stages/authenticator_webauthn: make more WebAuthn options configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
4d7d700afa
commit
e758db5727
|
@ -18,7 +18,12 @@ class AuthenticateWebAuthnStageSerializer(StageSerializer):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = AuthenticateWebAuthnStage
|
model = AuthenticateWebAuthnStage
|
||||||
fields = StageSerializer.Meta.fields + ["configure_flow", "user_verification"]
|
fields = StageSerializer.Meta.fields + [
|
||||||
|
"configure_flow",
|
||||||
|
"user_verification",
|
||||||
|
"authenticator_attachment",
|
||||||
|
"resident_key_requirement",
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
class AuthenticateWebAuthnStageViewSet(UsedByMixin, ModelViewSet):
|
class AuthenticateWebAuthnStageViewSet(UsedByMixin, ModelViewSet):
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
# Generated by Django 4.0.1 on 2022-01-12 21:48
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
(
|
||||||
|
"authentik_stages_authenticator_webauthn",
|
||||||
|
"0005_authenticatewebauthnstage_user_verification",
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="authenticatewebauthnstage",
|
||||||
|
name="authenticator_attachment",
|
||||||
|
field=models.TextField(
|
||||||
|
choices=[("platform", "Platform"), ("cross-platform", "Cross Platform")],
|
||||||
|
default=None,
|
||||||
|
null=True,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="authenticatewebauthnstage",
|
||||||
|
name="resident_key_requirement",
|
||||||
|
field=models.TextField(
|
||||||
|
choices=[
|
||||||
|
("discouraged", "Discouraged"),
|
||||||
|
("preferred", "Preferred"),
|
||||||
|
("required", "Required"),
|
||||||
|
],
|
||||||
|
default="preferred",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -31,6 +31,40 @@ class UserVerification(models.TextChoices):
|
||||||
DISCOURAGED = "discouraged"
|
DISCOURAGED = "discouraged"
|
||||||
|
|
||||||
|
|
||||||
|
class ResidentKeyRequirement(models.TextChoices):
|
||||||
|
"""The Relying Party's preference for the authenticator to create a dedicated "client-side"
|
||||||
|
credential for it. Requiring an authenticator to store a dedicated credential should not be
|
||||||
|
done lightly due to the limited storage capacity of some types of authenticators.
|
||||||
|
|
||||||
|
Members:
|
||||||
|
`DISCOURAGED`: The authenticator should not create a dedicated credential
|
||||||
|
`PREFERRED`: The authenticator can create and store a dedicated credential, but if it
|
||||||
|
doesn't that's alright too
|
||||||
|
`REQUIRED`: The authenticator MUST create a dedicated credential. If it cannot, the RP
|
||||||
|
is prepared for an error to occur.
|
||||||
|
|
||||||
|
https://www.w3.org/TR/webauthn-2/#enum-residentKeyRequirement
|
||||||
|
"""
|
||||||
|
|
||||||
|
DISCOURAGED = "discouraged"
|
||||||
|
PREFERRED = "preferred"
|
||||||
|
REQUIRED = "required"
|
||||||
|
|
||||||
|
|
||||||
|
class AuthenticatorAttachment(models.TextChoices):
|
||||||
|
"""How an authenticator is connected to the client/browser.
