KEYCLOAK-12900 NullPointerException during WebAuthn Registration (#6732)
This commit is contained in:
Martin Bartoš
GitHub
parent
9b2e7f6e2c
commit
7dec314ed0
4 changed files with 17 additions and 12 deletions
|
|
@ -44,6 +44,7 @@ public interface WebAuthnConstants {
|
|||
final String ALLOWED_AUTHENTICATORS = "authenticators";
|
||||
final String IS_USER_IDENTIFIED = "isUserIdentified";
|
||||
final String USER_VERIFICATION = "userVerification";
|
||||
final String IS_SET_RETRY = "isSetRetry";
|
||||
|
||||
|
||||
// Event key for credential id generated by navigator.credentials.create()
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator
|
|||
|
||||
private static final Logger logger = Logger.getLogger(WebAuthnAuthenticator.class);
|
||||
private KeycloakSession session;
|
||||
private WebAuthnAuthenticatorsBean authenticators;
|
||||
|
||||
public WebAuthnAuthenticator(KeycloakSession session) {
|
||||
this.session = session;
|
||||
|
|
@ -84,7 +83,7 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator
|
|||
boolean isUserIdentified = false;
|
||||
if (user != null) {
|
||||
// in 2 Factor Scenario where the user has already been identified
|
||||
authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
|
||||
WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
|
||||
if (authenticators.getAuthenticators().isEmpty()) {
|
||||
// require the user to register webauthn authenticator
|
||||
return;
|
||||
|
|
@ -287,8 +286,12 @@ public class WebAuthnAuthenticator implements Authenticator, CredentialValidator
|
|||
|
||||
private Response createErrorResponse(AuthenticationFlowContext context, final String errorCase) {
|
||||
LoginFormsProvider provider = context.form().setError(errorCase);
|
||||
if (authenticators != null && authenticators.getAuthenticators() != null) {
|
||||
provider.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
|
||||
UserModel user = context.getUser();
|
||||
if (user != null) {
|
||||
WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
|
||||
if (authenticators.getAuthenticators() != null) {
|
||||
provider.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
|
||||
}
|
||||
}
|
||||
return provider.createWebAuthnErrorPage();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -165,6 +165,12 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
|
|||
|
||||
MultivaluedMap<String, String> params = context.getHttpRequest().getDecodedFormParameters();
|
||||
|
||||
String isSetRetry = params.getFirst(WebAuthnConstants.IS_SET_RETRY);
|
||||
if (isSetRetry != null && !isSetRetry.isEmpty()) {
|
||||
requiredActionChallenge(context);
|
||||
return;
|
||||
}
|
||||
|
||||
context.getEvent().detail(Details.CREDENTIAL_TYPE, getCredentialType());
|
||||
|
||||
// receive error from navigator.credentials.create()
|
||||
|
|
@ -329,7 +335,6 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
|
|||
|
||||
private static final String ERR_LABEL = "web_authn_registration_error";
|
||||
private static final String ERR_DETAIL_LABEL = "web_authn_registration_error_detail";
|
||||
private static final String REGISTRATION_ATTR = "webAuthnRegistration";
|
||||
|
||||
private void setErrorResponse(RequiredActionContext context, final String errorCase, final String errorMessage) {
|
||||
Response errorResponse = null;
|
||||
|
|
@ -343,7 +348,6 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
|
|||
errorResponse = context.form()
|
||||
.setError(errorCase)
|
||||
.setAttribute(WEB_AUTHN_TITLE_ATTR, WEBAUTHN_REGISTER_TITLE)
|
||||
.setAttribute(REGISTRATION_ATTR,true)
|
||||
.createWebAuthnErrorPage();
|
||||
context.challenge(errorResponse);
|
||||
break;
|
||||
|
|
@ -356,7 +360,6 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
|
|||
errorResponse = context.form()
|
||||
.setError(errorCase)
|
||||
.setAttribute(WEB_AUTHN_TITLE_ATTR, WEBAUTHN_REGISTER_TITLE)
|
||||
.setAttribute(REGISTRATION_ATTR,true)
|
||||
.createWebAuthnErrorPage();
|
||||
context.challenge(errorResponse);
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -6,10 +6,7 @@
|
|||
|
||||
<script type="text/javascript">
|
||||
refreshPage = () => {
|
||||
if ('${execution}' === "webauthn-register") {
|
||||
location.reload();
|
||||
return false;
|
||||
}
|
||||
document.getElementById('isSetRetry').value = 'retry';
|
||||
document.getElementById('executionValue').value = '${execution}';
|
||||
document.getElementById('kc-error-credential-form').submit();
|
||||
}
|
||||
|
|
@ -18,13 +15,14 @@
|
|||
<form id="kc-error-credential-form" class="${properties.kcFormClass!}" action="${url.loginAction}"
|
||||
method="post">
|
||||
<input type="hidden" id="executionValue" name="authenticationExecution"/>
|
||||
<input type="hidden" id="isSetRetry" name="isSetRetry"/>
|
||||
</form>
|
||||
|
||||
<#if authenticators??>
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>${kcSanitize(msg("webauthn-available-authenticators")?no_esc)}</th>
|
||||
<th>${kcSanitize(msg("webauthn-available-authenticators"))?no_esc}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
|
|
|||
Loading…
Reference in a new issue