ghostfolio/apps/client/src/app/services/web-authn.service.ts

import { HttpClient } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { AuthDeviceDto } from '@ghostfolio/api/app/auth-device/auth-device.dto';
import {
  PublicKeyCredentialCreationOptionsJSON,
  PublicKeyCredentialRequestOptionsJSON
} from '@ghostfolio/api/app/auth/interfaces/simplewebauthn';
import { SettingsStorageService } from '@ghostfolio/client/services/settings-storage.service';
import {
  startAuthentication,
  startRegistration
} from '@simplewebauthn/browser';
import { of } from 'rxjs';
import { catchError, switchMap, tap } from 'rxjs/operators';

@Injectable({
  providedIn: 'root'
})
export class WebAuthnService {
  private static readonly WEB_AUTH_N_DEVICE_ID = 'WEB_AUTH_N_DEVICE_ID';

  public constructor(
    private http: HttpClient,
    private settingsStorageService: SettingsStorageService
  ) {}

  public isSupported() {
    return typeof PublicKeyCredential !== 'undefined';
  }

  public isEnabled() {
    return !!this.getDeviceId();
  }

  public register() {
    return this.http
      .get<PublicKeyCredentialCreationOptionsJSON>(
        `/api/auth/webauthn/generate-registration-options`,
        {}
      )
      .pipe(
        catchError((error) => {
          console.warn('Could not register device', error);
          return of(null);
        }),
        switchMap((attOps) => {
          return startRegistration(attOps);
        }),
        switchMap((attResp) => {
          return this.http.post<AuthDeviceDto>(
            `/api/auth/webauthn/verify-attestation`,
            {
              credential: attResp
            }
          );
        }),
        tap((authDevice) =>
          this.settingsStorageService.setSetting(
            WebAuthnService.WEB_AUTH_N_DEVICE_ID,
            authDevice.id
          )
        )
      );
  }

  public deregister() {
    const deviceId = this.getDeviceId();
    return this.http.delete<AuthDeviceDto>(`/api/auth-device/${deviceId}`).pipe(
      catchError((error) => {
        console.warn(`Could not deregister device ${deviceId}`, error);
        return of(null);
      }),
      tap(() =>
        this.settingsStorageService.removeSetting(
          WebAuthnService.WEB_AUTH_N_DEVICE_ID
        )
      )
    );
  }

  public login() {
    const deviceId = this.getDeviceId();
    return this.http
      .post<PublicKeyCredentialRequestOptionsJSON>(
        `/api/auth/webauthn/generate-assertion-options`,
        { deviceId }
      )
      .pipe(
        switchMap(startAuthentication),
        switchMap((assertionResponse) => {
          return this.http.post<{ authToken: string }>(
            `/api/auth/webauthn/verify-assertion`,
            {
              credential: assertionResponse,
              deviceId
            }
          );
        })
      );
  }

  private getDeviceId() {
    return this.settingsStorageService.getSetting(
      WebAuthnService.WEB_AUTH_N_DEVICE_ID
    );
  }
}
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`import { HttpClient } from '@angular/common/http';`
			`import { Injectable } from '@angular/core';`
			`import { AuthDeviceDto } from '@ghostfolio/api/app/auth-device/auth-device.dto';`
			`import {`
			`PublicKeyCredentialCreationOptionsJSON,`
			`PublicKeyCredentialRequestOptionsJSON`
			`} from '@ghostfolio/api/app/auth/interfaces/simplewebauthn';`
			`import { SettingsStorageService } from '@ghostfolio/client/services/settings-storage.service';`
Feature/upgrade simplewebauthn dependencies to version 4.1.0 (#365) * Upgrade @simplewebauthn dependencies to version 4.1.0 * @simplewebauthn/browser * @simplewebauthn/server * Update changelog 2021-09-11 21:23:06 +02:00			`import {`
			`startAuthentication,`
			`startRegistration`
			`} from '@simplewebauthn/browser';`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`import { of } from 'rxjs';`
			`import { catchError, switchMap, tap } from 'rxjs/operators';`

