Allow WebAuthn on localhost as well

* browsers typically whiteliste this as well - https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API * for developing purposes see https://developer.chrome.com/docs/devtools/webauthn/ Signed-off-by: Morris Jobke <[email protected]> Signed-off-by: Louis Chemineau <[email protected]>
nextcloud · Jun 17, 2021 · 2e13e1a · 2e13e1a
1 parent ff8cfbb
commit 2e13e1a
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 4 deletions.
diff --git a/apps/settings/src/components/WebAuthn/AddDevice.vue b/apps/settings/src/components/WebAuthn/AddDevice.vue
@@ -20,7 +20,7 @@
   -->
 
 <template>
-	<div v-if="!isHttps">
+	<div v-if="!isHttps && !isLocalhost">
 		{{ t('settings', 'Passwordless authentication requires a secure connection.') }}
 	</div>
 	<div v-else>
@@ -89,6 +89,10 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		isLocalhost: {
+			type: Boolean,
+			default: false,
+		},
 	},
 	data() {
 		return {

diff --git a/apps/settings/src/components/WebAuthn/Section.vue b/apps/settings/src/components/WebAuthn/Section.vue
@@ -40,7 +40,7 @@
 			{{ t('settings', 'Your browser does not support WebAuthn.') }}
 		</p>
 
-		<AddDevice v-if="hasPublicKeyCredential" :is-https="isHttps" @added="deviceAdded" />
+		<AddDevice v-if="hasPublicKeyCredential" :is-https="isHttps" :is-localhost="isLocalhost" @added="deviceAdded" />
 	</div>
 </template>
 
@@ -69,6 +69,10 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		isLocalhost: {
+			type: Boolean,
+			default: false,
+		},
 		hasPublicKeyCredential: {
 			type: Boolean,
 			default: false,

diff --git a/apps/settings/src/main-personal-webauth.js b/apps/settings/src/main-personal-webauth.js
@@ -36,6 +36,7 @@ new View({
 	propsData: {
 		initialDevices: devices,
 		isHttps: window.location.protocol === 'https:',
+		isLocalhost: window.location.hostname === 'localhost',
 		hasPublicKeyCredential: typeof (window.PublicKeyCredential) !== 'undefined',
 	},
 }).$mount('#security-webauthn')
diff --git a/core/src/components/login/PasswordLessLoginForm.vue b/core/src/components/login/PasswordLessLoginForm.vue
@@ -1,5 +1,5 @@
 <template>
-	<form v-if="isHttps && hasPublicKeyCredential"
+	<form v-if="(isHttps || isLocalhost) && hasPublicKeyCredential"
 		ref="loginForm"
 		method="post"
 		name="login"
@@ -32,7 +32,7 @@
 	<div v-else-if="!hasPublicKeyCredential">
 		{{ t('core', 'Passwordless authentication is not supported in your browser.') }}
 	</div>
-	<div v-else-if="!isHttps">
+	<div v-else-if="!isHttps && !isLocalhost">
 		{{ t('core', 'Passwordless authentication is only available over a secure connection.') }}
 	</div>
 </template>
@@ -73,6 +73,10 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		isLocalhost: {
+			type: Boolean,
+			default: false,
+		},
 		hasPublicKeyCredential: {
 			type: Boolean,
 			default: false,

diff --git a/core/src/login.js b/core/src/login.js
@@ -71,6 +71,7 @@ new View({
 		hasPasswordless: fromStateOr('webauthn-available', false),
 		countAlternativeLogins: fromStateOr('countAlternativeLogins', false),
 		isHttps: window.location.protocol === 'https:',
+		isLocalhost: window.location.hostname === 'localhost',
 		hasPublicKeyCredential: typeof (window.PublicKeyCredential) !== 'undefined',
 		hideLoginForm: fromStateOr('hideLoginForm', false),
 	},

diff --git a/core/src/views/Login.vue b/core/src/views/Login.vue
@@ -73,6 +73,7 @@
 					:inverted-colors="invertedColors"
 					:auto-complete-allowed="autoCompleteAllowed"
 					:is-https="isHttps"
+					:is-localhost="isLocalhost"
 					:has-public-key-credential="hasPublicKeyCredential"
 					@submit="loading = true" />
 				<a href="#" @click.prevent="passwordlessLogin = false">
@@ -176,6 +177,10 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		isLocalhost: {
+			type: Boolean,
+			default: false,
+		},
 		hasPublicKeyCredential: {
 			type: Boolean,
 			default: false,