bool'
|
||||||
|
},
|
||||||
|
'u2fAppId' => {
|
||||||
|
'default' => 'Lemonldap::NG',
|
||||||
|
'type' => 'text'
|
||||||
|
},
|
||||||
'userControl' => {
|
'userControl' => {
|
||||||
'default' => '^[\\w\\.\\-@]+$',
|
'default' => '^[\\w\\.\\-@]+$',
|
||||||
'type' => 'pcre'
|
'type' => 'pcre'
|
||||||
|
|
|
@ -661,8 +661,8 @@ sub attributes {
|
||||||
|
|
||||||
# Notification
|
# Notification
|
||||||
oldNotifFormat => {
|
oldNotifFormat => {
|
||||||
type => 'bool',
|
type => 'bool',
|
||||||
default => 0,
|
default => 0,
|
||||||
documentation => 'Use old XML format',
|
documentation => 'Use old XML format',
|
||||||
},
|
},
|
||||||
notificationWildcard => {
|
notificationWildcard => {
|
||||||
|
@ -948,6 +948,18 @@ sub attributes {
|
||||||
documentation => 'Register session timeout',
|
documentation => 'Register session timeout',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# U2F
|
||||||
|
u2fActivation => {
|
||||||
|
type => 'bool',
|
||||||
|
default => 0,
|
||||||
|
documentation => 'U2F activation',
|
||||||
|
},
|
||||||
|
u2fAppId => {
|
||||||
|
default => 'Lemonldap::NG',
|
||||||
|
type => 'text',
|
||||||
|
documentation => 'U2F application ID',
|
||||||
|
},
|
||||||
|
|
||||||
# Single session
|
# Single session
|
||||||
notifyDeleted => {
|
notifyDeleted => {
|
||||||
default => 1,
|
default => 1,
|
||||||
|
@ -1755,12 +1767,12 @@ sub attributes {
|
||||||
authentication => {
|
authentication => {
|
||||||
type => 'select',
|
type => 'select',
|
||||||
select => [
|
select => [
|
||||||
{ k => 'Apache', v => 'Apache' },
|
{ k => 'Apache', v => 'Apache' },
|
||||||
{ k => 'AD', v => 'Active Directory' },
|
{ k => 'AD', v => 'Active Directory' },
|
||||||
{ k => 'Choice', v => 'authChoice' },
|
{ k => 'Choice', v => 'authChoice' },
|
||||||
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
|
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
|
||||||
{ k => 'DBI', v => 'Database (DBI)' },
|
{ k => 'DBI', v => 'Database (DBI)' },
|
||||||
{ k => 'Demo', v => 'Demonstration' },
|
{ k => 'Demo', v => 'Demonstration' },
|
||||||
{ k => 'Facebook', v => 'Facebook' },
|
{ k => 'Facebook', v => 'Facebook' },
|
||||||
{ k => 'Google', v => 'Google' },
|
{ k => 'Google', v => 'Google' },
|
||||||
{ k => 'LDAP', v => 'LDAP' },
|
{ k => 'LDAP', v => 'LDAP' },
|
||||||
|
@ -2214,8 +2226,8 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
||||||
test => sub { 1 },
|
test => sub { 1 },
|
||||||
select => [
|
select => [
|
||||||
[
|
[
|
||||||
{ k => 'Apache', v => 'Apache' },
|
{ k => 'Apache', v => 'Apache' },
|
||||||
{ k => 'AD', v => 'Active Directory' },
|
{ k => 'AD', v => 'Active Directory' },
|
||||||
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
|
{ k => 'CAS', v => 'Central Authentication Service (CAS)' },
|
||||||
{ k => 'DBI', v => 'Database (DBI)' },
|
{ k => 'DBI', v => 'Database (DBI)' },
|
||||||
{ k => 'Demo', v => 'Demo' },
|
{ k => 'Demo', v => 'Demo' },
|
||||||
|
|
|
@ -579,6 +579,11 @@ sub tree {
|
||||||
'registerDoneSubject'
|
'registerDoneSubject'
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
title => 'u2f',
|
||||||
|
form => 'simpleInputContainer',
|
||||||
|
nodes => [ 'u2fActivation', 'u2fAppId', ]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
title => 'security',
|
title => 'security',
|
||||||
help => 'security.html#configure_security_settings',
|
help => 'security.html#configure_security_settings',
|
||||||
|
|
|
@ -629,6 +629,9 @@
|
||||||
"twitterKey": "API key",
|
"twitterKey": "API key",
|
||||||
"twitterParams": "Twitter parameters",
|
"twitterParams": "Twitter parameters",
|
||||||
"twitterSecret": "API secret",
|
"twitterSecret": "API secret",
|
||||||
|
"u2f": "U2F",
|
||||||
|
"u2fActivation": "Activation",
|
||||||
|
"u2fAppId": "Application ID",
|
||||||
"uid": "Identifier",
|
"uid": "Identifier",
|
||||||
"unknownAttrOrMacro": "Unknown attribute or macro",
|
"unknownAttrOrMacro": "Unknown attribute or macro",
|
||||||
"unknownError": "Unknown error",
|
"unknownError": "Unknown error",
|
||||||
|
|
|
@ -629,6 +629,9 @@
|
||||||
"twitterKey": "Clef de l'API",
|
"twitterKey": "Clef de l'API",
|
||||||
"twitterParams": "Paramètres Twitter",
|
"twitterParams": "Paramètres Twitter",
|
||||||
"twitterSecret": "Secret de l'API",
|
"twitterSecret": "Secret de l'API",
|
||||||
|
"u2f": "U2F",
|
||||||
|
"u2fActivation": "Activation",
|
||||||
|
"u2fAppId": "Identifiant de l'application",
|
||||||
"uid": "Identifiant",
|
