NotificationsYou must be signed in to change notification settings
Fork381
Star1.8k

Commit10c5b46

committed

passkey优化

1 parenta5f8d15 commit10c5b46Copy full SHA for 10c5b46

File tree

6 files changed

+91

-54

lines changed

maxkey-starter/maxkey-starter-passkey/src/main/java/org/dromara/maxkey/passkey/config
- PasskeyProperties.java
maxkey-web-frontend/maxkey-web-app/src
- app/routes/passport/login
  - login.component.html
  - login.component.ts
- style-icons-auto.ts
maxkey-webs/maxkey-web-maxkey/src/main
- java/org/dromara/maxkey/web/contorller
  - LoginEntryPoint.java
- resources
  - application-maxkey.properties

6 files changed

+91

-54

lines changed

`‎maxkey-starter/maxkey-starter-passkey/src/main/java/org/dromara/maxkey/passkey/config/PasskeyProperties.java‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`/**`
`22`	`22`	`* Passkey配置属性`
`23`	`23`	`*/`
`24`		`-@ConfigurationProperties(prefix ="maxkey.passkey")`
	`24`	`+@ConfigurationProperties(prefix ="maxkey.login.passkey")`
`25`	`25`	`publicclassPasskeyProperties {`
`26`	`26`
`27`	`27`	`/**`

`‎maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.html‎`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -101,12 +101,12 @@`
`101`	`101`	`{{ 'app.login.login' \| i18n }}`
`102`	`102`	`</button>`
`103`	`103`	`</nz-form-item>`
`104`		`-<nz-form-item*ngIf="loginType == 'normal'">`
`105`		`-<buttonnz-buttontype="button"nzType="default"nzSize="large"(click)="passkeyLogin()"nzBlock>`
`106`		`-<inz-iconnzType="safety-certificate"nzTheme="outline"></i>`
`107`		`-{{ 'mxk.login.passkey-login' \| i18n }}`
`108`		`-</button>`
`109`		`-</nz-form-item>`
	`104`	`+<nz-form-item*ngIf="passkeyEnabled">`
	`105`	`+<buttonnz-buttontype="button"nzType="default"nzSize="large"(click)="passkeyLogin()"nzBlock>`
	`106`	`+<inz-iconnzType="safety-certificate"nzTheme="outline"></i>`
	`107`	`+ {{ 'mxk.login.passkey-login' \| i18n }}`
	`108`	`+</button>`
	`109`	`+</nz-form-item>`
`110`	`110`	`</form>`
`111`	`111`	`<divclass="other"*ngIf="loginType == 'normal'">`
`112`	`112`	`{{ 'app.login.sign-in-with' \| i18n }}`