|
||||||
|
|
||||||
|
Members:
|
||||||
|
`PLATFORM`: A non-removable authenticator, like TouchID or Windows Hello
|
||||||
|
`CROSS_PLATFORM`: A "roaming" authenticator, like a YubiKey
|
||||||
|
|
||||||
|
https://www.w3.org/TR/webauthn-2/#enumdef-authenticatorattachment
|
||||||
|
"""
|
||||||
|
|
||||||
|
PLATFORM = "platform"
|
||||||
|
CROSS_PLATFORM = "cross-platform"
|
||||||
|
|
||||||
|
|
||||||
class AuthenticateWebAuthnStage(ConfigurableStage, Stage):
|
class AuthenticateWebAuthnStage(ConfigurableStage, Stage):
|
||||||
"""WebAuthn stage"""
|
"""WebAuthn stage"""
|
||||||
|
|
||||||
|
@ -38,6 +72,13 @@ class AuthenticateWebAuthnStage(ConfigurableStage, Stage):
|
||||||
choices=UserVerification.choices,
|
choices=UserVerification.choices,
|
||||||
default=UserVerification.PREFERRED,
|
default=UserVerification.PREFERRED,
|
||||||
)
|
)
|
||||||
|
resident_key_requirement = models.TextField(
|
||||||
|
choices=ResidentKeyRequirement.choices,
|
||||||
|
default=ResidentKeyRequirement.PREFERRED,
|
||||||
|
)
|
||||||
|
authenticator_attachment = models.TextField(
|
||||||
|
choices=AuthenticatorAttachment.choices, default=None, null=True
|
||||||
|
)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> BaseSerializer:
|
def serializer(self) -> BaseSerializer:
|
||||||
|
|
|
@ -10,6 +10,7 @@ from webauthn import generate_registration_options, options_to_json, verify_regi
|
||||||
from webauthn.helpers import bytes_to_base64url
|
from webauthn.helpers import bytes_to_base64url
|
||||||
from webauthn.helpers.exceptions import InvalidRegistrationResponse
|
from webauthn.helpers.exceptions import InvalidRegistrationResponse
|
||||||
from webauthn.helpers.structs import (
|
from webauthn.helpers.structs import (
|
||||||
|
AuthenticatorAttachment,
|
||||||
AuthenticatorSelectionCriteria,
|
AuthenticatorSelectionCriteria,
|
||||||
PublicKeyCredentialCreationOptions,
|
PublicKeyCredentialCreationOptions,
|
||||||
RegistrationCredential,
|
RegistrationCredential,
|
||||||
|
@ -85,6 +86,12 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
|
||||||
stage: AuthenticateWebAuthnStage = self.executor.current_stage
|
stage: AuthenticateWebAuthnStage = self.executor.current_stage
|
||||||
user = self.get_pending_user()
|
user = self.get_pending_user()
|
||||||
|
|
||||||
|
# library accepts none so we store null in the database, but if there is a value
|
||||||
|
# set, cast it to string to ensure it's not a django class
|
||||||
|
authenticator_attachment = stage.authenticator_attachment
|
||||||
|
if authenticator_attachment:
|
||||||
|
authenticator_attachment = str(authenticator_attachment)
|
||||||
|
|
||||||
registration_options: PublicKeyCredentialCreationOptions = generate_registration_options(
|
registration_options: PublicKeyCredentialCreationOptions = generate_registration_options(
|
||||||
rp_id=get_rp_id(self.request),
|
rp_id=get_rp_id(self.request),
|
||||||
rp_name=self.request.tenant.branding_title,
|
rp_name=self.request.tenant.branding_title,
|
||||||
|
@ -92,8 +99,9 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
|
||||||
user_name=user.username,
|
user_name=user.username,
|
||||||
user_display_name=user.name,
|
user_display_name=user.name,
|
||||||
authenticator_selection=AuthenticatorSelectionCriteria(
|
authenticator_selection=AuthenticatorSelectionCriteria(
|
||||||
resident_key=ResidentKeyRequirement.PREFERRED,
|
resident_key=str(stage.resident_key_requirement),
|
||||||
user_verification=str(stage.user_verification),
|
user_verification=str(stage.user_verification),
|
||||||
|
authenticator_attachment=authenticator_attachment,
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
45
schema.yml
45
schema.yml
|
@ -15270,6 +15270,14 @@ paths:
|
||||||
operationId: stages_authenticator_webauthn_list
|
operationId: stages_authenticator_webauthn_list
|
||||||
description: AuthenticateWebAuthnStage Viewset
|
description: AuthenticateWebAuthnStage Viewset
|
||||||
parameters:
|
parameters:
|
||||||
|
- in: query
|
||||||
|
name: authenticator_attachment
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
enum:
|
||||||
|
- cross-platform
|
||||||
|
- platform
|
||||||
- in: query
|
- in: query
|
||||||
name: configure_flow
|
name: configure_flow
|
||||||
schema:
|
schema:
|
||||||
|
@ -15297,6 +15305,14 @@ paths:
|
||||||
description: Number of results to return per page.