"uid": "Identifiant",
|
||||||
"unknownAttrOrMacro": "Attribut ou macro inconnu",
|
"unknownAttrOrMacro": "Attribut ou macro inconnu",
|
||||||
"unknownError": "Erreur inconnue",
|
"unknownError": "Erreur inconnue",
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -74,10 +74,16 @@ sub enabledPlugins {
|
||||||
push @res, "::Password::$p" if ( $p ne 'Null' );
|
push @res, "::Password::$p" if ( $p ne 'Null' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# U2F
|
||||||
|
if ( $self->conf->{u2fActivation} ) {
|
||||||
|
push @res, '::Register::U2F', '::Plugins::U2F';
|
||||||
|
}
|
||||||
|
|
||||||
# Check if custom plugins are required
|
# Check if custom plugins are required
|
||||||
# TODO: change this name
|
# TODO: change this name
|
||||||
if ( $self->conf->{customPlugins} ) {
|
if ( $self->conf->{customPlugins} ) {
|
||||||
$self->lmLog( 'Custom plugins: ' . $self->conf->{customPlugins}, 'debug' );
|
$self->lmLog( 'Custom plugins: ' . $self->conf->{customPlugins},
|
||||||
|
'debug' );
|
||||||
push @res, grep ( /\w/, split( /,\s*/, $self->conf->{customPlugins} ) );
|
push @res, grep ( /\w/, split( /,\s*/, $self->conf->{customPlugins} ) );
|
||||||
}
|
}
|
||||||
return @res;
|
return @res;
|
||||||
|
|
14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/U2F.pm
Normal file
14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/U2F.pm
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
package Lemonldap::NG::Portal::Plugins::U2F;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Mouse;
|
||||||
|
|
||||||
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
|
sub init {
|
||||||
|
1;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
51
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/U2F.pm
Normal file
51
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Register/U2F.pm
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
package Lemonldap::NG::Portal::Register::U2F;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Mouse;
|
||||||
|
|
||||||
|
our $VERSION = '2.0.0';
|
||||||
|
|
||||||
|
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||||
|
|
||||||
|
has crypter => ( is => 'rw' );
|
||||||
|
|
||||||
|
sub init {
|
||||||
|
my ($self) = @_;
|
||||||
|
eval 'use Crypt::U2F::Server::Simple';
|
||||||
|
if ($@) {
|
||||||
|
$self->error("Can't load U2F library: $@");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
unless (
|
||||||
|
$self->crypter(
|
||||||
|
Crypt::U2F::Server::Simple->new(
|
||||||
|
appId => $self->conf->{u2fAppId},
|
||||||
|
origin => $self->conf->{portal},
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
{
|
||||||
|
$self->error( Crypt::U2F::Server::Simple::lastError() );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
$self->addAuthRoute( u2f => 'run', [ 'GET', 'POST' ] );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub run {
|
||||||
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
# Check for registration response
|
||||||
|
if ( my $rd = $req->param('registration') ) {
|
||||||
|
$self->lmLog( "Get registration data $rd", 'debug' );
|
||||||
|
my ( $keyHandle, $userKey ) = $self->crypter->registrationVerify($rd);
|
||||||
|
$self->lmLog( "Handle: $keyHandle, Key: $userKey", 'debug' );
|
||||||
|
$self->p->updatePersistentSession( $req,
|
||||||
|
{ _u2fHandle => $keyHandle, _u2fKey => $userKey } );
|
||||||
|
return $self->sendHtml( $req, 'u2fregister', params => { SUCCESS => 1 } );
|
||||||
|
}
|
||||||
|
return $self->sendHtml( $req, 'u2fregister',
|
||||||
|
params => { CHALLENGE => $challenge, APPID=>$self->conf->{u2fAppId} } );
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
14
lemonldap-ng-portal/site/coffee/u2fregistration.coffee
Normal file
14
lemonldap-ng-portal/site/coffee/u2fregistration.coffee
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
###
|
||||||
|
LemonLDAP::NG U2F registration script
|
||||||
|
###
|
||||||
|
|
||||||
|
register = ->
|
||||||
|
request =
|
||||||
|
challenge: window.datas.challenge
|
||||||
|
version: 'U2F_V2'
|
||||||
|
u2f.register window.datas.appId, request, [], (data) ->
|
||||||
|
$('#bind-data').val JSON.stringify data
|
||||||
|
$('#bind-form').submit()
|
||||||
|
|
||||||
|
$(document).ready ->
|
||||||
|
setTimeout register, 1000
|
748
lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.js
Normal file
748
lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.js
Normal file
|
@ -0,0 +1,748 @@
|
||||||
|
//Copyright 2014-2015 Google Inc. All rights reserved.
