From cc5ddfd0bb726fc3cdadccaa75daf3681f7a2f42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 13:33:12 +0100 Subject: [PATCH 1/6] Reintroduce PIN registration with query param --- src/frontend/src/config.ts | 4 + src/frontend/src/flows/authorize/index.ts | 11 ++- src/frontend/src/flows/manage/index.ts | 9 +- src/frontend/src/flows/register/index.ts | 109 +++++++++++++++++---- src/frontend/src/flows/register/passkey.ts | 29 +++++- 5 files changed, 134 insertions(+), 28 deletions(-) diff --git a/src/frontend/src/config.ts b/src/frontend/src/config.ts index 6004b2f10e..6311a2343f 100644 --- a/src/frontend/src/config.ts +++ b/src/frontend/src/config.ts @@ -14,3 +14,7 @@ export const PORTAL_II_URL = "https://internetcomputer.org/internet-identity"; // Default support page URL for when error is shown to user export const ERROR_SUPPORT_URL = "https://identitysupport.dfinity.org/hc/en-us/articles/32301362727188"; + +// Pin is disallowed by default unless this query parameter is set. +// This is used for testing purposes because we still support logging in with PIN but not registering with it. +export const ENABLE_PIN_QUERY_PARAM_KEY = "enablePin"; diff --git a/src/frontend/src/flows/authorize/index.ts b/src/frontend/src/flows/authorize/index.ts index 303446a933..e276bed3ab 100644 --- a/src/frontend/src/flows/authorize/index.ts +++ b/src/frontend/src/flows/authorize/index.ts @@ -7,6 +7,7 @@ import { caretDownIcon } from "$src/components/icons"; import { withLoader } from "$src/components/loader"; import { showMessage } from "$src/components/message"; import { showSpinner } from "$src/components/spinner"; +import { ENABLE_PIN_QUERY_PARAM_KEY } from "$src/config"; import { getDapps } from "$src/flows/dappsExplorer/dapps"; import { recoveryWizard } from "$src/flows/recovery/recoveryWizard"; import { I18n } from "$src/i18n"; @@ -194,6 +195,13 @@ const authenticate = async ( }); } + const params = new URLSearchParams(window.location.search); + // Only allow PIN if query param is set and the request allows it + const allowPinAuthentication = + params.get(ENABLE_PIN_QUERY_PARAM_KEY) !== null + ? authContext.authRequest.allowPinAuthentication ?? false + : false; + const authSuccess = await authenticateBox({ connection, i18n, @@ -205,8 +213,7 @@ const authenticate = async ( dapp.hasOrigin(authContext.requestOrigin) ), }), - allowPinAuthentication: - authContext.authRequest.allowPinAuthentication ?? true, + allowPinAuthentication, autoSelectionIdentity: autoSelectionIdentity, }); diff --git a/src/frontend/src/flows/manage/index.ts b/src/frontend/src/flows/manage/index.ts index 03e5ecaf4c..be665999d1 100644 --- a/src/frontend/src/flows/manage/index.ts +++ b/src/frontend/src/flows/manage/index.ts @@ -14,7 +14,7 @@ import { withLoader } from "$src/components/loader"; import { logoutSection } from "$src/components/logout"; import { mainWindow } from "$src/components/mainWindow"; import { toast } from "$src/components/toast"; -import { LEGACY_II_URL } from "$src/config"; +import { ENABLE_PIN_QUERY_PARAM_KEY, LEGACY_II_URL } from "$src/config"; import { addDevice } from "$src/flows/addDevice/manage/addDevice"; import { dappsExplorer } from "$src/flows/dappsExplorer"; import { KnownDapp, getDapps } from "$src/flows/dappsExplorer/dapps"; @@ -96,6 +96,10 @@ export const authFlowManage = async (connection: Connection) => { const i18n = new I18n(); const dapps = shuffleArray(getDapps()); + const params = new URLSearchParams(window.location.search); + const allowPinAuthentication = + params.get(ENABLE_PIN_QUERY_PARAM_KEY) !