Refactored WebAuthn with Windows Hello support #37673
Conversation
joomla-cms-bot
added
NPM Resource Changed
|
I see several |
| * @package Joomla.Plugin | ||
| * @subpackage System.Webauthn | ||
| * | ||
| * @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org> |
There was a problem hiding this comment.
| * @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org> | |
| * @copyright (C) 2022 Open Source Matters, Inc. <https://www.joomla.org> |
There was a problem hiding this comment.
This file is renamed and moved (it was in Helper/CredentialsCreation.php), it is not created from scratch. Therefore it needs to retain its original copyright from when it was initially created. At least that's how I understand the rule that the copyright of the file must match its first appearance in the codebase.
| * @package Joomla.Plugin | ||
| * @subpackage System.Webauthn | ||
| * | ||
| * @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org> |
There was a problem hiding this comment.
| * @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org> | |
| * @copyright (C) 2022 Open Source Matters, Inc. <https://www.joomla.org> |
There was a problem hiding this comment.
Likewise, this file was in the plugin root folder as webauthn.php. It was moved into src/Extension therefore its copyright shouldn't change based on what I've been told.
plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php
Outdated
Show resolved
Hide resolved
|
Anyone know why there are no prebuilt packages for this pr? |
Co-authored-by: Roland Dalmulder <[email protected]>
Co-authored-by: Roland Dalmulder <[email protected]>
|
@brianteeman There was only one wrong Regarding the copyright dates, I left them alone in files which were moved and renamed since there's Git history placing their first appearance in 2020. If this needs to be changed to 2020-2022 please tell me and do let me know exactly what is the rule in this case because I might need to change the copyright on all other files touched by this PR as well. |
…o feature/webauth-refactor
|
Ugh... I'll have to close this PR and redo it again because rebasing to the 4.2-dev branch made Git have a stroke, again, showing two file I have not changed as modified. |
|
yes sorry I didnt spot they were moved. i swear i saw multipl since 7.0.0 last night but my eyes must have deceived me |
|
It's OK, diff views can be disorienting :) |
4 participants
Summary of Changes
Joomlahelper class, replacing it with native code 💪🏽WebAuth\Serverobject. This adds Windows Hello support without having to update to a new major version of the third party WebAuthn library 🥳Joomla.getOptions🪄Testing Instructions
Please remember to run
npm ciafter applying the PR — the JavaScript has changed.Please remember to use HTTPS with a certificate trusted by your computer; WebAuthn doesn't work on plain HTTP.
Please use a relatively recent (2019 onwards) build of Chrome, Edge, Firefox etc.
Go to your user profile in the backend of the site.
Click on the ‘W3C Web Authentication (WebAuthn)’ tab.
On a Windows computer without any hardware authenticator attached click on Add New Authenticator.
Actual result BEFORE applying this Pull Request
The browser asks you to plug in an authenticator.
Expected result AFTER applying this Pull Request
You can enter your PIN / show your face / use a fingerprint scanner to register Windows Hello as an authenticator.
Further testing
Delete the authenticator and try adding it again in the user profile page in the frontend of the site. It should still work.
Make sure that in the frontend you can delete an authenticator you added in the backend.
Make sure that in the backend you can delete an authenticator you added in the frontend.
Please make sure you can add more than one authenticators. IMPORTANT! You cannot add the same authenticator twice (in the past you could; it was a bug that went unnoticed). You can only test this if you have more than one authenticators, e.g. Windows Hello, a FIDO or FIDO2 hardware authenticator, an Android phone and so on.
Please make sure that you can edit the name of the authenticator. This was broken in #37464.
Please make sure you can log into the front- and backend of the site.
Please test on as many platforms as you have: Android (works on Android 9 and later if you have a fingerprint scanner but only on Chrome as far as I know), iOS/iPadOS (both TouchID and FaceID), macOS (TouchID, if you have a MacBook Air/Pro or an iMac/Mac Studio with Apple Silicon and the Apple keyboard with a TouchID sensor) as well as various FIDO and FIDO2 authenticators. I have tested all of these and Linux EXCEPT for Android due to lack of hardware running Android (my Android phone's battery bloated, I had to decommission it before it spontaneously turned into an incendiary grenade).
Documentation Changes Required
None! It actually make the plugin conform to the lang string which currently claims it works with Windows Hello (even though it actually doesn't on Joomla 4.0 and 4.1).