|
||||||
|
|
||||||
|
//Use of this source code is governed by a BSD-style
|
||||||
|
//license that can be found in the LICENSE file or at
|
||||||
|
//https://developers.google.com/open-source/licenses/bsd
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @fileoverview The U2F api.
|
||||||
|
*/
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Namespace for the U2F api.
|
||||||
|
* @type {Object}
|
||||||
|
*/
|
||||||
|
var u2f = u2f || {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* FIDO U2F Javascript API Version
|
||||||
|
* @number
|
||||||
|
*/
|
||||||
|
var js_api_version;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The U2F extension id
|
||||||
|
* @const {string}
|
||||||
|
*/
|
||||||
|
// The Chrome packaged app extension ID.
|
||||||
|
// Uncomment this if you want to deploy a server instance that uses
|
||||||
|
// the package Chrome app and does not require installing the U2F Chrome extension.
|
||||||
|
u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
|
||||||
|
// The U2F Chrome extension ID.
|
||||||
|
// Uncomment this if you want to deploy a server instance that uses
|
||||||
|
// the U2F Chrome extension to authenticate.
|
||||||
|
// u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Message types for messsages to/from the extension
|
||||||
|
* @const
|
||||||
|
* @enum {string}
|
||||||
|
*/
|
||||||
|
u2f.MessageTypes = {
|
||||||
|
'U2F_REGISTER_REQUEST': 'u2f_register_request',
|
||||||
|
'U2F_REGISTER_RESPONSE': 'u2f_register_response',
|
||||||
|
'U2F_SIGN_REQUEST': 'u2f_sign_request',
|
||||||
|
'U2F_SIGN_RESPONSE': 'u2f_sign_response',
|
||||||
|
'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
|
||||||
|
'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Response status codes
|
||||||
|
* @const
|
||||||
|
* @enum {number}
|
||||||
|
*/
|
||||||
|
u2f.ErrorCodes = {
|
||||||
|
'OK': 0,
|
||||||
|
'OTHER_ERROR': 1,
|
||||||
|
'BAD_REQUEST': 2,
|
||||||
|
'CONFIGURATION_UNSUPPORTED': 3,
|
||||||
|
'DEVICE_INELIGIBLE': 4,
|
||||||
|
'TIMEOUT': 5
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A message for registration requests
|
||||||
|
* @typedef {{
|
||||||
|
* type: u2f.MessageTypes,
|
||||||
|
* appId: ?string,
|
||||||
|
* timeoutSeconds: ?number,
|
||||||
|
* requestId: ?number
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.U2fRequest;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A message for registration responses
|
||||||
|
* @typedef {{
|
||||||
|
* type: u2f.MessageTypes,
|
||||||
|
* responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
|
||||||
|
* requestId: ?number
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.U2fResponse;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* An error object for responses
|
||||||
|
* @typedef {{
|
||||||
|
* errorCode: u2f.ErrorCodes,
|
||||||
|
* errorMessage: ?string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.Error;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a single sign request.
|
||||||
|
* @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}}
|
||||||
|
*/
|
||||||
|
u2f.Transport;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a single sign request.
|
||||||
|
* @typedef {Array<u2f.Transport>}
|
||||||
|
*/
|
||||||
|
u2f.Transports;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a single sign request.
|
||||||
|
* @typedef {{
|
||||||
|
* version: string,
|
||||||
|
* challenge: string,
|
||||||
|
* keyHandle: string,
|
||||||
|
* appId: string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.SignRequest;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a sign response.
|
||||||
|
* @typedef {{
|
||||||
|
* keyHandle: string,
|
||||||
|
* signatureData: string,
|
||||||
|
* clientData: string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.SignResponse;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a registration request.
|
||||||
|
* @typedef {{
|
||||||
|
* version: string,
|
||||||
|
* challenge: string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.RegisterRequest;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a registration response.
|
||||||
|
* @typedef {{
|
||||||
|
* version: string,
|
||||||
|
* keyHandle: string,
|
||||||
|
* transports: Transports,
|
||||||
|
* appId: string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.RegisterResponse;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a registered key.
|
||||||
|
* @typedef {{
|
||||||
|
* version: string,
|
||||||
|
* keyHandle: string,
|
||||||
|
* transports: ?Transports,
|
||||||
|
* appId: ?string
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.RegisteredKey;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Data object for a get API register response.