== null; + const identityBackground = new PreLoadImage(identityCardBackground); // Go through the login flow, potentially creating an anchor. const { @@ -106,8 +110,7 @@ export const authFlowManage = async (connection: Connection) => { connection, i18n, templates: authnTemplateManage({ dapps }), - allowPinAuthentication: - true /* when authenticating to II directly we always allow pin */, + allowPinAuthentication, }); // Here, if the user is returning & doesn't have any recovery device, we prompt them to add diff --git a/src/frontend/src/flows/register/index.ts b/src/frontend/src/flows/register/index.ts index 1d5dea56a9..0ba1e09eb5 100644 --- a/src/frontend/src/flows/register/index.ts +++ b/src/frontend/src/flows/register/index.ts @@ -1,10 +1,17 @@ import { AuthnMethodData } from "$generated/internet_identity_types"; import { withLoader } from "$src/components/loader"; -import { PinIdentityMaterial } from "$src/crypto/pinIdentity"; +import { + PinIdentityMaterial, + constructPinIdentity, +} from "$src/crypto/pinIdentity"; import { idbStorePinIdentityMaterial } from "$src/flows/pin/idb"; import { registerDisabled } from "$src/flows/registerDisabled"; +import { I18n } from "$src/i18n"; import { setAnchorUsed } from "$src/storage"; -import { passkeyAuthnMethodData } from "$src/utils/authnMethodData"; +import { + passkeyAuthnMethodData, + pinAuthnMethodData, +} from "$src/utils/authnMethodData"; import { AlreadyInProgress, ApiError, @@ -23,7 +30,10 @@ import { import { SignIdentity } from "@dfinity/agent"; import { ECDSAKeyIdentity } from "@dfinity/identity"; import { nonNullish } from "@dfinity/utils"; +import { TemplateResult } from "lit-html"; import type { UAParser } from "ua-parser-js"; +import { tempKeyWarningBox } from "../manage/tempKeys"; +import { setPinFlow } from "../pin/setPin"; import { precomputeFirst, promptCaptcha } from "./captcha"; import { displayUserNumberWarmup } from "./finish"; import { savePasskeyOrPin } from "./passkey"; @@ -33,9 +43,9 @@ export const registerFlow = async ({ identityRegistrationStart, checkCaptcha, identityRegistrationFinish, - storePinIdentity: _storePinIdentity, + storePinIdentity, registrationAllowed, - pinAllowed: _pinAllowed, + pinAllowed, uaParser, }: { identityRegistrationStart: () => Promise< @@ -87,6 +97,7 @@ export const registerFlow = async ({ | RateLimitExceeded | "canceled" > => { + console.log("in da registerFlow"); if (!registrationAllowed) { const result = await registerDisabled(); result satisfies { tag: "canceled" }; @@ -98,24 +109,82 @@ export const registerFlow = async ({ const flowStart = precomputeFirst(() => identityRegistrationStart()); const displayUserNumber = displayUserNumberWarmup(); - const identity = await savePasskeyOrPin(); - if (identity === undefined) { - // TODO: Return something meaningful if getting the identity fails + const savePasskeyResult = await savePasskeyOrPin({ + pinAllowed: await pinAllowed(), + }); + if (savePasskeyResult === "canceled") { return "canceled"; } - const alias = await inferPasskeyAlias({ - authenticatorType: identity.getAuthenticatorAttachment(), - userAgent: navigator.userAgent, - uaParser, - }); + const result_ = await (async () => { + if (savePasskeyResult === "pin") { + const pinResult = await setPinFlow(); + if (pinResult.tag === "canceled") { + return "canceled"; + } - const authnMethodData = passkeyAuthnMethodData({ - alias, - pubKey: identity.getPublicKey().toDer(), - credentialId: identity.rawId, - authenticatorAttachment: identity.getAuthenticatorAttachment(), - }); - const authnMethod = "passkey" as const; + pinResult.tag satisfies "ok"; + + // XXX: this withLoader could be replaced with one that indicates what's happening (like the + // "Hang tight, ..." spinner) + const { identity, pinIdentityMaterial } = await withLoader(() => + constructPinIdentity(pinResult) + ); + const alias = await inferPinAlias({ + userAgent: navigator.userAgent, + uaParser, + }); + return { + identity, + authnMethodData: pinAuthnMethodData({ + alias, + pubKey: identity.getPublicKey().toDer(), + }), + finalizeIdentity: (userNumber: bigint) => + storePinIdentity({ userNumber, pinIdentityMaterial }), + finishSlot: tempKeyWarningBox({ i18n: new