mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-16 19:30:13 -04:00
Remove webauthn hooks
This changeset removes webauthn from the Notify.gov admin app. We are not using webauthn at all in our implementation and will be looking at an entirely different authentication system in the near future. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
@@ -1,74 +0,0 @@
|
||||
(function (window) {
|
||||
"use strict";
|
||||
|
||||
window.GOVUK.Modules.AuthenticateSecurityKey = function () {
|
||||
this.start = function (component) {
|
||||
$(component)
|
||||
.on('click', function (event) {
|
||||
event.preventDefault();
|
||||
|
||||
// hide any existing error prompt
|
||||
window.GOVUK.ErrorBanner.hideBanner();
|
||||
|
||||
fetch('/webauthn/authenticate')
|
||||
.then(response => {
|
||||
if (!response.ok) {
|
||||
throw Error(response.statusText);
|
||||
}
|
||||
|
||||
return response.arrayBuffer();
|
||||
})
|
||||
.then(data => {
|
||||
var options = window.CBOR.decode(data);
|
||||
// triggers browser dialogue to login with authenticator
|
||||
return window.navigator.credentials.get(options);
|
||||
})
|
||||
.then(credential => {
|
||||
const currentURL = new URL(window.location.href);
|
||||
|
||||
// create authenticateURL from admin hostname plus /webauthn/authenticate path
|
||||
const authenticateURL = new URL('/webauthn/authenticate', window.location.href);
|
||||
|
||||
const nextUrl = currentURL.searchParams.get('next');
|
||||
if (nextUrl) {
|
||||
// takes nextUrl from the query string on the current browser URL
|
||||
// (which should be /two-factor-webauthn) and pass it through to
|
||||
// the POST. put it in a query string so it's consistent with how
|
||||
// the other login flows manage it
|
||||
authenticateURL.searchParams.set('next', nextUrl);
|
||||
}
|
||||
|
||||
return fetch(authenticateURL, {
|
||||
method: 'POST',
|
||||
headers: { 'X-CSRFToken': component.data('csrfToken') },
|
||||
body: window.CBOR.encode({
|
||||
credentialId: new Uint8Array(credential.rawId),
|
||||
authenticatorData: new Uint8Array(credential.response.authenticatorData),
|
||||
signature: new Uint8Array(credential.response.signature),
|
||||
clientDataJSON: new Uint8Array(credential.response.clientDataJSON),
|
||||
})
|
||||
});
|
||||
})
|
||||
.then(response => {
|
||||
if (!response.ok) {
|
||||
throw Error(response.statusText);
|
||||
}
|
||||
|
||||
return response.arrayBuffer();
|
||||
})
|
||||
.then(cbor => {
|
||||
return Promise.resolve(window.CBOR.decode(cbor));
|
||||
})
|
||||
.then(data => {
|
||||
window.location.assign(data.redirect_url);
|
||||
})
|
||||
.catch(error => {
|
||||
console.error(error);
|
||||
// some browsers will show an error dialogue for some
|
||||
// errors; to be safe we always display an error message on the page.
|
||||
window.GOVUK.ErrorBanner.showBanner();
|
||||
});
|
||||
});
|
||||
};
|
||||
};
|
||||
}) (window);
|
||||
@@ -1,58 +0,0 @@
|
||||
(function(window) {
|
||||
"use strict";
|
||||
|
||||
window.GOVUK.Modules.RegisterSecurityKey = function() {
|
||||
this.start = function(component) {
|
||||
$(component)
|
||||
.on('click', function(event) {
|
||||
event.preventDefault();
|
||||
|
||||
// hide any existing error prompt
|
||||
window.GOVUK.ErrorBanner.hideBanner();
|
||||
|
||||
fetch('/webauthn/register')
|
||||
.then((response) => {
|
||||
if (!response.ok) {
|
||||
throw Error(response.statusText);
|
||||
}
|
||||
|
||||
return response.arrayBuffer();
|
||||
})
|
||||
.then((data) => {
|
||||
var options = window.CBOR.decode(data);
|
||||
// triggers browser dialogue to select authenticator
|
||||
return window.navigator.credentials.create(options);
|
||||
})
|
||||
.then((credential) => {
|
||||
return postWebAuthnCreateResponse(
|
||||
credential.response, component.data('csrfToken')
|
||||
);
|
||||
})
|
||||
.then((response) => {
|
||||
if (!response.ok) {
|
||||
throw Error(response.statusText);
|
||||
}
|
||||
|
||||
window.location.reload();
|
||||
})
|
||||
.catch((error) => {
|
||||
console.error(error);
|
||||
// some browsers will show an error dialogue for some
|
||||
// errors; to be safe we always display an error message on the page.
|
||||
window.GOVUK.ErrorBanner.showBanner();
|
||||
});
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
function postWebAuthnCreateResponse(response, csrf_token) {
|
||||
return fetch('/webauthn/register', {
|
||||
method: 'POST',
|
||||
headers: { 'X-CSRFToken': csrf_token },
|
||||
body: window.CBOR.encode({
|
||||
attestationObject: new Uint8Array(response.attestationObject),
|
||||
clientDataJSON: new Uint8Array(response.clientDataJSON),
|
||||
})
|
||||
});
|
||||
}
|
||||
})(window);
|
||||
Reference in New Issue
Block a user