|
||||||
|
* @typedef {{
|
||||||
|
* js_api_version: number
|
||||||
|
* }}
|
||||||
|
*/
|
||||||
|
u2f.GetJsApiVersionResponse;
|
||||||
|
|
||||||
|
|
||||||
|
//Low level MessagePort API support
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets up a MessagePort to the U2F extension using the
|
||||||
|
* available mechanisms.
|
||||||
|
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
|
||||||
|
*/
|
||||||
|
u2f.getMessagePort = function(callback) {
|
||||||
|
if (typeof chrome != 'undefined' && chrome.runtime) {
|
||||||
|
// The actual message here does not matter, but we need to get a reply
|
||||||
|
// for the callback to run. Thus, send an empty signature request
|
||||||
|
// in order to get a failure response.
|
||||||
|
var msg = {
|
||||||
|
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||||
|
signRequests: []
|
||||||
|
};
|
||||||
|
chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
|
||||||
|
if (!chrome.runtime.lastError) {
|
||||||
|
// We are on a whitelisted origin and can talk directly
|
||||||
|
// with the extension.
|
||||||
|
u2f.getChromeRuntimePort_(callback);
|
||||||
|
} else {
|
||||||
|
// chrome.runtime was available, but we couldn't message
|
||||||
|
// the extension directly, use iframe
|
||||||
|
u2f.getIframePort_(callback);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else if (u2f.isAndroidChrome_()) {
|
||||||
|
u2f.getAuthenticatorPort_(callback);
|
||||||
|
} else if (u2f.isIosChrome_()) {
|
||||||
|
u2f.getIosPort_(callback);
|
||||||
|
} else {
|
||||||
|
// chrome.runtime was not available at all, which is normal
|
||||||
|
// when this origin doesn't have access to any extensions.
|
||||||
|
u2f.getIframePort_(callback);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Detect chrome running on android based on the browser's useragent.
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.isAndroidChrome_ = function() {
|
||||||
|
var userAgent = navigator.userAgent;
|
||||||
|
return userAgent.indexOf('Chrome') != -1 &&
|
||||||
|
userAgent.indexOf('Android') != -1;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Detect chrome running on iOS based on the browser's platform.
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.isIosChrome_ = function() {
|
||||||
|
return $.inArray(navigator.platform, ["iPhone", "iPad", "iPod"]) > -1;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Connects directly to the extension via chrome.runtime.connect.
|
||||||
|
* @param {function(u2f.WrappedChromeRuntimePort_)} callback
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.getChromeRuntimePort_ = function(callback) {
|
||||||
|
var port = chrome.runtime.connect(u2f.EXTENSION_ID,
|
||||||
|
{'includeTlsChannelId': true});
|
||||||
|
setTimeout(function() {
|
||||||
|
callback(new u2f.WrappedChromeRuntimePort_(port));
|
||||||
|
}, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a 'port' abstraction to the Authenticator app.
|
||||||
|
* @param {function(u2f.WrappedAuthenticatorPort_)} callback
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.getAuthenticatorPort_ = function(callback) {
|
||||||
|
setTimeout(function() {
|
||||||
|
callback(new u2f.WrappedAuthenticatorPort_());
|
||||||
|
}, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a 'port' abstraction to the iOS client app.
|
||||||
|
* @param {function(u2f.WrappedIosPort_)} callback
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.getIosPort_ = function(callback) {
|
||||||
|
setTimeout(function() {
|
||||||
|
callback(new u2f.WrappedIosPort_());
|
||||||
|
}, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A wrapper for chrome.runtime.Port that is compatible with MessagePort.
|
||||||
|
* @param {Port} port
|
||||||
|
* @constructor
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.WrappedChromeRuntimePort_ = function(port) {
|
||||||
|
this.port_ = port;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Format and return a sign request compliant with the JS API version supported by the extension.
|
||||||
|
* @param {Array<u2f.SignRequest>} signRequests
|
||||||
|
* @param {number} timeoutSeconds
|
||||||
|
* @param {number} reqId
|
||||||
|
* @return {Object}
|
||||||
|
*/
|
||||||
|
u2f.formatSignRequest_ =
|
||||||
|
function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
|
||||||
|
if (js_api_version === undefined || js_api_version < 1.1) {
|
||||||
|
// Adapt request to the 1.0 JS API
|
||||||
|
var signRequests = [];
|
||||||
|
for (var i = 0; i < registeredKeys.length; i++) {
|
||||||
|
signRequests[i] = {
|
||||||
|
version: registeredKeys[i].version,
|
||||||
|
challenge: challenge,
|
||||||
|
keyHandle: registeredKeys[i].keyHandle,
|
||||||
|
appId: appId
|
||||||
|
};
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||||
|
signRequests: signRequests,
|
||||||
|
timeoutSeconds: timeoutSeconds,
|
||||||
|
requestId: reqId
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// JS 1.1 API
|
||||||
|
return {
|
||||||
|
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||||
|
appId: appId,
|
||||||
|
challenge: challenge,
|
||||||
|
registeredKeys: registeredKeys,
|
||||||
|
timeoutSeconds: timeoutSeconds,
|
||||||
|
requestId: reqId
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Format and return a register request compliant with the JS API version supported by the extension..