			`@Injectable({`
			`providedIn: 'root'`
			`})`
			`export class WebAuthnService {`
			`private static readonly WEB_AUTH_N_DEVICE_ID = 'WEB_AUTH_N_DEVICE_ID';`

			`public constructor(`
			`private http: HttpClient,`
			`private settingsStorageService: SettingsStorageService`
			`) {}`

			`public isSupported() {`
			`return typeof PublicKeyCredential !== 'undefined';`
			`}`

			`public isEnabled() {`
			`return !!this.getDeviceId();`
			`}`

			`public register() {`
			`return this.http`
			`.get<PublicKeyCredentialCreationOptionsJSON>(`
Feature/upgrade simplewebauthn dependencies to version 4.1.0 (#365) * Upgrade @simplewebauthn dependencies to version 4.1.0 * @simplewebauthn/browser * @simplewebauthn/server * Update changelog 2021-09-11 21:23:06 +02:00			`/api/auth/webauthn/generate-registration-options`,
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`{}`
			`)`
			`.pipe(`
			`catchError((error) => {`
			`console.warn('Could not register device', error);`
			`return of(null);`
			`}),`
			`switchMap((attOps) => {`
Feature/upgrade simplewebauthn dependencies to version 4.1.0 (#365) * Upgrade @simplewebauthn dependencies to version 4.1.0 * @simplewebauthn/browser * @simplewebauthn/server * Update changelog 2021-09-11 21:23:06 +02:00			`return startRegistration(attOps);`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`}),`
			`switchMap((attResp) => {`
			`return this.http.post<AuthDeviceDto>(`
			`/api/auth/webauthn/verify-attestation`,
			`{`
			`credential: attResp`
			`}`
			`);`
			`}),`
			`tap((authDevice) =>`
			`this.settingsStorageService.setSetting(`
			`WebAuthnService.WEB_AUTH_N_DEVICE_ID,`
			`authDevice.id`
			`)`
			`)`
			`);`
			`}`

			`public deregister() {`
			`const deviceId = this.getDeviceId();`
			return this.http.delete<AuthDeviceDto>(`/api/auth-device/${deviceId}`).pipe(
			`catchError((error) => {`
			console.warn(`Could not deregister device ${deviceId}`, error);
			`return of(null);`
			`}),`
			`tap(() =>`
			`this.settingsStorageService.removeSetting(`
			`WebAuthnService.WEB_AUTH_N_DEVICE_ID`
			`)`
			`)`
			`);`
			`}`

			`public login() {`
			`const deviceId = this.getDeviceId();`
			`return this.http`
			`.post<PublicKeyCredentialRequestOptionsJSON>(`
			`/api/auth/webauthn/generate-assertion-options`,
			`{ deviceId }`
			`)`
			`.pipe(`
Feature/upgrade simplewebauthn dependencies to version 4.1.0 (#365) * Upgrade @simplewebauthn dependencies to version 4.1.0 * @simplewebauthn/browser * @simplewebauthn/server * Update changelog 2021-09-11 21:23:06 +02:00			`switchMap(startAuthentication),`
Add webauthn (#82) * Add webauthn * Complete WebAuthn device sign up and login * Move device registration to account page * Replace the token login with a WebAuthn prompt if the current device has been registered * Mark the current device in the list of registered auth devices * Fix after rebase * Fix tests * Disable "Add current device" button if current device is registered * Add option to "Stay signed in" * Remove device list feature, sign in with deviceId instead * Improve usability * Update changelog Co-authored-by: Matthias Frey <mfrey43@gmail.com> Co-authored-by: Thomas <4159106+dtslvr@users.noreply.github.com> 2021-06-14 16:09:40 +02:00			`switchMap((assertionResponse) => {`
			`return this.http.post<{ authToken: string }>(`
			`/api/auth/webauthn/verify-assertion`,
			`{`
			`credential: assertionResponse,`
			`deviceId`
			`}`
			`);`
			`})`
			`);`
			`}`

			`private getDeviceId() {`
			`return this.settingsStorageService.getSetting(`
			`WebAuthnService.WEB_AUTH_N_DEVICE_ID`
			`);`
			`}`
			`}`