LG-11430: hide ft unlock unless has public credential support#9609
LG-11430: hide ft unlock unless has public credential support#9609
Conversation
…lock when computer is eligible
…ck-passkey-support
|
Can you add the pull request template to the original comment? |
aduth
left a comment
aduth
left a comment
There was a problem hiding this comment.
It's a little tricky to test, but I was able to mostly fake it and verify the input is hidden. LGTM! 👍
app/javascript/packages/webauthn/is-webauthn-platform-authenticator-available.ts
Outdated
Show resolved
Hide resolved
app/javascript/packages/webauthn/webauthn-input-element.spec.ts
Outdated
Show resolved
Hide resolved
|
For the RSpec tests, we might need to find a way to fake support in JavaScript-enabled contexts, similar to what we're doing here: identity-idp/spec/support/features/webauthn_helper.rb Lines 86 to 98 in 2afb1de e.g. Maybe something like? page.evaluate_script(<<~JS)
window.PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable = () => Promise.resolve(true);
JS |
| page.evaluate_script(<<~JS) | ||
| document.querySelectorAll('lg-webauthn-input').forEach((input) => input.connectedCallback()); | ||
| JS |
There was a problem hiding this comment.
Oof, I'd forgot about needing this. I think it makes sense, though I'd be a little concerned about future maintainability if the connected callback has some side effects that might be doubled-up by calling it explicitly like this.
In the past I'd wondered if we could use the Chrome DevTools protocol support for WebAuthn to add a "virtual" authenticator, but it was experimental and I had a hard time getting it working. Might be something to reconsider in the future.
2 participants
🎫 Ticket
LG-11430: hide ft unlock if not available
🛠 Summary of changes
This puts back the check for ensuring that platform authenticator is available for the device not just that the browser supports it.
📜 Testing Plan