|
||||||
|
* @param {Array<u2f.SignRequest>} signRequests
|
||||||
|
* @param {Array<u2f.RegisterRequest>} signRequests
|
||||||
|
* @param {number} timeoutSeconds
|
||||||
|
* @param {number} reqId
|
||||||
|
* @return {Object}
|
||||||
|
*/
|
||||||
|
u2f.formatRegisterRequest_ =
|
||||||
|
function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
|
||||||
|
if (js_api_version === undefined || js_api_version < 1.1) {
|
||||||
|
// Adapt request to the 1.0 JS API
|
||||||
|
for (var i = 0; i < registerRequests.length; i++) {
|
||||||
|
registerRequests[i].appId = appId;
|
||||||
|
}
|
||||||
|
var signRequests = [];
|
||||||
|
for (var i = 0; i < registeredKeys.length; i++) {
|
||||||
|
signRequests[i] = {
|
||||||
|
version: registeredKeys[i].version,
|
||||||
|
challenge: registerRequests[0],
|
||||||
|
keyHandle: registeredKeys[i].keyHandle,
|
||||||
|
appId: appId
|
||||||
|
};
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
|
||||||
|
signRequests: signRequests,
|
||||||
|
registerRequests: registerRequests,
|
||||||
|
timeoutSeconds: timeoutSeconds,
|
||||||
|
requestId: reqId
|
||||||
|
};
|
||||||
|
}
|
||||||
|
// JS 1.1 API
|
||||||
|
return {
|
||||||
|
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
|
||||||
|
appId: appId,
|
||||||
|
registerRequests: registerRequests,
|
||||||
|
registeredKeys: registeredKeys,
|
||||||
|
timeoutSeconds: timeoutSeconds,
|
||||||
|
requestId: reqId
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Posts a message on the underlying channel.
|
||||||
|
* @param {Object} message
|
||||||
|
*/
|
||||||
|
u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
|
||||||
|
this.port_.postMessage(message);
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Emulates the HTML 5 addEventListener interface. Works only for the
|
||||||
|
* onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
|
||||||
|
* @param {string} eventName
|
||||||
|
* @param {function({data: Object})} handler
|
||||||
|
*/
|
||||||
|
u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
|
||||||
|
function(eventName, handler) {
|
||||||
|
var name = eventName.toLowerCase();
|
||||||
|
if (name == 'message' || name == 'onmessage') {
|
||||||
|
this.port_.onMessage.addListener(function(message) {
|
||||||
|
// Emulate a minimal MessageEvent object
|
||||||
|
handler({'data': message});
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
console.error('WrappedChromeRuntimePort only supports onMessage');
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Wrap the Authenticator app with a MessagePort interface.
|
||||||
|
* @constructor
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_ = function() {
|
||||||
|
this.requestId_ = -1;
|
||||||
|
this.requestObject_ = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Launch the Authenticator intent.
|
||||||
|
* @param {Object} message
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
|
||||||
|
var intentUrl =
|
||||||
|
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
|
||||||
|
';S.request=' + encodeURIComponent(JSON.stringify(message)) +
|
||||||
|
';end';
|
||||||
|
document.location = intentUrl;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tells what type of port this is.
|
||||||
|
* @return {String} port type
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
|
||||||
|
return "WrappedAuthenticatorPort_";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Emulates the HTML 5 addEventListener interface.
|
||||||
|
* @param {string} eventName
|
||||||
|
* @param {function({data: Object})} handler
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
|
||||||
|
var name = eventName.toLowerCase();
|
||||||
|
if (name == 'message') {
|
||||||
|
var self = this;
|
||||||
|
/* Register a callback to that executes when
|
||||||
|
* chrome injects the response. */
|
||||||
|
window.addEventListener(
|
||||||
|
'message', self.onRequestUpdate_.bind(self, handler), false);
|
||||||
|
} else {
|
||||||
|
console.error('WrappedAuthenticatorPort only supports message');
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Callback invoked when a response is received from the Authenticator.
|
||||||
|
* @param function({data: Object}) callback
|
||||||
|
* @param {Object} message message Object
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
|
||||||
|
function(callback, message) {
|
||||||
|
var messageObject = JSON.parse(message.data);
|
||||||
|
var intentUrl = messageObject['intentURL'];
|
||||||
|
|
||||||
|
var errorCode = messageObject['errorCode'];
|
||||||
|
var responseObject = null;
|
||||||
|
if (messageObject.hasOwnProperty('data')) {
|
||||||
|
responseObject = /** @type {Object} */ (
|
||||||
|
JSON.parse(messageObject['data']));
|
||||||
|
}
|
||||||
|
|
||||||
|
callback({'data': responseObject});
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Base URL for intents to Authenticator.
