fix: webauthn - NotAllowedError is thrown randomly if the user gestur…

…e invokes a setTimeout or callback
GluuFederation · Aug 17, 2021 · b2d51cf · b2d51cf
1 parent 5123783
commit b2d51cf
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 8 deletions.
diff --git a/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java b/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java
@@ -62,9 +62,19 @@ public class SecurityKey2ViewModel extends UserViewModel {
 	private boolean uiEnrolledPlatformAuthenticator;
 
 	private boolean platformAuthenticator;
+
+	private boolean showUIPlatformAuthenticator;
 
 	private ObjectMapper mapper;
 
+	public boolean isShowUIPlatformAuthenticator() {
+		return showUIPlatformAuthenticator;
+	}
+
+	public void setShowUIPlatformAuthenticator(boolean showUIPlatformAuthenticator) {
+		this.showUIPlatformAuthenticator = showUIPlatformAuthenticator;
+	}
+
 	public FidoDevice getNewDevice() {
 		return newDevice;
 	}
@@ -139,8 +149,14 @@ public void afterCompose(@ContextParam(ContextType.VIEW) Component view) {
 
 	}
 
+	public void triggerAttestationRequestPlatformAuthenticator()
+	{
+		platformAuthenticator = true;
+		triggerAttestationRequest();
+	}
+
 	public void triggerAttestationRequest() {
-		logger.debug("triggerAttestationRequest");
+		logger.debug("triggerAttestationRequest : "+platformAuthenticator);
 		try {
 
 			if (platformAuthenticator) {
@@ -157,7 +173,7 @@ public void triggerAttestationRequest() {
 			// Notify browser to exec proper function
 			UIUtils.showMessageUI(Clients.NOTIFICATION_TYPE_INFO, Labels.getLabel("usr.fido2_touch"));
 			Clients.response(
-					new AuInvoke("triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT));
+					new AuInvoke(platformAuthenticator? "triggerFido2AttestationPA" : "triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT));
 		} catch (Exception e) {
 			UIUtils.showMessageUI(false);
 			logger.error(e.getMessage(), e);
@@ -413,9 +429,10 @@ private void checkFido2Support() {
 
 	@Listen("onData=#platformAuthenticator")
 	public void updatePlatform(Event event) throws Exception {
+
+		showUIPlatformAuthenticator = Boolean.valueOf(event.getData().toString());
 		logger.debug("updatePlatform");
-		platformAuthenticator = Boolean.valueOf(event.getData().toString());
-		BindUtils.postNotifyChange(this, "platformAuthenticator");
+		BindUtils.postNotifyChange(this, "showUIPlatformAuthenticator");
 
 	}
 

diff --git a/app/src/main/webapp/scripts/gluu/fido2-util.js b/app/src/main/webapp/scripts/gluu/fido2-util.js
@@ -10,17 +10,23 @@ function initialize(wgt){
 
 function triggerFido2Attestation(req){
     //Wait half a second to start attestation
-	setTimeout(startAttestation, 500, req)
+	setTimeout(startAttestation, 1000, req)
 }
 
+function triggerFido2AttestationPA(req){
+	console.error('triggerFido2AttestationPA invoked')
+	startAttestation(req)
+}
+
+
 function startAttestation(request) {
     console.log('Executing get attestation Fido2 request'+ JSON.stringify(request))
     //setStatus('Get attestation key data.');
     //setStatus('Registration failed.');
     webauthn.createCredential(request)
         .then(data => sendBack(webauthn.responseToObject(data), "onData"))
         .catch(err => {
-            console.error('Registration failed'+ err)
+            console.error('Registration failed- '+ err)
             let errObj = {}
             errObj['excludeCredentials'] = request.excludeCredentials && request.excludeCredentials.length > 0
             errObj['name'] = err.name

diff --git a/app/src/main/webapp/user/fido2-detail.zul b/app/src/main/webapp/user/fido2-detail.zul
@@ -91,7 +91,7 @@
 
 
                 <!-- loaded when platform Authenticator exists -->
-                 <z:div class="${css.panel} bg-near-white" id="platformAuthenticator" visible="@load(vm.platformAuthenticator)">
+                 <z:div class="${css.panel} bg-near-white" id="platformAuthenticator" visible="@load(vm.showUIPlatformAuthenticator)">
                     <h2 class="f5 dark-blue2 pt1">${labels.usr.fido2_add_touchId}</h2>
                     <div class="alert alert-success dn" id="feedback-key-platform" role="alert" />
 
@@ -102,7 +102,7 @@
                         <z:image src="${assetsService.prefix}/images/throbber.gif" visible="@load(vm.uiAwaitingPlatformAuthenticator)" />
                     </div> 
                     <z:button id="readyPlatformButton" label="${labels.general.ready}" sclass="${css.primaryButton}"
-                              w:onClick="alertRef = $('#feedback-key-platform'); initialize(this)" onClick="@('triggerAttestationRequest')" />
+                              w:onClick="alertRef = $('#feedback-key-platform'); initialize(this)" onClick="@('triggerAttestationRequestPlatformAuthenticator')" />
 
                     <z:div sclass="flex flex-wrap pt2" visible="@load(vm.uiEnrolledPlatformAuthenticator)">
                         <div class="relative w5 mt3 pr3">