BigW Consortium Gitlab

authenticate.js 4.68 KB
Newer Older
1
/* eslint-disable func-names, space-before-function-paren, no-var, prefer-rest-params, wrap-iife, prefer-arrow-callback, no-else-return, quotes, quote-props, comma-dangle, one-var, one-var-declaration-per-line, max-len */
2 3 4 5
/* global u2f */
/* global U2FError */
/* global U2FUtil */

6 7 8 9
// Authenticate U2F (universal 2nd factor) devices for users to authenticate with.
//
// State Flow #1: setup -> in_progress -> authenticated -> POST to server
// State Flow #2: setup -> in_progress -> error -> setup
Fatih Acet committed
10
(function() {
11 12
  const global = window.gl || (window.gl = {});

13
  var bind = function(fn, me) { return function() { return fn.apply(me, arguments); }; };
Fatih Acet committed
14

15 16
  global.U2FAuthenticate = (function() {
    function U2FAuthenticate(container, form, u2fParams, fallbackButton, fallbackUI) {
Fatih Acet committed
17 18 19 20 21 22 23 24 25 26
      this.container = container;
      this.renderNotSupported = bind(this.renderNotSupported, this);
      this.renderAuthenticated = bind(this.renderAuthenticated, this);
      this.renderError = bind(this.renderError, this);
      this.renderInProgress = bind(this.renderInProgress, this);
      this.renderTemplate = bind(this.renderTemplate, this);
      this.authenticate = bind(this.authenticate, this);
      this.start = bind(this.start, this);
      this.appId = u2fParams.app_id;
      this.challenge = u2fParams.challenge;
27 28 29 30
      this.form = form;
      this.fallbackButton = fallbackButton;
      this.fallbackUI = fallbackUI;
      if (this.fallbackButton) this.fallbackButton.addEventListener('click', this.switchToFallbackUI.bind(this));
Fatih Acet committed
31
      this.signRequests = u2fParams.sign_requests.map(function(request) {
32 33 34 35 36 37 38 39 40 41 42
        // The U2F Javascript API v1.1 requires a single challenge, with
        // _no challenges per-request_. The U2F Javascript API v1.0 requires a
        // challenge per-request, which is done by copying the single challenge
        // into every request.
        //
        // In either case, we don't need the per-request challenges that the server
        // has generated, so we can remove them.
        //
        // Note: The server library fixes this behaviour in (unreleased) version 1.0.0.
        // This can be removed once we upgrade.
        // https://github.com/castle/ruby-u2f/commit/103f428071a81cd3d5f80c2e77d522d5029946a4
Fatih Acet committed
43 44 45 46 47 48
        return _(request).omit('challenge');
      });
    }

    U2FAuthenticate.prototype.start = function() {
      if (U2FUtil.isU2FSupported()) {
49
        return this.renderInProgress();
Fatih Acet committed
50 51 52 53 54 55 56 57 58 59
      } else {
        return this.renderNotSupported();
      }
    };

    U2FAuthenticate.prototype.authenticate = function() {
      return u2f.sign(this.appId, this.challenge, this.signRequests, (function(_this) {
        return function(response) {
          var error;
          if (response.errorCode) {
60
            error = new U2FError(response.errorCode, 'authenticate');
Fatih Acet committed
61 62 63 64 65 66 67 68
            return _this.renderError(error);
          } else {
            return _this.renderAuthenticated(JSON.stringify(response));
          }
        };
      })(this), 10);
    };

69
    // Rendering #
Fatih Acet committed
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
    U2FAuthenticate.prototype.templates = {
      "notSupported": "#js-authenticate-u2f-not-supported",
      "setup": '#js-authenticate-u2f-setup',
      "inProgress": '#js-authenticate-u2f-in-progress',
      "error": '#js-authenticate-u2f-error',
      "authenticated": '#js-authenticate-u2f-authenticated'
    };

    U2FAuthenticate.prototype.renderTemplate = function(name, params) {
      var template, templateString;
      templateString = $(this.templates[name]).html();
      template = _.template(templateString);
      return this.container.html(template(params));
    };

    U2FAuthenticate.prototype.renderInProgress = function() {
      this.renderTemplate('inProgress');
      return this.authenticate();
    };

    U2FAuthenticate.prototype.renderError = function(error) {
      this.renderTemplate('error', {
92 93
        error_message: error.message(),
        error_code: error.errorCode
Fatih Acet committed
94
      });
95
      return this.container.find('#js-u2f-try-again').on('click', this.renderInProgress);
Fatih Acet committed
96 97 98 99
    };

    U2FAuthenticate.prototype.renderAuthenticated = function(deviceResponse) {
      this.renderTemplate('authenticated');
100 101 102 103
      const container = this.container[0];
      container.querySelector('#js-device-response').value = deviceResponse;
      container.querySelector(this.form).submit();
      this.fallbackButton.classList.add('hidden');
Fatih Acet committed
104 105 106 107 108 109
    };

    U2FAuthenticate.prototype.renderNotSupported = function() {
      return this.renderTemplate('notSupported');
    };

110 111 112 113 114 115
    U2FAuthenticate.prototype.switchToFallbackUI = function() {
      this.fallbackButton.classList.add('hidden');
      this.container[0].classList.add('hidden');
      this.fallbackUI.classList.remove('hidden');
    };

Fatih Acet committed
116 117
    return U2FAuthenticate;
  })();
118
})();