From b2d51cf004006d9d3ff01a2bdd7a29af6b7deb95 Mon Sep 17 00:00:00 2001
From: Madhumita <madhu@gluu.org>
Date: Tue, 17 Aug 2021 22:01:52 +0530
Subject: [PATCH] fix: webauthn - NotAllowedError is thrown randomly if the
 user gesture invokes a setTimeout or callback

---
 .../ui/vm/user/SecurityKey2ViewModel.java     | 25 ++++++++++++++++---
 .../main/webapp/scripts/gluu/fido2-util.js    | 10 ++++++--
 app/src/main/webapp/user/fido2-detail.zul     |  4 +--
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java b/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java
index 64e9be0a5..7bde84cc6 100644
--- a/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java
+++ b/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKey2ViewModel.java
@@ -62,9 +62,19 @@ public class SecurityKey2ViewModel extends UserViewModel {
 	private boolean uiEnrolledPlatformAuthenticator;
 
 	private boolean platformAuthenticator;
+	
+	private boolean showUIPlatformAuthenticator;
 
 	private ObjectMapper mapper;
 
+	public boolean isShowUIPlatformAuthenticator() {
+		return showUIPlatformAuthenticator;
+	}
+
+	public void setShowUIPlatformAuthenticator(boolean showUIPlatformAuthenticator) {
+		this.showUIPlatformAuthenticator = showUIPlatformAuthenticator;
+	}
+
 	public FidoDevice getNewDevice() {
 		return newDevice;
 	}
@@ -139,8 +149,14 @@ public void afterCompose(@ContextParam(ContextType.VIEW) Component view) {
 
 	}
 
+	public void triggerAttestationRequestPlatformAuthenticator()
+	{
+		platformAuthenticator = true;
+		triggerAttestationRequest();
+	}
+	
 	public void triggerAttestationRequest() {
-		logger.debug("triggerAttestationRequest");
+		logger.debug("triggerAttestationRequest : "+platformAuthenticator);
 		try {
 
 			if (platformAuthenticator) {
@@ -157,7 +173,7 @@ public void triggerAttestationRequest() {
 			// Notify browser to exec proper function
 			UIUtils.showMessageUI(Clients.NOTIFICATION_TYPE_INFO, Labels.getLabel("usr.fido2_touch"));
 			Clients.response(
-					new AuInvoke("triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT));
+					new AuInvoke(platformAuthenticator? "triggerFido2AttestationPA" : "triggerFido2Attestation", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT));
 		} catch (Exception e) {
 			UIUtils.showMessageUI(false);
 			logger.error(e.getMessage(), e);
@@ -413,9 +429,10 @@ private void checkFido2Support() {
 
 	@Listen("onData=#platformAuthenticator")
 	public void updatePlatform(Event event) throws Exception {
+		
+		showUIPlatformAuthenticator = Boolean.valueOf(event.getData().toString());
 		logger.debug("updatePlatform");
-		platformAuthenticator = Boolean.valueOf(event.getData().toString());
-		BindUtils.postNotifyChange(this, "platformAuthenticator");
+		BindUtils.postNotifyChange(this, "showUIPlatformAuthenticator");
 
 	}
 
diff --git a/app/src/main/webapp/scripts/gluu/fido2-util.js b/app/src/main/webapp/scripts/gluu/fido2-util.js
index de8050046..c792d4b33 100644
--- a/app/src/main/webapp/scripts/gluu/fido2-util.js
+++ b/app/src/main/webapp/scripts/gluu/fido2-util.js
@@ -10,9 +10,15 @@ function initialize(wgt){
 
 function triggerFido2Attestation(req){
     //Wait half a second to start attestation
-	setTimeout(startAttestation, 500, req)
+	setTimeout(startAttestation, 1000, req)
 }
 
+function triggerFido2AttestationPA(req){
+	console.error('triggerFido2AttestationPA invoked')
+	startAttestation(req)
+}
+
+
 function startAttestation(request) {
     console.log('Executing get attestation Fido2 request'+ JSON.stringify(request))
     //setStatus('Get attestation key data.');
@@ -20,7 +26,7 @@ function startAttestation(request) {
     webauthn.createCredential(request)
         .then(data => sendBack(webauthn.responseToObject(data), "onData"))
         .catch(err => {
-            console.error('Registration failed'+ err)
+            console.error('Registration failed- '+ err)
             let errObj = {}
             errObj['excludeCredentials'] = request.excludeCredentials && request.excludeCredentials.length > 0
             errObj['name'] = err.name
diff --git a/app/src/main/webapp/user/fido2-detail.zul b/app/src/main/webapp/user/fido2-detail.zul
index 7c7560e72..8fa02ddca 100644
--- a/app/src/main/webapp/user/fido2-detail.zul
+++ b/app/src/main/webapp/user/fido2-detail.zul
@@ -91,7 +91,7 @@
                 
                 
                 <!-- loaded when platform Authenticator exists -->
-                 <z:div class="${css.panel} bg-near-white" id="platformAuthenticator" visible="@load(vm.platformAuthenticator)">
+                 <z:div class="${css.panel} bg-near-white" id="platformAuthenticator" visible="@load(vm.showUIPlatformAuthenticator)">
                     <h2 class="f5 dark-blue2 pt1">${labels.usr.fido2_add_touchId}</h2>
                     <div class="alert alert-success dn" id="feedback-key-platform" role="alert" />
 					
@@ -102,7 +102,7 @@
                         <z:image src="${assetsService.prefix}/images/throbber.gif" visible="@load(vm.uiAwaitingPlatformAuthenticator)" />
                     </div> 
                     <z:button id="readyPlatformButton" label="${labels.general.ready}" sclass="${css.primaryButton}"
-                              w:onClick="alertRef = $('#feedback-key-platform'); initialize(this)" onClick="@('triggerAttestationRequest')" />
+                              w:onClick="alertRef = $('#feedback-key-platform'); initialize(this)" onClick="@('triggerAttestationRequestPlatformAuthenticator')" />
 					
                     <z:div sclass="flex flex-wrap pt2" visible="@load(vm.uiEnrolledPlatformAuthenticator)">
                         <div class="relative w5 mt3 pr3">