I18n() }), + authnMethod: "pin" as const, + }; + } else { + const identity = savePasskeyResult; + // TODO: Return something meaningful if getting the passkey identity fails + if (identity === undefined) { + return "canceled"; + } + const alias = await inferPasskeyAlias({ + authenticatorType: identity.getAuthenticatorAttachment(), + userAgent: navigator.userAgent, + uaParser, + }); + return { + identity, + authnMethodData: passkeyAuthnMethodData({ + alias, + pubKey: identity.getPublicKey().toDer(), + credentialId: identity.rawId, + authenticatorAttachment: identity.getAuthenticatorAttachment(), + }), + authnMethod: "passkey" as const, + }; + } + })(); + + if (result_ === "canceled") { + return "canceled"; + } + + const { + identity, + authnMethodData, + finalizeIdentity, + finishSlot, + authnMethod, + }: { + identity: SignIdentity; + authnMethodData: AuthnMethodData; + finalizeIdentity?: (userNumber: bigint) => Promise; + finishSlot?: TemplateResult; + authnMethod: "pin" | "passkey"; + } = result_; const startResult = await flowStart(); if (startResult.kind !== "registrationFlowStepSuccess") { @@ -150,6 +219,7 @@ export const registerFlow = async ({ result.kind satisfies "loginSuccess"; const userNumber = result.userNumber; + await finalizeIdentity?.(userNumber); // We don't want to nudge the user with the recovery phrase warning page // right after they've created their anchor. result.connection.updateIdentityMetadata({ @@ -162,6 +232,7 @@ export const registerFlow = async ({ ); await displayUserNumber({ userNumber, + marketingIntroSlot: finishSlot, }); return { ...result, authnMethod }; }; diff --git a/src/frontend/src/flows/register/passkey.ts b/src/frontend/src/flows/register/passkey.ts index 84ad27095d..fb67ed34b4 100644 --- a/src/frontend/src/flows/register/passkey.ts +++ b/src/frontend/src/flows/register/passkey.ts @@ -97,11 +97,32 @@ const savePasskeyTemplate = ({ export const savePasskeyPage = renderPage(savePasskeyTemplate); // Prompt the user to create a WebAuthn identity or a PIN identity (if allowed) -export const savePasskeyOrPin = async (): Promise< - IIWebAuthnIdentity | undefined -> => { +export const savePasskeyOrPin = async ({ + pinAllowed, +}: { + pinAllowed: boolean; +}): Promise => { + if (pinAllowed) { + return new Promise((resolve) => { + return savePasskeyPage({ + i18n: new I18n(), + cancel: () => resolve("canceled"), + scrollToTop: true, + constructPasskey: async () => { + try { + const identity = await withLoader(() => constructIdentity({})); + resolve(identity); + } catch (e) { + toast.error(errorMessage(e)); + } + }, + constructPin: pinAllowed ? () => resolve("pin") : undefined, + }); + }); + } try { - return await withLoader(() => constructIdentity({})); + const identity = await withLoader(() => constructIdentity({})); + return identity; } catch (e) { toast.error(errorMessage(e)); return undefined; From 1a45f6123e26fcf4731f587f2bb48e9365e438d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 13:36:40 +0100 Subject: [PATCH 2/6] Enable PIN e2e tests --- src/frontend/src/test-e2e/pinAuth.test.ts | 28 +++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/frontend/src/test-e2e/pinAuth.test.ts b/src/frontend/src/test-e2e/pinAuth.test.ts index de056b0aad..2436870839 100644 --- a/src/frontend/src/test-e2e/pinAuth.test.ts +++ b/src/frontend/src/test-e2e/pinAuth.test.ts @@ -24,10 +24,9 @@ import { const DEFAULT_PIN_DEVICE_NAME = "Chrome on Mac OS"; // TODO: GIX-3138 Clean up after release -// TODO: Test login with PIN only GIX-3139 -test.skip("PIN registration not enabled on non-Apple device", async () => { +test("PIN registration not enabled on non-Apple device", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const welcomeView = new WelcomeView(browser); await welcomeView.waitForDisplay(); await welcomeView.register(); @@ -40,11 +39,11 @@ test.skip("PIN registration not enabled on non-Apple