|
description: Number of results to return per page.
|
||||||
schema:
|
schema:
|
||||||
type: integer
|
type: integer
|
||||||
|
- in: query
|
||||||
|
name: resident_key_requirement
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- discouraged
|
||||||
|
- preferred
|
||||||
|
- required
|
||||||
- name: search
|
- name: search
|
||||||
required: false
|
required: false
|
||||||
in: query
|
in: query
|
||||||
|
@ -19174,6 +19190,12 @@ components:
|
||||||
If empty, user will not be able to configure this stage.
|
If empty, user will not be able to configure this stage.
|
||||||
user_verification:
|
user_verification:
|
||||||
$ref: '#/components/schemas/UserVerificationEnum'
|
$ref: '#/components/schemas/UserVerificationEnum'
|
||||||
|
authenticator_attachment:
|
||||||
|
allOf:
|
||||||
|
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
|
||||||
|
nullable: true
|
||||||
|
resident_key_requirement:
|
||||||
|
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
|
||||||
required:
|
required:
|
||||||
- component
|
- component
|
||||||
- meta_model_name
|
- meta_model_name
|
||||||
|
@ -19200,6 +19222,12 @@ components:
|
||||||
If empty, user will not be able to configure this stage.
|
If empty, user will not be able to configure this stage.
|
||||||
user_verification:
|
user_verification:
|
||||||
$ref: '#/components/schemas/UserVerificationEnum'
|
$ref: '#/components/schemas/UserVerificationEnum'
|
||||||
|
authenticator_attachment:
|
||||||
|
allOf:
|
||||||
|
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
|
||||||
|
nullable: true
|
||||||
|
resident_key_requirement:
|
||||||
|
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
|
||||||
required:
|
required:
|
||||||
- name
|
- name
|
||||||
AuthenticatedSession:
|
AuthenticatedSession:
|
||||||
|
@ -19288,6 +19316,11 @@ components:
|
||||||
- last_used
|
- last_used
|
||||||
- user
|
- user
|
||||||
- user_agent
|
- user_agent
|
||||||
|
AuthenticatorAttachmentEnum:
|
||||||
|
enum:
|
||||||
|
- platform
|
||||||
|
- cross-platform
|
||||||
|
type: string
|
||||||
AuthenticatorDuoChallenge:
|
AuthenticatorDuoChallenge:
|
||||||
type: object
|
type: object
|
||||||
description: Duo Challenge
|
description: Duo Challenge
|
||||||
|
@ -26519,6 +26552,12 @@ components:
|
||||||
If empty, user will not be able to configure this stage.
|
If empty, user will not be able to configure this stage.