|
||||||
|
* @const
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
|
||||||
|
'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Wrap the iOS client app with a MessagePort interface.
|
||||||
|
* @constructor
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.WrappedIosPort_ = function() {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Launch the iOS client app request
|
||||||
|
* @param {Object} message
|
||||||
|
*/
|
||||||
|
u2f.WrappedIosPort_.prototype.postMessage = function(message) {
|
||||||
|
var str = JSON.stringify(message);
|
||||||
|
var url = "u2f://auth?" + encodeURI(str);
|
||||||
|
location.replace(url);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tells what type of port this is.
|
||||||
|
* @return {String} port type
|
||||||
|
*/
|
||||||
|
u2f.WrappedIosPort_.prototype.getPortType = function() {
|
||||||
|
return "WrappedIosPort_";
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Emulates the HTML 5 addEventListener interface.
|
||||||
|
* @param {string} eventName
|
||||||
|
* @param {function({data: Object})} handler
|
||||||
|
*/
|
||||||
|
u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
|
||||||
|
var name = eventName.toLowerCase();
|
||||||
|
if (name !== 'message') {
|
||||||
|
console.error('WrappedIosPort only supports message');
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets up an embedded trampoline iframe, sourced from the extension.
|
||||||
|
* @param {function(MessagePort)} callback
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.getIframePort_ = function(callback) {
|
||||||
|
// Create the iframe
|
||||||
|
var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
|
||||||
|
var iframe = document.createElement('iframe');
|
||||||
|
iframe.src = iframeOrigin + '/u2f-comms.html';
|
||||||
|
iframe.setAttribute('style', 'display:none');
|
||||||
|
document.body.appendChild(iframe);
|
||||||
|
|
||||||
|
var channel = new MessageChannel();
|
||||||
|
var ready = function(message) {
|
||||||
|
if (message.data == 'ready') {
|
||||||
|
channel.port1.removeEventListener('message', ready);
|
||||||
|
callback(channel.port1);
|
||||||
|
} else {
|
||||||
|
console.error('First event on iframe port was not "ready"');
|
||||||
|
}
|
||||||
|
};
|
||||||
|
channel.port1.addEventListener('message', ready);
|
||||||
|
channel.port1.start();
|
||||||
|
|
||||||
|
iframe.addEventListener('load', function() {
|
||||||
|
// Deliver the port to the iframe and initialize
|
||||||
|
iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
//High-level JS API
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default extension response timeout in seconds.
|
||||||
|
* @const
|
||||||
|
*/
|
||||||
|
u2f.EXTENSION_TIMEOUT_SEC = 30;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A singleton instance for a MessagePort to the extension.
|
||||||
|
* @type {MessagePort|u2f.WrappedChromeRuntimePort_}
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.port_ = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Callbacks waiting for a port
|
||||||
|
* @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.waitingForPort_ = [];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A counter for requestIds.
|
||||||
|
* @type {number}
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.reqCounter_ = 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A map from requestIds to client callbacks
|
||||||
|
* @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
|
||||||
|
* |function((u2f.Error|u2f.SignResponse)))>}
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.callbackMap_ = {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates or retrieves the MessagePort singleton to use.
|
||||||
|
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.getPortSingleton_ = function(callback) {
|
||||||
|
if (u2f.port_) {
|
||||||
|
callback(u2f.port_);
|
||||||
|
} else {
|
||||||
|
if (u2f.waitingForPort_.length == 0) {
|
||||||
|
u2f.getMessagePort(function(port) {
|
||||||
|
u2f.port_ = port;
|
||||||
|
u2f.port_.addEventListener('message',
|
||||||
|
/** @type {function(Event)} */ (u2f.responseHandler_));
|
||||||
|
|
||||||
|
// Careful, here be async callbacks. Maybe.
|
||||||
|
while (u2f.waitingForPort_.length)
|
||||||
|
u2f.waitingForPort_.shift()(u2f.port_);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
u2f.waitingForPort_.push(callback);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handles response messages from the extension.
|
||||||
|
* @param {MessageEvent.<u2f.Response>} message
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
u2f.responseHandler_ = function(message) {
|
||||||
|
var response = message.data;
|
||||||
|
var reqId = response['requestId'];
|
||||||
|
if (!reqId || !u2f.callbackMap_[reqId]) {
|
||||||
|
console.error('Unknown or missing requestId in response.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
var cb = u2f.callbackMap_[reqId];
|
||||||
|
delete u2f.callbackMap_[reqId];
|
||||||
|
cb(response['responseData']);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dispatches an array of sign requests to available U2F tokens.
|
||||||
|
* If the JS API version supported by the extension is unknown, it first sends a
|
||||||
|
* message to the extension to find out the supported API version and then it sends
|
||||||
|
* the sign request.
