mirror of
https://github.com/documenso/documenso.git
synced 2025-11-11 04:52:41 +10:00
cbe6270494
## Description Add the following document action auth options: - 2FA - Passkey If the user does not have the required auth setup, we onboard them directly. ## Changes made Note: Added secondaryId to the VerificationToken schema ## Testing Performed Tested locally, pending preview tests ## Checklist - [X] I have tested these changes locally and they work as expected. - [X] I have added/updated tests that prove the effectiveness of these changes. - [X] I have followed the project's coding style guidelines. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced components for 2FA, account, and passkey authentication during document signing. - Added "Require passkey" option to document settings and signer authentication settings. - Enhanced form submission and loading states for improved user experience. - **Refactor** - Optimized authentication components to efficiently support multiple authentication methods. - **Chores** - Updated and renamed functions and components for clarity and consistency across the authentication system. - Refined sorting options and database schema to support new authentication features. - **Bug Fixes** - Adjusted SignInForm to verify browser support for WebAuthn before proceeding. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
77 lines
2.0 KiB
TypeScript
77 lines
2.0 KiB
TypeScript
import { generateAuthenticationOptions } from '@simplewebauthn/server';
|
|
import type { AuthenticatorTransportFuture } from '@simplewebauthn/types';
|
|
import { DateTime } from 'luxon';
|
|
|
|
import { prisma } from '@documenso/prisma';
|
|
import type { Passkey } from '@documenso/prisma/client';
|
|
|
|
import { AppError, AppErrorCode } from '../../errors/app-error';
|
|
import { getAuthenticatorOptions } from '../../utils/authenticator';
|
|
|
|
type CreatePasskeyAuthenticationOptions = {
|
|
userId: number;
|
|
|
|
/**
|
|
* The ID of the passkey to request authentication for.
|
|
*
|
|
* If not set, we allow the browser client to handle choosing.
|
|
*/
|
|
preferredPasskeyId?: string;
|
|
};
|
|
|
|
export const createPasskeyAuthenticationOptions = async ({
|
|
userId,
|
|
preferredPasskeyId,
|
|
}: CreatePasskeyAuthenticationOptions) => {
|
|
const { rpId, timeout } = getAuthenticatorOptions();
|
|
|
|
let preferredPasskey: Pick<Passkey, 'credentialId' | 'transports'> | null = null;
|
|
|
|
if (preferredPasskeyId) {
|
|
preferredPasskey = await prisma.passkey.findFirst({
|
|
where: {
|
|
userId,
|
|
id: preferredPasskeyId,
|
|
},
|
|
select: {
|
|
credentialId: true,
|
|
transports: true,
|
|
},
|
|
});
|
|
|
|
if (!preferredPasskey) {
|
|
throw new AppError(AppErrorCode.NOT_FOUND, 'Requested passkey not found');
|
|
}
|
|
}
|
|
|
|
const options = await generateAuthenticationOptions({
|
|
rpID: rpId,
|
|
userVerification: 'preferred',
|
|
timeout,
|
|
allowCredentials: preferredPasskey
|
|
? [
|
|
{
|
|
id: preferredPasskey.credentialId,
|
|
type: 'public-key',
|
|
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions
|
|
transports: preferredPasskey.transports as AuthenticatorTransportFuture[],
|
|
},
|
|
]
|
|
: undefined,
|
|
});
|
|
|
|
const { secondaryId } = await prisma.verificationToken.create({
|
|
data: {
|
|
userId,
|
|
token: options.challenge,
|
|
expires: DateTime.now().plus({ minutes: 2 }).toJSDate(),
|
|
identifier: 'PASSKEY_CHALLENGE',
|
|
},
|
|
});
|
|
|
|
return {
|
|
tokenReference: secondaryId,
|
|
options,
|
|
};
|
|
};
|