|
||||||
user_verification:
|
user_verification:
|
||||||
$ref: '#/components/schemas/UserVerificationEnum'
|
$ref: '#/components/schemas/UserVerificationEnum'
|
||||||
|
authenticator_attachment:
|
||||||
|
allOf:
|
||||||
|
- $ref: '#/components/schemas/AuthenticatorAttachmentEnum'
|
||||||
|
nullable: true
|
||||||
|
resident_key_requirement:
|
||||||
|
$ref: '#/components/schemas/ResidentKeyRequirementEnum'
|
||||||
PatchedAuthenticatorDuoStageRequest:
|
PatchedAuthenticatorDuoStageRequest:
|
||||||
type: object
|
type: object
|
||||||
description: AuthenticatorDuoStage Serializer
|
description: AuthenticatorDuoStage Serializer
|
||||||
|
@ -29376,6 +29415,12 @@ components:
|
||||||
type: integer
|
type: integer
|
||||||
maximum: 2147483647
|
maximum: 2147483647
|
||||||
minimum: -2147483648
|
minimum: -2147483648
|
||||||
|
ResidentKeyRequirementEnum:
|
||||||
|
enum:
|
||||||
|
- discouraged
|
||||||
|
- preferred
|
||||||
|
- required
|
||||||
|
type: string
|
||||||
SAMLMetadata:
|
SAMLMetadata:
|
||||||
type: object
|
type: object
|
||||||
description: SAML Provider Metadata serializer
|
description: SAML Provider Metadata serializer
|
||||||
|
|
|
@ -62,6 +62,10 @@ msgstr "6 digits, widely compatible"
|
||||||
msgid "8 digits, not compatible with apps like Google Authenticator"
|
msgid "8 digits, not compatible with apps like Google Authenticator"
|
||||||
msgstr "8 digits, not compatible with apps like Google Authenticator"
|
msgstr "8 digits, not compatible with apps like Google Authenticator"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A \"roaming\" authenticator, like a YubiKey"
|
||||||
|
msgstr "A \"roaming\" authenticator, like a YubiKey"
|
||||||
|
|
||||||
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||||
msgid "A code has been sent to you via SMS."
|
msgid "A code has been sent to you via SMS."
|
||||||
msgstr "A code has been sent to you via SMS."
|
msgstr "A code has been sent to you via SMS."
|
||||||
|
@ -70,6 +74,10 @@ msgstr "A code has been sent to you via SMS."
|
||||||
msgid "A newer version of the frontend is available."
|
msgid "A newer version of the frontend is available."
|
||||||
msgstr "A newer version of the frontend is available."
|
msgstr "A newer version of the frontend is available."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A non-removable authenticator, like TouchID or Windows Hello"
|
||||||
|
msgstr "A non-removable authenticator, like TouchID or Windows Hello"
|
||||||
|
|
||||||
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
||||||
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
||||||
msgstr "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
msgstr "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
||||||
|
@ -488,6 +496,10 @@ msgstr "Authentication flow"
|
||||||
msgid "Authenticator"
|
msgid "Authenticator"
|
||||||
msgstr "Authenticator"
|
msgstr "Authenticator"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Authenticator Attachment"
|
||||||
|
msgstr "Authenticator Attachment"
|
||||||
|
|
||||||
#: src/pages/flows/utils.ts
|
#: src/pages/flows/utils.ts
|
||||||
msgid "Authorization"
|
msgid "Authorization"
|
||||||
msgstr "Authorization"
|
msgstr "Authorization"
|
||||||
|
@ -3147,6 +3159,10 @@ msgstr "No objects found."
|
||||||
msgid "No policies are currently bound to this object."
|
msgid "No policies are currently bound to this object."
|
||||||
msgstr "No policies are currently bound to this object."
|
msgstr "No policies are currently bound to this object."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "No preference is sent"
|
||||||
|
msgstr "No preference is sent"
|
||||||
|
|
||||||
#: src/pages/users/UserListPage.ts
|
#: src/pages/users/UserListPage.ts
|
||||||
msgid "No recovery flow is configured."
|
msgid "No recovery flow is configured."
|
||||||
msgstr "No recovery flow is configured."
|
msgstr "No recovery flow is configured."
|
||||||
|
@ -3940,6 +3956,10 @@ msgstr "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
|
||||||
msgid "Reset Password"
|
msgid "Reset Password"
|
||||||
msgstr "Reset Password"
|
msgstr "Reset Password"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Resident key requirement"
|
||||||
|
msgstr "Resident key requirement"
|
||||||
|
|
||||||
#: src/interfaces/AdminInterface.ts
|
#: src/interfaces/AdminInterface.ts
|
||||||
#~ msgid "Resources"
|
#~ msgid "Resources"
|
||||||
#~ msgstr "Resources"
|
#~ msgstr "Resources"
|
||||||
|
@ -5045,6 +5065,18 @@ msgstr "The Host IP of the docker host"
|
||||||
msgid "The URL \"{0}\" was not found."