|
||||||
|
* @param {string=} appId
|
||||||
|
* @param {string=} challenge
|
||||||
|
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||||
|
* @param {function((u2f.Error|u2f.SignResponse))} callback
|
||||||
|
* @param {number=} opt_timeoutSeconds
|
||||||
|
*/
|
||||||
|
u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
|
||||||
|
if (js_api_version === undefined) {
|
||||||
|
// Send a message to get the extension to JS API version, then send the actual sign request.
|
||||||
|
u2f.getApiVersion(
|
||||||
|
function (response) {
|
||||||
|
js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
|
||||||
|
console.log("Extension JS API Version: ", js_api_version);
|
||||||
|
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// We know the JS API version. Send the actual sign request in the supported API version.
|
||||||
|
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dispatches an array of sign requests to available U2F tokens.
|
||||||
|
* @param {string=} appId
|
||||||
|
* @param {string=} challenge
|
||||||
|
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||||
|
* @param {function((u2f.Error|u2f.SignResponse))} callback
|
||||||
|
* @param {number=} opt_timeoutSeconds
|
||||||
|
*/
|
||||||
|
u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
|
||||||
|
u2f.getPortSingleton_(function(port) {
|
||||||
|
var reqId = ++u2f.reqCounter_;
|
||||||
|
u2f.callbackMap_[reqId] = callback;
|
||||||
|
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||||
|
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
|
||||||
|
var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
|
||||||
|
port.postMessage(req);
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dispatches register requests to available U2F tokens. An array of sign
|
||||||
|
* requests identifies already registered tokens.
|
||||||
|
* If the JS API version supported by the extension is unknown, it first sends a
|
||||||
|
* message to the extension to find out the supported API version and then it sends
|
||||||
|
* the register request.
|
||||||
|
* @param {string=} appId
|
||||||
|
* @param {Array<u2f.RegisterRequest>} registerRequests
|
||||||
|
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||||
|
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
|
||||||
|
* @param {number=} opt_timeoutSeconds
|
||||||
|
*/
|
||||||
|
u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
|
||||||
|
if (js_api_version === undefined) {
|
||||||
|
// Send a message to get the extension to JS API version, then send the actual register request.
|
||||||
|
u2f.getApiVersion(
|
||||||
|
function (response) {
|
||||||
|
js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
|
||||||
|
console.log("Extension JS API Version: ", js_api_version);
|
||||||
|
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
|
||||||
|
callback, opt_timeoutSeconds);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// We know the JS API version. Send the actual register request in the supported API version.
|
||||||
|
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
|
||||||
|
callback, opt_timeoutSeconds);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dispatches register requests to available U2F tokens. An array of sign
|
||||||
|
* requests identifies already registered tokens.
|
||||||
|
* @param {string=} appId
|
||||||
|
* @param {Array<u2f.RegisterRequest>} registerRequests
|
||||||
|
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||||
|
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
|
||||||
|
* @param {number=} opt_timeoutSeconds
|
||||||
|
*/
|
||||||
|
u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
|
||||||
|
u2f.getPortSingleton_(function(port) {
|
||||||
|
var reqId = ++u2f.reqCounter_;
|
||||||
|
u2f.callbackMap_[reqId] = callback;
|
||||||
|
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||||
|
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
|
||||||
|
var req = u2f.formatRegisterRequest_(
|
||||||
|
appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
|
||||||
|
port.postMessage(req);
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dispatches a message to the extension to find out the supported
|
||||||
|
* JS API version.
|
||||||
|
* If the user is on a mobile phone and is thus using Google Authenticator instead
|
||||||
|
* of the Chrome extension, don't send the request and simply return 0.
|
||||||
|
* @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
|
||||||
|
* @param {number=} opt_timeoutSeconds
|
||||||
|
*/
|
||||||
|
u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
|
||||||
|
u2f.getPortSingleton_(function(port) {
|
||||||
|
// If we are using Android Google Authenticator or iOS client app,
|
||||||
|
// do not fire an intent to ask which JS API version to use.