device", async () => { // The PIN auth feature is only enabled for Apple specific user agents, so tests set the user // agent to chrome on macOS -test.skip("Register and Log in with PIN identity", async () => { +test("Register and Log in with PIN identity", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -55,10 +54,10 @@ test.skip("Register and Log in with PIN identity", async () => { }, APPLE_USER_AGENT); }, 300_000); -test.skip("Register with PIN and login without prefilled identity number", async () => { +test("Register with PIN and login without prefilled identity number", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); @@ -68,18 +67,18 @@ test.skip("Register with PIN and login without prefilled identity number", async await wipeStorage(browser); // load the II page again - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); await FLOWS.loginPinWelcomeView(userNumber, pin, browser); await mainView.waitForTempKeyDisplay(DEFAULT_PIN_DEVICE_NAME); }, APPLE_USER_AGENT); }, 300_000); -test.skip("Register and log in with PIN identity, retry on wrong PIN", async () => { +test("Register and log in with PIN identity, retry on wrong PIN", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; const wrongPin = "456321"; - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -100,12 +99,12 @@ test.skip("Register and log in with PIN identity, retry on wrong PIN", async () }, APPLE_USER_AGENT); }, 300_000); -test.skip("Should not prompt for PIN after deleting temp key", async () => { +test("Should not prompt for PIN after deleting temp key", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; await addVirtualAuthenticator(browser); - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -123,6 +122,7 @@ test.skip("Should not prompt for PIN after deleting temp key", async () => { }, APPLE_USER_AGENT); }, 300_000); +// TODO: Remove. This won't be reenabled. test.skip("Log into client application using PIN registration flow", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; @@ -144,11 +144,11 @@ test.skip("Log into client application using PIN registration flow", async () => }, APPLE_USER_AGENT); }, 300_000); -test.skip("Register with PIN then log into client application", async () => { +test("Register with PIN then log into client application", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(II_URL); + await browser.url(`${II_URL}?enablePin`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const demoAppView = new DemoAppView(browser); From 8c93cba4875c4550c49153aef2d34ffd6ffb8742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 13:49:28 +0100 Subject: [PATCH 3/6] Fix tests --- src/frontend/src/test-e2e/pinAuth.test.ts | 43 ++++------------------- 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/src/frontend/src/test-e2e/pinAuth.test.ts b/src/frontend/src/test-e2e/pinAuth.test.ts index 2436870839..4edac4a887 100644 --- a/src/frontend/src/test-e2e/pinAuth.test.ts +++ b/src/frontend/src/test-e2e/pinAuth.test.ts @@ -12,14 +12,7 @@ import { switchToPopup, wipeStorage, } from "./util"; -import { - AuthenticateView, - DemoAppView, - MainView, - PinAuthView, - RegisterView, - WelcomeView, -} from "./views"; +import { AuthenticateView, DemoAppView, MainView, PinAuthView } from "./views"; const DEFAULT_PIN_DEVICE_NAME = "Chrome on Mac OS"; @@ -27,12 +20,12 @@ const DEFAULT_PIN_DEVICE_NAME = "Chrome on Mac OS"; test("PIN registration not enabled on non-Apple device", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { await browser.url(`${II_URL}?enablePin`); - const welcomeView = new WelcomeView(browser); - await welcomeView.waitForDisplay(); - await welcomeView.register(); - const registerView = new RegisterView(browser); - await registerView.waitForDisplay(); - await registerView.assertPinRegistrationNotShown(); + // The PIN registration flow should not be enabled and go directly to login with passkey + await