|
msgid "The URL \"{0}\" was not found."
|
||||||
msgstr "The URL \"{0}\" was not found."
|
msgstr "The URL \"{0}\" was not found."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
|
||||||
|
msgstr "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
|
||||||
|
msgstr "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator should not create a dedicated credential"
|
||||||
|
msgstr "The authenticator should not create a dedicated credential"
|
||||||
|
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
msgid "The external URL you'll access the application at. Include any non-standard port."
|
msgid "The external URL you'll access the application at. Include any non-standard port."
|
||||||
|
|
|
@ -68,6 +68,10 @@ msgstr "6 chiffres, compatibilité large"
|
||||||
msgid "8 digits, not compatible with apps like Google Authenticator"
|
msgid "8 digits, not compatible with apps like Google Authenticator"
|
||||||
msgstr "8 chiffres, incompatible avec certaines applications telles que Google Authenticator"
|
msgstr "8 chiffres, incompatible avec certaines applications telles que Google Authenticator"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A \"roaming\" authenticator, like a YubiKey"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||||
msgid "A code has been sent to you via SMS."
|
msgid "A code has been sent to you via SMS."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -76,6 +80,10 @@ msgstr ""
|
||||||
msgid "A newer version of the frontend is available."
|
msgid "A newer version of the frontend is available."
|
||||||
msgstr "Une nouvelle version de l'interface est disponible."
|
msgstr "Une nouvelle version de l'interface est disponible."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A non-removable authenticator, like TouchID or Windows Hello"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
||||||
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
||||||
msgstr "Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire."
|
msgstr "Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire."
|
||||||
|
@ -493,6 +501,10 @@ msgstr "Flux d'authentification"
|
||||||
msgid "Authenticator"
|
msgid "Authenticator"
|
||||||
msgstr "Authentificateur"
|
msgstr "Authentificateur"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Authenticator Attachment"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/flows/utils.ts
|
#: src/pages/flows/utils.ts
|
||||||
msgid "Authorization"
|
msgid "Authorization"
|
||||||
msgstr "Authorisation"
|
msgstr "Authorisation"
|
||||||
|
@ -3126,6 +3138,10 @@ msgstr "Aucun objet trouvé."
|
||||||
msgid "No policies are currently bound to this object."
|
msgid "No policies are currently bound to this object."
|
||||||
msgstr "Aucune politique n'est actuellement lié à cet objet."
|
msgstr "Aucune politique n'est actuellement lié à cet objet."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "No preference is sent"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/users/UserListPage.ts
|
#: src/pages/users/UserListPage.ts
|
||||||
msgid "No recovery flow is configured."
|
msgid "No recovery flow is configured."
|
||||||
msgstr "Aucun flux de récupération n'est configuré."
|
msgstr "Aucun flux de récupération n'est configuré."
|
||||||
|
@ -3912,6 +3928,10 @@ msgstr "Obligatoire. 150 caractères ou moins. Lettres, chiffres et @/./+/-/_ un
|
||||||
msgid "Reset Password"
|
msgid "Reset Password"
|
||||||
msgstr "Réinitialiser le mot de passe"
|
msgstr "Réinitialiser le mot de passe"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Resident key requirement"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/interfaces/AdminInterface.ts
|
#: src/interfaces/AdminInterface.ts
|
||||||
#~ msgid "Resources"
|
#~ msgid "Resources"
|
||||||
#~ msgstr "Ressources"
|
#~ msgstr "Ressources"
|
||||||
|
@ -5000,6 +5020,18 @@ msgstr ""
|
||||||
msgid "The URL \"{0}\" was not found."
|
msgid "The URL \"{0}\" was not found."
|
||||||
msgstr "L'URL \"{0}\" est introuvable."
|
msgstr "L'URL \"{0}\" est introuvable."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator should not create a dedicated credential"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
msgid "The external URL you'll access the application at. Include any non-standard port."
