Testing Immediate webauthn

Author: mkalioby

example/test_app/templates/login.html

@@ -39,12 +39,12 @@
           </div>
           <div class="form-group">
             <div class="form-label-group">
-              <input type="password" id="inputPassword"  name="password" class="form-control" placeholder="Password">
+              <input type="password" id="inputPassword" autocomplete="current-password"  name="password" class="form-control" placeholder="Password">
               <label for="inputPassword">Password</label>
             </div>
           </div>
             <input type="hidden" name="passkeys" id="passkeys"/>
-            <button class="btn btn-primary btn-block" type="submit">Login</button><br/>
+            <button class="btn btn-primary btn-block" type="button" onclick="tryLogin('loginForm')" >Login</button><br/>
             <button class="btn btn-block btn-dark" type="button" onclick="authn('loginForm')"><img src="{% static 'passkeys/imgs/FIDO-Passkey_Icon-White.png' %}" style="width: 24px"> &nbsp;Login By Passkeys</button>
             {%include 'passkeys.js' %}
         </form>

passkeys/templates/check_passkeys.js

@@ -8,6 +8,10 @@ function check_passkey(platform_authenticator = true,success_func, fail_func)
     if (available) {
       success_func();
     }
+    else{
+        fail_func();
+    }
+
     else{
         fail_func();
     }

passkeys/templates/passkeys.js

@@ -2,78 +2,126 @@
 <script type="application/javascript" src="{% static 'passkeys/js/base64url.js' %}"></script>
 <script type="application/javascript" src="{% static 'passkeys/js/helpers.js' %}"></script>
 <script type="text/javascript">
-    window.conditionalUI=false;
+    window.allow_immediate=true;
+    async function checkImmediateMediationAvailability() {
+    if (!window.allow_immediate)
+        return [false, false];
+    try {
+    const capabilities = await PublicKeyCredential.getClientCapabilities();
+    if (capabilities.immediateGet && window.PasswordCredential) {
+    console.log("Immediate Mediation with passwords supported.");
+    return [true, true];
+} else if (capabilities.immediateGet) {
+    console.log("Immediate Mediation without passwords supported.");
+    return [true, false];
+} else {
+    console.log("Immediate Mediation unsupported.");
+    return [false, false];}
+} catch (error) {
+    console.error("Error getting client capabilities:", error);
+    return [false, false];
+}
+}
+
+function tryLogin(formid)
+    {
+        window.loginForm = formid;
+        if ($("#inputUsername").val() != "" && $("#inputPassword").val() != "")
+            $("#" + formid).submit();
+        options = {};
+        status = checkImmediateMediationAvailability();
+        if (status[0] && window.allow_immediate)
+        {
+            start_authn(formid, false);
+        }
+    }
+    window.conditionalUI = false;
     window.conditionUIAbortController = new AbortController();
     window.conditionUIAbortSignal = conditionUIAbortController.signal;
     function checkConditionalUI(form) {
-    if (window.PublicKeyCredential && PublicKeyCredential.isConditionalMediationAvailable) {
-    // Check if conditional mediation is available.
-    PublicKeyCredential.isConditionalMediationAvailable().then((result) => {
-    window.conditionalUI = result;
-    if (window.conditionalUI) {
-    start_authn(form,true)
-}
+        if (window.PublicKeyCredential && PublicKeyCredential.isConditionalMediationAvailable) {
+        // Check if conditional mediation is available.
+        PublicKeyCredential.isConditionalMediationAvailable().then((result) => {
+        window.conditionalUI = result;
+        if (window.conditionalUI) {
+        start_authn(form,true)
+    }
 });
 }
 }
 
-var GetAssertReq = (getAssert) => {
-           getAssert.publicKey.challenge = base64url.decode(getAssert.publicKey.challenge);
+    var GetAssertReq = (getAssert) => {
+    getAssert.publicKey.challenge = base64url.decode(getAssert.publicKey.challenge);
 
-            for(let allowCred of getAssert.publicKey.allowCredentials) {
-                allowCred.id = base64url.decode(allowCred.id);
-            }
+    for(let allowCred of getAssert.publicKey.allowCredentials) {
+    allowCred.id = base64url.decode(allowCred.id);
+}
 
-            return getAssert
-        }
+    return getAssert
+}
 
-        function start_authn(form,conditionalUI=false)
-        {
-            window.loginForm=form;
-         fetch('{% url 'passkeys:auth_begin' %}', {
-      method: 'GET',
+    function start_authn(form, conditionalUI = false)
+    {
+        window.loginForm = form;
+        fetch('{% url 'passkeys:auth_begin' %}', {
+        method: 'GET',
     }).then(function(response) {
-      if(response.ok) {
-          return response.json().then(function (req){
-              return GetAssertReq(req)
-          });
-      }
-      throw new Error('No credential available to authenticate!');
+        if(response.ok) {
+        return response.json().then(function (req){
+        return GetAssertReq(req)
+    });
+    }
+        throw new Error('No credential available to authenticate!');
     }).then(function(options) {
         if (conditionalUI) {
             options.mediation = 'conditional';
             options.signal = window.conditionUIAbortSignal;
         }
         else
-            window.conditionUIAbortController.abort()
+        {
+        window.conditionUIAbortController.abort('Stopping conditional UI');
+        options.mediation = 'immediate';
+        options.password = true;
+        }
         console.log(options)
-      return navigator.credentials.get(options);
+        return navigator.credentials.get(options);
     }).then(function(assertion) {
         pk = $("#passkeys")
         if (pk.length == 0)
-        {
-            console.error("Did you add the 'passkeys' hidden input field")
-            return
-        }
+    {
+        console.error("Did you add the 'passkeys' hidden input field")
+        return
+    }
         pk.val(JSON.stringify(publicKeyCredentialToJSON(assertion)));
         x= document.getElementById(window.loginForm)
         if (x === null || x === undefined)
-        {
-            console.error("Did you pass the correct form id to auth function")
-            return;
-        }
-            x.submit()
+    {
+        console.error("Did you pass the correct form id to auth function")
+        return;
+    }
+        x.submit()
+
+    }).catch(function (err)
+    {
 
-        });
-    $(document).ready(function () {
+        if (err.toString() === 'NotAllowedError: No immediate discoverable credentials are found.') {
+        window.allow_immediate = false;
+        tryLogin(window.loginForm);
+    }
+        else {
+        console.error("Authentication failed: " + err);
+    }
+
+    });
+        $(document).ready(function () {
         if (location.protocol != 'https:') {
-            console.error("Passkeys must work under secure context")
-        }
+        console.error("Passkeys must work under secure context")
+    }
     });
-        }
-      function authn(form)
+    }
+    function authn(form)
     {
-        start_authn(form,false)
+        start_authn(form, false)
     }
 
-    </script>
+</script>