addVirtualAuthenticator(browser); + await FLOWS.registerNewIdentityWelcomeView(browser); + const mainView = new MainView(browser); + await mainView.waitForDeviceDisplay(DEVICE_NAME1); + await mainView.logout(); }, EDGE_USER_AGENT); }, 300_000); @@ -122,28 +115,6 @@ test("Should not prompt for PIN after deleting temp key", async () => { }, APPLE_USER_AGENT); }, 300_000); -// TODO: Remove. This won't be reenabled. -test.skip("Log into client application using PIN registration flow", async () => { - await runInBrowser(async (browser: WebdriverIO.Browser) => { - const pin = "123456"; - - const demoAppView = new DemoAppView(browser); - await demoAppView.open(TEST_APP_NICE_URL, II_URL); - await demoAppView.waitForDisplay(); - expect(await demoAppView.getPrincipal()).toBe(""); - await demoAppView.signin(); - await switchToPopup(browser); - await FLOWS.registerPinNewIdentityAuthenticateView(pin, browser); - - const principal = await demoAppView.waitForAuthenticated(); - expect(await demoAppView.whoami()).toBe(principal); - - // default value - const exp = await browser.$("#expiration").getText(); - expect(Number(exp) / (8 * 60 * 60_000_000_000)).toBeCloseTo(1); - }, APPLE_USER_AGENT); -}, 300_000); - test("Register with PIN then log into client application", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; From 98217962bc4dd69e332998ffa2c656d55cafe834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 13:55:32 +0100 Subject: [PATCH 4/6] Use variable for query param in e2e test --- src/frontend/src/test-e2e/pinAuth.test.ts | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/frontend/src/test-e2e/pinAuth.test.ts b/src/frontend/src/test-e2e/pinAuth.test.ts index 4edac4a887..263a9ca655 100644 --- a/src/frontend/src/test-e2e/pinAuth.test.ts +++ b/src/frontend/src/test-e2e/pinAuth.test.ts @@ -15,11 +15,13 @@ import { import { AuthenticateView, DemoAppView, MainView, PinAuthView } from "./views"; const DEFAULT_PIN_DEVICE_NAME = "Chrome on Mac OS"; +// Same as in frontend/src/config.ts +const ENABLE_PIN_QUERY_PARAM_KEY = "enablePin"; // TODO: GIX-3138 Clean up after release test("PIN registration not enabled on non-Apple device", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); // The PIN registration flow should not be enabled and go directly to login with passkey await addVirtualAuthenticator(browser); await FLOWS.registerNewIdentityWelcomeView(browser); @@ -36,7 +38,7 @@ test("Register and Log in with PIN identity", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -50,7 +52,7 @@ test("Register and Log in with PIN identity", async () => { test("Register with PIN and login without prefilled identity number", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); @@ -60,7 +62,7 @@ test("Register with PIN and login without prefilled identity number", async () = await wipeStorage(browser); // load the II page again - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); await FLOWS.loginPinWelcomeView(userNumber, pin, browser); await mainView.waitForTempKeyDisplay(DEFAULT_PIN_DEVICE_NAME); }, APPLE_USER_AGENT); @@ -71,7 +73,7 @@ test("Register and log in with PIN identity, retry on wrong PIN", async () => { const pin = "123456"; const wrongPin = "456321"; - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -97,7 +99,7 @@ test("Should not prompt for PIN after deleting temp key", async () => { const pin = "123456"; await addVirtualAuthenticator(browser); - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const mainView = new MainView(browser); await mainView.waitForDisplay(); // we should be logged in @@ -119,7 +121,7 @@ test("Register with PIN then log into client application", async () => { await runInBrowser(async (browser: WebdriverIO.Browser) => { const pin = "123456"; - await browser.url(`${II_URL}?enablePin`); + await browser.url(`${II_URL}?