|
msgid "The external URL you'll access the application at. Include any non-standard port."
|
||||||
|
|
|
@ -62,6 +62,10 @@ msgstr ""
|
||||||
msgid "8 digits, not compatible with apps like Google Authenticator"
|
msgid "8 digits, not compatible with apps like Google Authenticator"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A \"roaming\" authenticator, like a YubiKey"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||||
msgid "A code has been sent to you via SMS."
|
msgid "A code has been sent to you via SMS."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -70,6 +74,10 @@ msgstr ""
|
||||||
msgid "A newer version of the frontend is available."
|
msgid "A newer version of the frontend is available."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A non-removable authenticator, like TouchID or Windows Hello"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
||||||
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -484,6 +492,10 @@ msgstr ""
|
||||||
msgid "Authenticator"
|
msgid "Authenticator"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Authenticator Attachment"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/flows/utils.ts
|
#: src/pages/flows/utils.ts
|
||||||
msgid "Authorization"
|
msgid "Authorization"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -3137,6 +3149,10 @@ msgstr ""
|
||||||
msgid "No policies are currently bound to this object."
|
msgid "No policies are currently bound to this object."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "No preference is sent"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/users/UserListPage.ts
|
#: src/pages/users/UserListPage.ts
|
||||||
msgid "No recovery flow is configured."
|
msgid "No recovery flow is configured."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -3930,6 +3946,10 @@ msgstr ""
|
||||||
msgid "Reset Password"
|
msgid "Reset Password"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Resident key requirement"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/interfaces/AdminInterface.ts
|
#: src/interfaces/AdminInterface.ts
|
||||||
#~ msgid "Resources"
|
#~ msgid "Resources"
|
||||||
#~ msgstr ""
|
#~ msgstr ""
|
||||||
|
@ -5035,6 +5055,18 @@ msgstr ""
|
||||||
msgid "The URL \"{0}\" was not found."
|
msgid "The URL \"{0}\" was not found."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator should not create a dedicated credential"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
msgid "The external URL you'll access the application at. Include any non-standard port."
|
msgid "The external URL you'll access the application at. Include any non-standard port."
|
||||||
|
|
|
@ -65,6 +65,10 @@ msgstr "6 basamaklı, yaygın olarak uyumlu"
|
||||||
msgid "8 digits, not compatible with apps like Google Authenticator"
|
msgid "8 digits, not compatible with apps like Google Authenticator"
|
||||||
msgstr "Google Authenticator gibi uygulamalarla uyumlu olmayan 8 haneli"
|
msgstr "Google Authenticator gibi uygulamalarla uyumlu olmayan 8 haneli"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A \"roaming\" authenticator, like a YubiKey"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
#: src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
|
||||||
msgid "A code has been sent to you via SMS."
|
msgid "A code has been sent to you via SMS."
|
||||||
msgstr "SMS ile size bir kod gönderildi."
|
msgstr "SMS ile size bir kod gönderildi."
|
||||||
|
@ -73,6 +77,10 @@ msgstr "SMS ile size bir kod gönderildi."
|
||||||
msgid "A newer version of the frontend is available."
|
msgid "A newer version of the frontend is available."
|
||||||
msgstr "Ön yüzün daha yeni bir sürümü mevcuttur."
|
msgstr "Ön yüzün daha yeni bir sürümü mevcuttur."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "A non-removable authenticator, like TouchID or Windows Hello"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
#: src/pages/policies/dummy/DummyPolicyForm.ts
|
||||||
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
msgid "A policy used for testing. Always returns the same result as specified below after waiting a random duration."
|
||||||
msgstr "Test için kullanılan bir ilke. Her zaman rastgele bir süre bekledikten sonra aşağıda belirtilen sonucu döndürür."
|
msgstr "Test için kullanılan bir ilke. Her zaman rastgele bir süre bekledikten sonra aşağıda belirtilen sonucu döndürür."
