MC-22950: Enable 2FA by default for Admins

nathanjosiah · nathanjosiah · commit 23ed204b8be9 · 2020-03-24T15:27:32.000-05:00
- More compatibility changes
- UI/UX enhancements
diff --git a/TwoFactorAuth/Model/Provider/Engine/U2fKey/WebAuthn.php b/TwoFactorAuth/Model/Provider/Engine/U2fKey/WebAuthn.php
@@ -223,8 +223,6 @@ public function getPublicKeyFromRegistrationData(array $data): array
         $attestationObject = CBOREncoder::decode($byteString);
         if (empty($attestationObject['fmt'])
             || empty($attestationObject['authData'])
-            || $attestationObject['fmt'] === 'fido-u2f'
-            || $attestationObject['fmt'] !== 'none' && $attestationObject['fmt'] !== 'packed'
         ) {
             throw new ValidationException(__('Invalid U2F key data'));
         }
@@ -240,8 +238,8 @@ public function getPublicKeyFromRegistrationData(array $data): array
             throw new ValidationException(__('Invalid U2F key data'));
         }
 
-        // User presence, attestation data, user verified
-        if (!($attestationObject['flags'] & 0b1000011)) {
+        // User presence, attestation data
+        if (!($attestationObject['flags'] & 0b1000001)) {
             throw new ValidationException(__('Invalid U2F key data'));
         }
 
@@ -266,7 +264,8 @@ public function getPublicKeyFromRegistrationData(array $data): array
 
         return [
             'key' => $attestationObject['attestationData']['keyBytes'],
-            'id' => $data['id']
+            'id' => $data['id'],
+            'aaguid' => $attestationObject['attestationData']['aaguid'] ?? null
         ];
     }
 
diff --git a/TwoFactorAuth/view/adminhtml/web/css/u2f.css b/TwoFactorAuth/view/adminhtml/web/css/u2f.css
@@ -7,10 +7,7 @@ fieldset {
     text-align: center;
 }
 
-.tfa-u2f-touch-key {
-    margin-bottom: 1em;
-}
-
+.tfa-u2f-touch-key,
 .tfa-u2f-try-again {
     margin-bottom: 1em;
 }
diff --git a/TwoFactorAuth/view/adminhtml/web/js/u2fkey/auth.js b/TwoFactorAuth/view/adminhtml/web/js/u2fkey/auth.js
@@ -18,7 +18,8 @@ define([
 
         defaults: {
             template: 'Magento_TwoFactorAuth/u2fkey/auth',
-            idle: ko.observable(true)
+            idle: ko.observable(true),
+            loading: ko.observable(false)
         },
 
         postUrl: '',
@@ -113,6 +114,7 @@ define([
          * @private
          */
         _processCredentialData: function (credentialData) {
+            this.loading(true);
             $.post(this.getPostUrl(), {
                 publicKeyCredential: {
                     type: credentialData.type,
@@ -126,6 +128,8 @@ define([
                 }
             })
             .done(function (res) {
+                this.loading(false);
+
                 if (res.success) {
                     this.currentStep('login');
                     self.location.href = this.getSuccessUrl();
@@ -136,6 +140,7 @@ define([
             }.bind(this))
             .fail(function () {
                 error.display($t('Invalid key or key is not registered.'));
+                this.loading(false);
                 this.idle(true);
             }.bind(this));
         },
diff --git a/TwoFactorAuth/view/adminhtml/web/js/u2fkey/configure.js b/TwoFactorAuth/view/adminhtml/web/js/u2fkey/configure.js
@@ -18,7 +18,8 @@ define([
 
         defaults: {
             template: 'Magento_TwoFactorAuth/u2fkey/configure',
-            idle: ko.observable(true)
+            idle: ko.observable(true),
+            loading: ko.observable(false)
         },
 
         postUrl: '',
@@ -125,6 +126,7 @@ define([
                 return;
             }
 
