mirror of
https://github.com/documenso/documenso.git
synced 2025-11-12 15:53:02 +10:00
cbe6270494
## Description Add the following document action auth options: - 2FA - Passkey If the user does not have the required auth setup, we onboard them directly. ## Changes made Note: Added secondaryId to the VerificationToken schema ## Testing Performed Tested locally, pending preview tests ## Checklist - [X] I have tested these changes locally and they work as expected. - [X] I have added/updated tests that prove the effectiveness of these changes. - [X] I have followed the project's coding style guidelines. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced components for 2FA, account, and passkey authentication during document signing. - Added "Require passkey" option to document settings and signer authentication settings. - Enhanced form submission and loading states for improved user experience. - **Refactor** - Optimized authentication components to efficiently support multiple authentication methods. - **Chores** - Updated and renamed functions and components for clarity and consistency across the authentication system. - Refined sorting options and database schema to support new authentication features. - **Bug Fixes** - Adjusted SignInForm to verify browser support for WebAuthn before proceeding. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
59 lines
1.5 KiB
TypeScript
59 lines
1.5 KiB
TypeScript
import { generateRegistrationOptions } from '@simplewebauthn/server';
|
|
import type { AuthenticatorTransportFuture } from '@simplewebauthn/types';
|
|
import { DateTime } from 'luxon';
|
|
|
|
import { prisma } from '@documenso/prisma';
|
|
|
|
import { PASSKEY_TIMEOUT } from '../../constants/auth';
|
|
import { getAuthenticatorOptions } from '../../utils/authenticator';
|
|
|
|
type CreatePasskeyRegistrationOptions = {
|
|
userId: number;
|
|
};
|
|
|
|
export const createPasskeyRegistrationOptions = async ({
|
|
userId,
|
|
}: CreatePasskeyRegistrationOptions) => {
|
|
const user = await prisma.user.findFirstOrThrow({
|
|
where: {
|
|
id: userId,
|
|
},
|
|
select: {
|
|
name: true,
|
|
email: true,
|
|
passkeys: true,
|
|
},
|
|
});
|
|
|
|
const { passkeys } = user;
|
|
|
|
const { rpName, rpId: rpID } = getAuthenticatorOptions();
|
|
|
|
const options = await generateRegistrationOptions({
|
|
rpName,
|
|
rpID,
|
|
userID: userId.toString(),
|
|
userName: user.email,
|
|
userDisplayName: user.name ?? undefined,
|
|
timeout: PASSKEY_TIMEOUT,
|
|
attestationType: 'none',
|
|
excludeCredentials: passkeys.map((passkey) => ({
|
|
id: passkey.credentialId,
|
|
type: 'public-key',
|
|
// eslint-disable-next-line @typescript-eslint/consistent-type-assertions
|
|
transports: passkey.transports as AuthenticatorTransportFuture[],
|
|
})),
|
|
});
|
|
|
|
await prisma.verificationToken.create({
|
|
data: {
|
|
userId,
|
|
token: options.challenge,
|
|
expires: DateTime.now().plus({ minutes: 2 }).toJSDate(),
|
|
identifier: 'PASSKEY_CHALLENGE',
|
|
},
|
|
});
|
|
|
|
return options;
|
|
};
|