fix: Better integration with cbSecurity when not using cbauth

Author: elpete

ModuleConfig.cfc

@@ -14,6 +14,13 @@ component {
 			"relyingPartyName" : controller.getSetting( "appName" ),
 			"allowedOrigins" : []
 		};
+
+		interceptorSettings = {
+			"customInterceptionPoints" : [
+				"onPasskeyLogin",
+				"onPasskeyRegistration"
+			]
+		};
 	}
 
 	function afterAspectsLoad() {
@@ -37,6 +44,7 @@ component {
 			.build();
 
 		if ( settings.allowedOrigins.isEmpty() ) {
+			throw( "You are required to set at least one `allowedOrigin` to use cbsecurity-passkeys" );
 		}
 
 		var rpBuilder = createObject( "java", "com.yubico.webauthn.RelyingParty" )

README.md

@@ -18,7 +18,7 @@ this.javaSettings = {
 };
 ```
 
-3. Implement the `ICredentialRepository` interface. (See an example in `/resources/examples/Passkey.cfc`)
+3. Implement the `ICredentialRepository` interface. (See an example in `/resources/examples/quick/Passkey.cfc`)
 
 4. Configure your `credentialRepositoryMapping` in `config/ColdBox.cfc`
 ```js
@@ -27,4 +27,36 @@ moduleSettings = {
         "credentialRepositoryMapping": "Passkey"
     }
 }
+```
+
+5. Configure at least one (1) `allowedOrigins`
+```js
+moduleSettings = {
+    "cbsecurity-passkeys": {
+        "credentialRepositoryMapping": "Passkey",
+        "allowedOrigins": [ "example.com" ]
+    }
+}
+```
+
+Integrate using the `includes/passkeys.js` library:
+
+```html
+<script src="/modules/cbsecurity-passkeys/includes/passkeys.js"></script>
+<script type="module">
+    if ( await window.cbSecurity.passkeys.isSupported() ) {
+        await window.cbSecurity.passkeys.register(
+            // redirectLocation ("/")
+        );
+    }
+</script>
+<script type="module">
+    if ( await window.cbSecurity.passkeys.isSupported() ) {
+        await window.cbSecurity.passkeys.login(
+            // username (optional)
+            // redirectLocation ("/")
+            // additionalParams ({})
+        )
+    }
+</script>
 ```

handlers/Authentication.cfc

@@ -91,12 +91,12 @@ component {
 			log.debug( "Passkey assertion successful for user [#username#]." );
 		}
 
-		var user = auth().getUserService().retrieveUserByUsername( username );
+		var user = cbSecure().getUserService().retrieveUserByUsername( username );
 
 		if ( log.canDebug() ) {
 			log.debug( "Logging in user [#username#] from a successful Passkey assertion." );
 		}
-		auth().login( user );
+		cbSecure().getAuthService().login( user );
 
 		if ( log.canDebug() ) {
 			log.debug( "Updating the credential after a successful Passkey assertion." );
@@ -109,6 +109,8 @@ component {
 			lastUsedTimestamp = now()
 		);
 
+		announce( "onPasskeyLogin", { "event" : event, "user" : user } );
+
 		event.renderData(
 			type = "json",
 			statusCode = 200,

handlers/Registration.cfc

@@ -6,11 +6,11 @@ component secured {
 	property name="flash" inject="coldbox:flash";
 
 	function new( event, rc, prc ) {
-		var user = auth().user();
+		var user = cbSecure().getUser();
 		var name = variables.clientCredentialRepository.getUsernameForUser( user );
 		var displayName = variables.clientCredentialRepository.getDisplayNameForUser( user );
 		var idByteArray = createObject( "java", "com.yubico.webauthn.data.ByteArray" ).init(
-			variables.clientCredentialRepository.getUserHandleForUser( auth().user() )
+			variables.clientCredentialRepository.getUserHandleForUser( cbSecure().getUser() )
 		);
 
 		if ( log.canDebug() ) {
@@ -102,7 +102,7 @@ component secured {
 			}
 
 			variables.clientCredentialRepository.storeCredentialForUser(
-				user = auth().user(),
+				user = cbSecure().getUser(),
 				credentialId = result
 					.getKeyId()
 					.getId()

resources/assets/js/passkeys.js

@@ -27,40 +27,54 @@ const passkeys = {
 		const publicKeyCredential = await webauthnJSON.create(credentialCreateOptions);
 
 		// Return encoded PublicKeyCredential to server
-		await fetch("/cbsecurity/passkeys/registration", {
+		const registrationResponse = await fetch("/cbsecurity/passkeys/registration", {
 			method: "POST",
 			headers: {
 				"Content-Type": "application/json"
 			},
 			body: JSON.stringify({
 				"publicKeyCredentialJson": JSON.stringify(publicKeyCredential)
 			})
-		})
-		window.location = redirectLocation;
+		});
+
+		if (registrationResponse.ok) {
+			window.location = redirectLocation;
+		} else {
+			console.error("cbsecurity-passkeys - Registration failed:", registrationResponse);
+		}
 	},
-	async login(username, redirectLocation = "/") {
-			// Make the call that returns the credentialGetJson above
-			const credentialGetOptions = await fetch("/cbsecurity/passkeys/authentication/new?" + new URLSearchParams({
-				"username": username
-			}))
-				.then(resp => resp.json())
-				.then(json => JSON.parse(json));
+	async login(username, redirectLocation = "/", additionalParams = {}) {
+		if ( !username ) {
+			username = "";
+		}
+		// Make the call that returns the credentialGetJson above
+		const credentialGetOptions = await fetch("/cbsecurity/passkeys/authentication/new?" + new URLSearchParams({
+			...additionalParams,
+			"username": username,
+		}))
+			.then(resp => resp.json())
+			.then(json => JSON.parse(json));
+
+		// Call WebAuthn ceremony using webauthn-json wrapper
+		const publicKeyCredential = await webauthnJSON.get(credentialGetOptions);
 
-			// Call WebAuthn ceremony using webauthn-json wrapper
-			const publicKeyCredential = await webauthnJSON.get(credentialGetOptions);
+		// Return encoded PublicKeyCredential to server
+		const authenticationResponse = await fetch("/cbsecurity/passkeys/authentication", {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json"
+			},
+			body: JSON.stringify({
+				...additionalParams,
+				"publicKeyCredentialJson": JSON.stringify(publicKeyCredential)
+			})
+		});
 
-			// Return encoded PublicKeyCredential to server
-			await fetch("/cbsecurity/passkeys/authentication", {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/json"
-				},
-				body: JSON.stringify({
-					"publicKeyCredentialJson": JSON.stringify(publicKeyCredential)
-				})
-			}).then( () => {
-				window.location = redirectLocation;
-			});
+		if (authenticationResponse.ok) {
+			window.location = redirectLocation;
+		} else {
+			console.error("cbsecurity-passkeys - Authentication failed:", authenticationResponse);
+		}
 	},
 };