public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-02-07 09:49:41 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fix WebAuthn error checking (#36219)

Browse Source 
Fixes: https://github.com/go-gitea/gitea/issues/36216

Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.

The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
This commit is contained in:
silverwind
2025-12-21 19:24:41 +01:00
committed by GitHub
parent 5151e30fb7
commit 60de6cefed
1 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
web_src/js/features/user-auth-webauthn.ts
View File

@@ -4,6 +4,9 @@ import {GET, POST} from '../modules/fetch.ts';
const {appSubUrl} = window.config; const {appSubUrl} = window.config;
/** One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element */
type ErrorType = 'general' | 'insecure' | 'browser' | 'unable-to-process' | 'duplicated' | 'unknown';
export async function initUserAuthWebAuthn() { export async function initUserAuthWebAuthn() {
const elPrompt = document.querySelector('.user.signin.webauthn-prompt'); const elPrompt = document.querySelector('.user.signin.webauthn-prompt');
const elSignInPasskeyBtn = document.querySelector('.signin-passkey'); const elSignInPasskeyBtn = document.querySelector('.signin-passkey');
@@ -11,7 +14,8 @@ export async function initUserAuthWebAuthn() {
return; return;
} }
if (!detectWebAuthnSupport()) { const errorType = detectWebAuthnSupport();
if (errorType) {
if (elSignInPasskeyBtn) hideElem(elSignInPasskeyBtn); if (elSignInPasskeyBtn) hideElem(elSignInPasskeyBtn);
return; return;
} }
@@ -177,7 +181,7 @@ async function webauthnRegistered(newCredential: any) { // TODO: Credential type
window.location.reload(); window.location.reload();
} }
function webAuthnError(errorType: string, message:string = '') { function webAuthnError(errorType: ErrorType, message:string = '') {
const elErrorMsg = document.querySelector(`#webauthn-error-msg`)!; const elErrorMsg = document.querySelector(`#webauthn-error-msg`)!;
if (errorType === 'general') { if (errorType === 'general') {
@@ -194,25 +198,26 @@ function webAuthnError(errorType: string, message:string = '') {
showElem('#webauthn-error'); showElem('#webauthn-error');
} }
function detectWebAuthnSupport() { /** Returns the error type or `null` when there was no error. */
function detectWebAuthnSupport(): ErrorType | null {
if (!window.isSecureContext) { if (!window.isSecureContext) {
webAuthnError('insecure'); return 'insecure';
return false;
} }
if (typeof window.PublicKeyCredential !== 'function') { if (typeof window.PublicKeyCredential !== 'function') {
webAuthnError('browser'); return 'browser';
return false;
} }
return true; return null;
} }
export function initUserAuthWebAuthnRegister() { export function initUserAuthWebAuthnRegister() {
const elRegister = document.querySelector<HTMLInputElement>('#register-webauthn'); const elRegister = document.querySelector<HTMLInputElement>('#register-webauthn');
if (!elRegister) return; if (!elRegister) return;
if (!detectWebAuthnSupport()) { const errorType = detectWebAuthnSupport();
if (errorType) {
webAuthnError(errorType);
elRegister.disabled = true; elRegister.disabled = true;
return; return;
} }