+            this.loading(true);
             $.post(this.getPostUrl(), {
                 publicKeyCredential: {
                     id: utils.arrayBufferToBase64(credentialData.rawId),
@@ -137,6 +139,8 @@ define([
                 }
             })
             .done(function (res) {
+                this.loading(false);
+
                 if (res.success) {
                     this.currentStep('login');
                     self.location.href = this.getSuccessUrl();
@@ -147,6 +151,7 @@ define([
             }.bind(this))
             .fail(function () {
                 error.display($t('Unable to register your device'));
+                this.loading(false);
                 this.idle(true);
             }.bind(this));
         },
diff --git a/TwoFactorAuth/view/adminhtml/web/template/u2fkey/auth.html b/TwoFactorAuth/view/adminhtml/web/template/u2fkey/auth.html
@@ -27,4 +27,12 @@ <h3 translate="'Plug in your U2F key and follow instructions'"></h3>
         </div>
         <div translate="'Redirecting to Magento Admin Panel...'"></div>
     </div>
+    <div visible='$data.loading' class="tfa-waitbox">
+        <div data-role="spinner">
+            <div class="spinner">
+                <span/><span/><span/><span/><span/><span/><span/><span/>
+            </div>
+        </div>
+        <div translate="'Loading...'"></div>
+    </div>
 </div>
diff --git a/TwoFactorAuth/view/adminhtml/web/template/u2fkey/configure.html b/TwoFactorAuth/view/adminhtml/web/template/u2fkey/configure.html
@@ -27,4 +27,12 @@ <h3 translate="'Plug in your U2F key and follow instructions'"></h3>
         </div>
         <div translate="'Redirecting to Magento Admin Panel...'"></div>
     </div>
+    <div visible='$data.loading' class="tfa-waitbox">
+        <div data-role="spinner">
+            <div class="spinner">
+                <span/><span/><span/><span/><span/><span/><span/><span/>
+            </div>
+        </div>
+        <div translate="'Loading...'"></div>
+    </div>
 </div>

Original file line number	Diff line number	Diff line change
`@@ -223,8 +223,6 @@ public function getPublicKeyFromRegistrationData(array $data): array`
`223`	`223`	`$attestationObject = CBOREncoder::decode($byteString);`
`224`	`224`	`if (empty($attestationObject['fmt'])`
`225`	`225`	`\|\| empty($attestationObject['authData'])`
`226`		`- \|\| $attestationObject['fmt'] === 'fido-u2f'`
`227`		`- \|\| $attestationObject['fmt'] !== 'none' && $attestationObject['fmt'] !== 'packed'`
`228`	`226`	`) {`
`229`	`227`	`throw new ValidationException(__('Invalid U2F key data'));`
`230`	`228`	`}`
`@@ -240,8 +238,8 @@ public function getPublicKeyFromRegistrationData(array $data): array`
`240`	`238`	`throw new ValidationException(__('Invalid U2F key data'));`
`241`	`239`	`}`
`242`	`240`
`243`		`- // User presence, attestation data, user verified`
`244`		`- if (!($attestationObject['flags'] & 0b1000011)) {`
	`241`	`+ // User presence, attestation data`
	`242`	`+ if (!($attestationObject['flags'] & 0b1000001)) {`
`245`	`243`	`throw new ValidationException(__('Invalid U2F key data'));`
`246`	`244`	`}`
`247`	`245`
`@@ -266,7 +264,8 @@ public function getPublicKeyFromRegistrationData(array $data): array`
`266`	`264`
`267`	`265`	`return [`
`268`	`266`	`'key' => $attestationObject['attestationData']['keyBytes'],`
`269`		`- 'id' => $data['id']`
	`267`	`+ 'id' => $data['id'],`
	`268`	`+ 'aaguid' => $attestationObject['attestationData']['aaguid'] ?? null`
`270`	`269`	`];`
`271`	`270`	`}`
`272`	`271`
Original file line number	Diff line number	Diff line change
`@@ -7,10 +7,7 @@ fieldset {`
`7`	`7`	`text-align: center;`
`8`	`8`	`}`
`9`	`9`
`10`		`-.tfa-u2f-touch-key {`
`11`		`- margin-bottom: 1em;`
`12`		`-}`
`13`		`-`
	`10`	`+.tfa-u2f-touch-key,`
`14`	`11`	`.tfa-u2f-try-again {`
`15`	`12`	`margin-bottom: 1em;`
`16`	`13`	`}`