|
||||||
|
if (port.getPortType) {
|
||||||
|
var apiVersion;
|
||||||
|
switch (port.getPortType()) {
|
||||||
|
case 'WrappedIosPort_':
|
||||||
|
case 'WrappedAuthenticatorPort_':
|
||||||
|
apiVersion = 1.1;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
apiVersion = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
callback({ 'js_api_version': apiVersion });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
var reqId = ++u2f.reqCounter_;
|
||||||
|
u2f.callbackMap_[reqId] = callback;
|
||||||
|
var req = {
|
||||||
|
type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
|
||||||
|
timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||||
|
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
|
||||||
|
requestId: reqId
|
||||||
|
};
|
||||||
|
port.postMessage(req);
|
||||||
|
});
|
||||||
|
};
|
1
lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.min.js
vendored
Normal file
1
lemonldap-ng-portal/site/htdocs/static/common/js/u2f-api.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,26 @@
|
||||||
|
// Generated by CoffeeScript 1.10.0
|
||||||
|
|
||||||
|
/*
|
||||||
|
LemonLDAP::NG U2F registration script
|
||||||
|
*/
|
||||||
|
|
||||||
|
(function() {
|
||||||
|
var register;
|
||||||
|
|
||||||
|
register = function() {
|
||||||
|
var request;
|
||||||
|
request = {
|
||||||
|
challenge: window.datas.challenge,
|
||||||
|
version: 'U2F_V2'
|
||||||
|
};
|
||||||
|
return u2f.register(window.datas.appId, request, [], function(data) {
|
||||||
|
$('#bind-data').val(JSON.stringify(data));
|
||||||
|
return $('#bind-form').submit();
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
$(document).ready(function() {
|
||||||
|
return setTimeout(register, 1000);
|
||||||
|
});
|
||||||
|
|
||||||
|
}).call(this);
|
1
lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
vendored
Normal file
1
lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
(function(){var a;a=function(){var b;b={challenge:window.datas.challenge,version:"U2F_V2"};return u2f.register(window.datas.appId,b,[],function(c){$("#bind-data").val(JSON.stringify(c));return $("#bind-form").submit()})};$(document).ready(function(){return setTimeout(a,1000)})}).call(this);
|
|
@ -186,6 +186,9 @@
|
||||||
"serviceProvidedBy":"Service provided by",
|
"serviceProvidedBy":"Service provided by",
|
||||||
"SSOSessionInactive":"SSO session inactive",
|
"SSOSessionInactive":"SSO session inactive",
|
||||||
"submit":"Submit",
|
"submit":"Submit",
|
||||||
|
"touchU2fDevice": "Please touch the flashing U2F device now.",
|
||||||
|
"u2fPermission": "You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.",
|
||||||
|
"u2fSuccess": "Your key is registered",
|
||||||
"updateCdc": "Update Common Domain Cookie",
|
"updateCdc": "Update Common Domain Cookie",
|
||||||
"user":"User",
|
"user":"User",
|
||||||
"useYubikey":"use your Yubikey",
|
"useYubikey":"use your Yubikey",
|
||||||
|
|
|
@ -186,6 +186,9 @@
|
||||||
"serviceProvidedBy":"Ce service est fourni par",
|
"serviceProvidedBy":"Ce service est fourni par",
|
||||||
"SSOSessionInactive":"Session SSO inactive",
|
"SSOSessionInactive":"Session SSO inactive",
|
||||||
"submit":"Envoyer",
|
"submit":"Envoyer",
|
||||||
|
"touchU2fDevice": "Poser votre doigt sur le périphérique U2F",
|
||||||
|
"u2fPermission": "Il est possible qu'on vous demande d'autoriser le site à accéder à votre clef. Après votre accord, la clef clignotera.",
|
||||||
|
"u2fSuccess": "Votre clef est enregistrée",
|
||||||
"updateCdc": "Mise à jour du cookie de domaine commun",
|
"updateCdc": "Mise à jour du cookie de domaine commun",
|
||||||
"user":"Utilisateur",
|
"user":"Utilisateur",
|
||||||
"useYubikey":"utilisez votre Yubikey",
|
"useYubikey":"utilisez votre Yubikey",
|
||||||
|
|
28
lemonldap-ng-portal/site/templates/bootstrap/u2fregister.tpl
Normal file
28
lemonldap-ng-portal/site/templates/bootstrap/u2fregister.tpl
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
<TMPL_INCLUDE NAME="header.tpl">
|
||||||
|
|
||||||
|
<TMPL_IF NAME="CHALLENGE">
|
||||||
|
<p trspan="touchU2fDevice">Please touch the flashing U2F device now.</p>
|
||||||
|
<p trspan="u2fPermission">You may be prompted to allow the site permission to access your security keys. After granting permission, the device will start to blink.</p>
|
||||||
|
<form id="bind-form" action="#" method="post">
|
||||||
|
<input type="hidden" id="bind-data" name="registration" value="">
|
||||||
|
</form>
|
||||||
|
<script type="application/init">
|
||||||
|
{
|
||||||
|
"challenge":"<TMPL_VAR NAME="CHALLENGE">",
|
||||||
|
"appId": "<TMPL_VAR NAME="APPID">"
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
<!-- //if:jsminified
|
||||||
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/u2f-api.min.js"></script>
|
||||||
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/u2fregistration.min.js"></script>
|
||||||
|
//else -->
|
||||||
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/u2f-api.js"></script>
|
||||||
|
<script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/u2fregistration.js"></script>
|
||||||
|
<!-- //endif -->
|
||||||
|
</TMPL_IF>
|
||||||
|
|
||||||
|
<TMPL_IF NAME="SUCCESS">
|
||||||
|
<h3 trspan="u2fSuccess">Success</h3>
|
||||||
|
</TMPL_IF>
|
||||||
|
|
||||||
|
<TMPL_INCLUDE NAME="footer.tpl">
|
Loading…
Reference in New Issue
Block a user