|
||||||
|
@ -487,6 +495,10 @@ msgstr "Kimlik doğrulama akışı"
|
||||||
msgid "Authenticator"
|
msgid "Authenticator"
|
||||||
msgstr "Kimlik Doğrulayıcı"
|
msgstr "Kimlik Doğrulayıcı"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Authenticator Attachment"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/flows/utils.ts
|
#: src/pages/flows/utils.ts
|
||||||
msgid "Authorization"
|
msgid "Authorization"
|
||||||
msgstr "Yetkilendirme"
|
msgstr "Yetkilendirme"
|
||||||
|
@ -3096,6 +3108,10 @@ msgstr "Nesne bulunamadı."
|
||||||
msgid "No policies are currently bound to this object."
|
msgid "No policies are currently bound to this object."
|
||||||
msgstr "Hiçbir ilke şu anda bu nesneye bağlı değildir."
|
msgstr "Hiçbir ilke şu anda bu nesneye bağlı değildir."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "No preference is sent"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/users/UserListPage.ts
|
#: src/pages/users/UserListPage.ts
|
||||||
msgid "No recovery flow is configured."
|
msgid "No recovery flow is configured."
|
||||||
msgstr "Kurtarma akışı yapılandırılmamış."
|
msgstr "Kurtarma akışı yapılandırılmamış."
|
||||||
|
@ -3867,6 +3883,10 @@ msgstr "Gerekli. 150 karakter veya daha az. Harfler, rakamlar ve yalnızca @/./+
|
||||||
msgid "Reset Password"
|
msgid "Reset Password"
|
||||||
msgstr "Parolayı Sıfırla"
|
msgstr "Parolayı Sıfırla"
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "Resident key requirement"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#~ msgid "Resources"
|
#~ msgid "Resources"
|
||||||
#~ msgstr "Kaynaklar"
|
#~ msgstr "Kaynaklar"
|
||||||
|
|
||||||
|
@ -4938,6 +4958,18 @@ msgstr "Docker ana bilgisayarının Ana Bilgisayar IP'si"
|
||||||
msgid "The URL \"{0}\" was not found."
|
msgid "The URL \"{0}\" was not found."
|
||||||
msgstr "“{0}” URL'si bulunamadı."
|
msgstr "“{0}” URL'si bulunamadı."
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator can create and store a dedicated credential, but if it doesn't that's alright too"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/pages/stages/authenticator_webauthn/AuthenticateWebAuthnStageForm.ts
|
||||||
|
msgid "The authenticator should not create a dedicated credential"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
#: src/pages/providers/proxy/ProxyProviderForm.ts
|
||||||
msgid "The external URL you'll access the application at. Include any non-standard port."
|
msgid "The external URL you'll access the application at. Include any non-standard port."
|
||||||
|
|
|
@ -9,8 +9,10 @@ import { until } from "lit/directives/until.js";
|
||||||
|
|
||||||
import {
|
import {
|
||||||
AuthenticateWebAuthnStage,
|
AuthenticateWebAuthnStage,
|
||||||
|
AuthenticatorAttachmentEnum,
|
||||||
FlowsApi,
|
FlowsApi,
|
||||||
FlowsInstancesListDesignationEnum,
|
FlowsInstancesListDesignationEnum,
|
||||||
|
ResidentKeyRequirementEnum,
|
||||||
StagesApi,
|
StagesApi,
|
||||||
} from "@goauthentik/api";
|
} from "@goauthentik/api";
|
||||||
|
|
||||||
|
@ -35,6 +37,9 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
|
||||||
}
|
}
|
||||||
|
|
||||||
send = (data: AuthenticateWebAuthnStage): Promise<AuthenticateWebAuthnStage> => {
|
send = (data: AuthenticateWebAuthnStage): Promise<AuthenticateWebAuthnStage> => {
|
||||||
|
if (data.authenticatorAttachment?.toString() === "") {
|
||||||
|
data.authenticatorAttachment = null;
|
||||||
|
}
|
||||||
if (this.instance) {
