From 14ad954e3a52e943a55430907736199b4d038fc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Dubigny?=
Date: Mon, 23 Sep 2024 17:07:34 +0200
Subject: [PATCH] feat: hide keypass button if not configured
---
src/controllers/user/signin-signup.ts | 9 ++++++++-
src/controllers/webauthn.ts | 6 +++---
src/managers/session/unauthenticated.ts | 9 ++++++++-
src/managers/user.ts | 4 ++++
src/types/express-session.d.ts | 1 +
src/views/user/sign-in.ejs | 20 +++++++++++---------
6 files changed, 35 insertions(+), 14 deletions(-)
diff --git a/src/controllers/user/signin-signup.ts b/src/controllers/user/signin-signup.ts
index 5e54c048..a2e1afea 100644
--- a/src/controllers/user/signin-signup.ts
+++ b/src/controllers/user/signin-signup.ts
@@ -13,6 +13,7 @@ import { createAuthenticatedSession } from "../../managers/session/authenticated
import {
getAndRemoveLoginHintFromUnauthenticatedSession,
getEmailFromUnauthenticatedSession,
+ getPartialUserFromUnauthenticatedSession,
setEmailInUnauthenticatedSession,
setPartialUserFromUnauthenticatedSession,
updatePartialUserFromUnauthenticatedSession,
@@ -84,11 +85,13 @@ export const postStartSignInController = async (
email,
userExists,
hasAPassword,
+ hasWebauthnConfigured,
needsInclusionconnectWelcomePage,
} = await startLogin(login);
setPartialUserFromUnauthenticatedSession(req, {
email,
needsInclusionconnectWelcomePage,
+ hasWebauthnConfigured,
});
if (needsInclusionconnectWelcomePage) {
@@ -158,11 +161,15 @@ export const getSignInController = async (
next: NextFunction,
) => {
try {
+ const { email, hasWebauthnConfigured } =
+ getPartialUserFromUnauthenticatedSession(req);
+
return res.render("user/sign-in", {
pageTitle: "Accéder au compte",
notifications: await getNotificationsFromRequest(req),
csrfToken: csrfToken(req),
- email: getEmailFromUnauthenticatedSession(req),
+ email,
+ showPasskeySection: hasWebauthnConfigured,
});
} catch (error) {
next(error);
diff --git a/src/controllers/webauthn.ts b/src/controllers/webauthn.ts
index 9ffcd783..e47fbca2 100644
--- a/src/controllers/webauthn.ts
+++ b/src/controllers/webauthn.ts
@@ -144,7 +144,7 @@ export const getSignInWithPasskeyController = async (
}
};
-export const getGenerateAuthenticationOptions =
+export const getGenerateAuthenticationOptionsControllerFactory =
(isSecondFactorAuthentication: boolean) =>
async (req: Request, res: Response, next: NextFunction) => {
try {
@@ -168,10 +168,10 @@ export const getGenerateAuthenticationOptions =
};
export const getGenerateAuthenticationOptionsForFirstFactorController =
- getGenerateAuthenticationOptions(false);
+ getGenerateAuthenticationOptionsControllerFactory(false);
export const getGenerateAuthenticationOptionsForSecondFactorController =
- getGenerateAuthenticationOptions(true);
+ getGenerateAuthenticationOptionsControllerFactory(true);
export const postVerifyAuthenticationController =
(isSecondFactorVerification: boolean) =>
diff --git a/src/managers/session/unauthenticated.ts b/src/managers/session/unauthenticated.ts
index 5a9648e1..16d5cf78 100644
--- a/src/managers/session/unauthenticated.ts
+++ b/src/managers/session/unauthenticated.ts
@@ -34,6 +34,7 @@ export const getPartialUserFromUnauthenticatedSession = (req: Request) => {
email: req.session.email,
needsInclusionconnectWelcomePage:
req.session.needsInclusionconnectWelcomePage,
+ hasWebauthnConfigured: req.session.hasWebauthnConfigured,
};
};
export const setPartialUserFromUnauthenticatedSession = (
@@ -41,11 +42,17 @@ export const setPartialUserFromUnauthenticatedSession = (
{
email,
needsInclusionconnectWelcomePage,
- }: { email: string; needsInclusionconnectWelcomePage: boolean },
+ hasWebauthnConfigured,
+ }: {
+ email: string;
+ needsInclusionconnectWelcomePage: boolean;
+ hasWebauthnConfigured: boolean;
+ },
) => {
req.session.email = email;
req.session.needsInclusionconnectWelcomePage =
needsInclusionconnectWelcomePage;
+ req.session.hasWebauthnConfigured = hasWebauthnConfigured;
};
export const updatePartialUserFromUnauthenticatedSession = async (
req: Request,
diff --git a/src/managers/user.ts b/src/managers/user.ts
index a5e16503..e5cc1d9e 100644
--- a/src/managers/user.ts
+++ b/src/managers/user.ts
@@ -38,6 +38,7 @@ import {
isPasswordSecure,
validatePassword,
} from "../services/security";
+import { isWebauthnConfiguredForUser } from "./webauthn";
export const startLogin = async (
email: string,
@@ -45,6 +46,7 @@ export const startLogin = async (
email: string;
userExists: boolean;
hasAPassword: boolean;
+ hasWebauthnConfigured: boolean;
needsInclusionconnectWelcomePage: boolean;
}> => {
const user = await findByEmail(email);
@@ -55,6 +57,7 @@ export const startLogin = async (
email,
userExists: true,
hasAPassword: !!user.encrypted_password,
+ hasWebauthnConfigured: await isWebauthnConfiguredForUser(user.id),
needsInclusionconnectWelcomePage:
user?.needs_inclusionconnect_welcome_page,
};
@@ -75,6 +78,7 @@ export const startLogin = async (
email,
userExists: false,
hasAPassword: false,
+ hasWebauthnConfigured: false,
needsInclusionconnectWelcomePage: false,
};
};
diff --git a/src/types/express-session.d.ts b/src/types/express-session.d.ts
index 2026973b..8671e2d4 100644
--- a/src/types/express-session.d.ts
+++ b/src/types/express-session.d.ts
@@ -2,6 +2,7 @@ export interface UnauthenticatedSessionData {
email?: string;
loginHint?: string;
needsInclusionconnectWelcomePage?: boolean;
+ hasWebauthnConfigured?: boolean;
interactionId?: string;
mustReturnOneOrganizationInPayload?: boolean;
mustUse2FA?: boolean;
diff --git a/src/views/user/sign-in.ejs b/src/views/user/sign-in.ejs
index 49853b27..0cbf164a 100644
--- a/src/views/user/sign-in.ejs
+++ b/src/views/user/sign-in.ejs
@@ -57,6 +57,17 @@
Mot de passe oublié ?
+ <% if (showPasskeySection) { %>
+
+ ou
+
+
+ Se connecter avec une clé d’accès
+
+ <% } %>
ou
@@ -71,15 +82,6 @@
- ou
-
-
- Se connecter avec une clé d’accès
-
-