${ENABLE_PIN_QUERY_PARAM_KEY}`); const userNumber = await FLOWS.registerPinWelcomeView(browser, pin); const demoAppView = new DemoAppView(browser); From 6a7a77ae14aa8115de4e58546383308bf1cfb9a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 14:23:27 +0100 Subject: [PATCH 5/6] Fix e2e test --- src/frontend/src/flows/authorize/index.ts | 12 +++--------- src/frontend/src/flows/register/index.ts | 7 ++++++- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/src/frontend/src/flows/authorize/index.ts b/src/frontend/src/flows/authorize/index.ts index e276bed3ab..700d47c4c5 100644 --- a/src/frontend/src/flows/authorize/index.ts +++ b/src/frontend/src/flows/authorize/index.ts @@ -7,7 +7,6 @@ import { caretDownIcon } from "$src/components/icons"; import { withLoader } from "$src/components/loader"; import { showMessage } from "$src/components/message"; import { showSpinner } from "$src/components/spinner"; -import { ENABLE_PIN_QUERY_PARAM_KEY } from "$src/config"; import { getDapps } from "$src/flows/dappsExplorer/dapps"; import { recoveryWizard } from "$src/flows/recovery/recoveryWizard"; import { I18n } from "$src/i18n"; @@ -195,13 +194,6 @@ const authenticate = async ( }); } - const params = new URLSearchParams(window.location.search); - // Only allow PIN if query param is set and the request allows it - const allowPinAuthentication = - params.get(ENABLE_PIN_QUERY_PARAM_KEY) !== null - ? authContext.authRequest.allowPinAuthentication ?? false - : false; - const authSuccess = await authenticateBox({ connection, i18n, @@ -213,7 +205,9 @@ const authenticate = async ( dapp.hasOrigin(authContext.requestOrigin) ), }), - allowPinAuthentication, + // This allows logging in with a PIN but not registering with a PIN + allowPinAuthentication: + authContext.authRequest.allowPinAuthentication ?? true, autoSelectionIdentity: autoSelectionIdentity, }); diff --git a/src/frontend/src/flows/register/index.ts b/src/frontend/src/flows/register/index.ts index 0ba1e09eb5..6adfe21bf8 100644 --- a/src/frontend/src/flows/register/index.ts +++ b/src/frontend/src/flows/register/index.ts @@ -1,5 +1,6 @@ import { AuthnMethodData } from "$generated/internet_identity_types"; import { withLoader } from "$src/components/loader"; +import { ENABLE_PIN_QUERY_PARAM_KEY } from "$src/config"; import { PinIdentityMaterial, constructPinIdentity, @@ -251,6 +252,10 @@ export const getRegisterFlowOpts = async ({ const tempIdentity = await ECDSAKeyIdentity.generate({ extractable: false, }); + const params = new URLSearchParams(window.location.search); + // Only allow PIN if query param is set and the request allows it + const allowPinRegistration = + params.get(ENABLE_PIN_QUERY_PARAM_KEY) !== null && allowPinAuthentication; return { /** Check that the current origin is not the explicit canister id or a raw url. * Explanation why we need to do this: @@ -263,7 +268,7 @@ export const getRegisterFlowOpts = async ({ pinAllowed: () => // If pin auth is disallowed by the authenticating dapp then abort, otherwise check // if pin auth is allowed for the user agent - allowPinAuthentication + allowPinRegistration ? pinRegisterAllowed({ userAgent: navigator.userAgent, uaParser }) : Promise.resolve(false), identityRegistrationStart: async () => From 1d072b39ca9c5856f94496967fb60861de8f17c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Wed, 27 Nov 2024 14:32:24 +0100 Subject: [PATCH 6/6] Remove console.log --- src/frontend/src/flows/register/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/frontend/src/flows/register/index.ts b/src/frontend/src/flows/register/index.ts index 6adfe21bf8..0f950a9e74 100644 --- a/src/frontend/src/flows/register/index.ts +++ b/src/frontend/src/flows/register/index.ts @@ -98,7 +98,6 @@ export const registerFlow = async ({ | RateLimitExceeded | "canceled" > => { - console.log("in da registerFlow"); if (!registrationAllowed) { const result = await registerDisabled(); result satisfies { tag: "canceled" };