Merge branch 'main' of https://github.com/GSA/notifications-admin into 686-remove-uk-styles

# Conflicts: # app/assets/stylesheets/main.scss # app/templates/views/find-users/user-information.html # app/templates/views/two-factor-webauthn.html # app/templates/views/user-profile/manage-security-key.html # app/templates/views/user-profile/security-keys.html # gulpfile.js
2026-02-06 03:13:42 -05:00 · 2023-08-15 13:29:39 -04:00
parent 6b22c347da 01c18c9624
commit d66ff27bae
41 changed files with 337 additions and 2340 deletions
--- a/app/assets/javascripts/authenticateSecurityKey.js
+++ b/app/assets/javascripts/authenticateSecurityKey.js
@@ -1,74 +0,0 @@
-(function (window) {
-  "use strict";
-
-  window.GOVUK.Modules.AuthenticateSecurityKey = function () {
-    this.start = function (component) {
-      $(component)
-        .on('click', function (event) {
-          event.preventDefault();
-
-          // hide any existing error prompt
-          window.GOVUK.ErrorBanner.hideBanner();
-
-          fetch('/webauthn/authenticate')
-            .then(response => {
-              if (!response.ok) {
-                throw Error(response.statusText);
-              }
-
-              return response.arrayBuffer();
-            })
-            .then(data => {
-              var options = window.CBOR.decode(data);
-              // triggers browser dialogue to login with authenticator
-              return window.navigator.credentials.get(options);
-            })
-            .then(credential => {
-              const currentURL = new URL(window.location.href);
-
-              // create authenticateURL from admin hostname plus /webauthn/authenticate path
-              const authenticateURL = new URL('/webauthn/authenticate', window.location.href);
-
-              const nextUrl = currentURL.searchParams.get('next');
-              if (nextUrl) {
-                // takes nextUrl from the query string on the current browser URL
-                // (which should be /two-factor-webauthn) and pass it through to
-                // the POST. put it in a query string so it's consistent with how
-                // the other login flows manage it
-                authenticateURL.searchParams.set('next', nextUrl);
-              }
-
-              return fetch(authenticateURL, {
-                method: 'POST',
-                headers: { 'X-CSRFToken': component.data('csrfToken') },
-                body: window.CBOR.encode({
-                  credentialId: new Uint8Array(credential.rawId),
-                  authenticatorData: new Uint8Array(credential.response.authenticatorData),
-                  signature: new Uint8Array(credential.response.signature),
-                  clientDataJSON: new Uint8Array(credential.response.clientDataJSON),
-                })
-              });
-            })
-            .then(response => {
-              if (!response.ok) {
-                throw Error(response.statusText);
-              }
-
-              return response.arrayBuffer();
-            })
-            .then(cbor => {
-              return Promise.resolve(window.CBOR.decode(cbor));
-            })
-            .then(data => {
-              window.location.assign(data.redirect_url);
-            })
-            .catch(error => {
-              console.error(error);
-              // some browsers will show an error dialogue for some
-              // errors; to be safe we always display an error message on the page.
-              window.GOVUK.ErrorBanner.showBanner();
-            });
-        });
-    };
-  };
-}) (window);
--- a/app/assets/javascripts/registerSecurityKey.js
+++ b/app/assets/javascripts/registerSecurityKey.js
@@ -1,58 +0,0 @@
-(function(window) {
-  "use strict";
-
-  window.GOVUK.Modules.RegisterSecurityKey = function() {
-    this.start = function(component) {
-      $(component)
-        .on('click', function(event) {
-          event.preventDefault();
-
-          // hide any existing error prompt
-          window.GOVUK.ErrorBanner.hideBanner();
-
-          fetch('/webauthn/register')
-            .then((response) => {
-              if (!response.ok) {
-                throw Error(response.statusText);
-              }
-
-              return response.arrayBuffer();
-            })
-            .then((data) => {
-              var options = window.CBOR.decode(data);
-              // triggers browser dialogue to select authenticator
-              return window.navigator.credentials.create(options);
-            })
-            .then((credential) => {
-              return postWebAuthnCreateResponse(
-                credential.response, component.data('csrfToken')
-              );
-            })
-            .then((response) => {
-              if (!response.ok) {
-                throw Error(response.statusText);
-              }
-
-              window.location.reload();
-            })
-            .catch((error) => {
-              console.error(error);
-              // some browsers will show an error dialogue for some
-              // errors; to be safe we always display an error message on the page.
-              window.GOVUK.ErrorBanner.showBanner();
-            });
-        });
-    };
-  };
-
-  function postWebAuthnCreateResponse(response, csrf_token) {
-    return fetch('/webauthn/register', {
-      method: 'POST',
-      headers: { 'X-CSRFToken': csrf_token },
-      body: window.CBOR.encode({
-        attestationObject: new Uint8Array(response.attestationObject),
-        clientDataJSON: new Uint8Array(response.clientDataJSON),
-      })
-    });
-  }
-})(window);