|
if (this.instance) {
|
||||||
return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnUpdate({
|
return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnUpdate({
|
||||||
stageUuid: this.instance.pk || "",
|
stageUuid: this.instance.pk || "",
|
||||||
|
@ -68,7 +73,7 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
|
||||||
?required=${true}
|
?required=${true}
|
||||||
name="userVerification"
|
name="userVerification"
|
||||||
>
|
>
|
||||||
<select name="users" class="pf-c-form-control">
|
<select class="pf-c-form-control">
|
||||||
<option
|
<option
|
||||||
value="${UserVerificationEnum.Required}"
|
value="${UserVerificationEnum.Required}"
|
||||||
?selected=${this.instance?.userVerification ===
|
?selected=${this.instance?.userVerification ===
|
||||||
|
@ -92,6 +97,63 @@ export class AuthenticateWebAuthnStageForm extends ModelForm<AuthenticateWebAuth
|
||||||
</option>
|
</option>
|
||||||
</select>
|
</select>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${t`Resident key requirement`}
|
||||||
|
?required=${true}
|
||||||
|
name="residentKeyRequirement"
|
||||||
|
>
|
||||||
|
<select class="pf-c-form-control">
|
||||||
|
<option
|
||||||
|
value="${ResidentKeyRequirementEnum.Discouraged}"
|
||||||
|
?selected=${this.instance?.residentKeyRequirement ===
|
||||||
|
ResidentKeyRequirementEnum.Discouraged}
|
||||||
|
>
|
||||||
|
${t`The authenticator should not create a dedicated credential`}
|
||||||
|
</option>
|
||||||
|
<option
|
||||||
|
value="${ResidentKeyRequirementEnum.Preferred}"
|
||||||
|
?selected=${this.instance?.residentKeyRequirement ===
|
||||||
|
ResidentKeyRequirementEnum.Preferred}
|
||||||
|
>
|
||||||
|
${t`The authenticator can create and store a dedicated credential, but if it doesn't that's alright too`}
|
||||||
|
</option>
|
||||||
|
<option
|
||||||
|
value="${ResidentKeyRequirementEnum.Required}"
|
||||||
|
?selected=${this.instance?.residentKeyRequirement ===
|
||||||
|
ResidentKeyRequirementEnum.Required}
|
||||||
|
>
|
||||||
|
${t`The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur`}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${t`Authenticator Attachment`}
|
||||||
|
?required=${true}
|
||||||
|
name="authenticatorAttachment"
|
||||||
|
>
|
||||||
|
<select class="pf-c-form-control">
|
||||||
|
<option
|
||||||
|
value=""
|
||||||
|
?selected=${this.instance?.authenticatorAttachment === null}
|
||||||
|
>
|
||||||
|
${t`No preference is sent`}
|
||||||
|
</option>
|
||||||
|
<option
|
||||||
|
value="${AuthenticatorAttachmentEnum.Platform}"
|
||||||
|
?selected=${this.instance?.authenticatorAttachment ===
|
||||||
|
AuthenticatorAttachmentEnum.Platform}
|
||||||
|
>
|
||||||
|
${t`A non-removable authenticator, like TouchID or Windows Hello`}
|
||||||
|
</option>
|
||||||
|
<option
|
||||||
|
value="${AuthenticatorAttachmentEnum.CrossPlatform}"
|
||||||
|
?selected=${this.instance?.authenticatorAttachment ===
|
||||||
|
AuthenticatorAttachmentEnum.CrossPlatform}
|
||||||
|
>
|
||||||
|
${t`A "roaming" authenticator, like a YubiKey`}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
<ak-form-element-horizontal label=${t`Configuration flow`} name="configureFlow">
|
<ak-form-element-horizontal label=${t`Configuration flow`} name="configureFlow">
|
||||||
<select class="pf-c-form-control">
|
<select class="pf-c-form-control">
|
||||||
<option
|
<option
|
||||||
|
|
Reference in a new issue