`‎maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts‎`

Lines changed: 70 additions & 43 deletions

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`56`	`56`	`loading=false;`
`57`	`57`	`passwordVisible=false;`
`58`	`58`	`qrexpire=false;`
	`59`	`+passkeyEnabled=false;`
	`60`	`+passkeyAllowedOrigins=[];`
`59`	`61`	`imageCaptcha='';`
`60`	`62`	`captchaType='';`
`61`	`63`	`state='';`
`@@ -136,6 +138,25 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`136`	`138`	`this.socials=res.data.socials;`
`137`	`139`	`this.state=res.data.state;`
`138`	`140`	`this.captchaType=res.data.captcha;`
	`141`	`+this.passkeyEnabled=res.data.passkeyEnabled;`
	`142`	`+this.passkeyAllowedOrigins=res.data.passkeyAllowedOrigins;`
	`143`	`+letpasskeyAllowedOriginsMatch=false;`
	`144`	`+for(letallowedOriginofthis.passkeyAllowedOrigins){`
	`145`	+console.log(`passkey allowedOrigin${allowedOrigin}`);
	`146`	+console.log(`location${window.location.href}`);
	`147`	`+if(`
	`148`	`+window.location.href.startsWith('http://localhost')\|\|`
	`149`	`+(window.location.href.startsWith('https')&&window.location.href.indexOf(allowedOrigin)>-1)`
	`150`	`+){`
	`151`	`+console.log(window.location.href.indexOf(allowedOrigin)>-1);`
	`152`	`+passkeyAllowedOriginsMatch=true;`
	`153`	`+}`
	`154`	`+}`
	`155`	`+if(window.PublicKeyCredential&&this.passkeyEnabled&&passkeyAllowedOriginsMatch){`
	`156`	`+this.passkeyEnabled=true;`
	`157`	`+}else{`
	`158`	`+this.passkeyEnabled=false;`
	`159`	`+}`
`139`	`160`	`if(this.captchaType==='NONE'){`
`140`	`161`	`//清除校验规则`
`141`	`162`	`this.form.get('captcha')?.clearValidators();`
`@@ -508,7 +529,7 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`508`	`529`	`asyncpasskeyLogin():Promise<void>{`
`509`	`530`	`console.log('=== PASSKEY LOGIN DEBUG START ===');`
`510`	`531`	`console.log('Passkey usernameless login clicked at:',newDate().toISOString());`
`511`		`-`
	`532`	`+`
`512`	`533`	`try{`
`513`	`534`	`// 检查浏览器是否支持 WebAuthn`
`514`	`535`	`if(!window.PublicKeyCredential){`
`@@ -520,7 +541,7 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`520`	`541`
`521`	`542`	`this.loading=true;`
`522`	`543`	`this.cdr.detectChanges();`
`523`		`-`
	`544`	`+`
`524`	`545`	`// 1. 调用后端 API 获取认证选项（不传递任何用户信息）`
`525`	`546`	`console.log('Step 1: Requesting authentication options from backend...');`
`526`	`547`	`letauthOptionsResponse;`
`@@ -535,47 +556,51 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`535`	`556`	`}elseif(httpError.message){`
`536`	`557`	`errorMessage=httpError.message;`
`537`	`558`	`}`
`538`		`-`
	`559`	`+`
`539`	`560`	`// 检查是否是没有注册 Passkey 的错误`
`540`		`-if(errorMessage.includes('没有注册任何 Passkey')\|\|`
`541`		`-errorMessage.includes('No Passkeys registered')\|\|`
`542`		`-errorMessage.includes('还没有注册任何 Passkey')\|\|`
`543`		`-errorMessage.includes('系统中还没有注册任何 Passkey')){`
	`561`	`+if(`
	`562`	`+errorMessage.includes('没有注册任何 Passkey')\|\|`
	`563`	`+errorMessage.includes('No Passkeys registered')\|\|`
	`564`	`+errorMessage.includes('还没有注册任何 Passkey')\|\|`
	`565`	`+errorMessage.includes('系统中还没有注册任何 Passkey')`
	`566`	`+){`
`544`	`567`	`// 直接显示友好提示并返回，不抛出错误避免被全局拦截器捕获`
`545`	`568`	`this.msg.warning('还未注册 Passkey，请注册 Passkey');`
`546`	`569`	`console.log('=== PASSKEY LOGIN DEBUG END ===');`
`547`	`570`	`return;`
`548`	`571`	`}`
`549`	`572`	`thrownewError(errorMessage);`
`550`	`573`	`}`
`551`		`-`
	`574`	`+`
`552`	`575`	`console.log('Backend auth options response:',authOptionsResponse);`
`553`		`-`
	`576`	`+`
`554`	`577`	`if(!authOptionsResponse\|\|authOptionsResponse.code!==0){`
`555`	`578`	`console.error('Failed to get auth options:',authOptionsResponse);`
`556`	`579`	`// 检查是否是没有注册 Passkey 的错误`
`557`	`580`	`consterrorMessage=authOptionsResponse?.message\|\|'获取认证选项失败';`
`558`		`-if(errorMessage.includes('没有注册任何 Passkey')\|\|`
`559`		`-errorMessage.includes('No Passkeys registered')\|\|`
`560`		`-errorMessage.includes('还没有注册任何 Passkey')\|\|`
`561`		`-errorMessage.includes('系统中还没有注册任何 Passkey')){`
	`581`	`+if(`
	`582`	`+errorMessage.includes('没有注册任何 Passkey')\|\|`
	`583`	`+errorMessage.includes('No Passkeys registered')\|\|`
	`584`	`+errorMessage.includes('还没有注册任何 Passkey')\|\|`
	`585`	`+errorMessage.includes('系统中还没有注册任何 Passkey')`
	`586`	`+){`
`562`	`587`	`// 直接显示友好提示并返回，不抛出错误避免被全局拦截器捕获`
`563`	`588`	`this.msg.warning('还未注册 Passkey，请注册 Passkey');`
`564`	`589`	`console.log('=== PASSKEY LOGIN DEBUG END ===');`
`565`	`590`	`return;`
`566`	`591`	`}`
`567`	`592`	`thrownewError(errorMessage);`
`568`	`593`	`}`
`569`		`-`
	`594`	`+`
`570`	`595`	`constauthOptions=authOptionsResponse.data;`
`571`	`596`	`console.log('Auth options received:',authOptions);`
`572`		`-`
	`597`	`+`
`573`	`598`	`// 检查返回的数据是否有效`
`574`	`599`	`if(!authOptions\|\|!authOptions.challenge){`
`575`	`600`	`console.error('Invalid auth options:',authOptions);`
`576`	`601`	`thrownewError('服务器返回的认证选项无效');`
`577`	`602`	`}`
`578`		`-`
	`603`	`+`
`579`	`604`	`// 2. 转换认证选项格式`
`580`	`605`	`console.log('Step 2: Converting authentication options...');`
`581`	`606`	`constconvertedOptions:PublicKeyCredentialRequestOptions={`
`@@ -596,30 +621,30 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`596`	`621`	`// 3. 调用 WebAuthn API 进行认证`
`597`	`622`	`console.log('Step 3: Calling WebAuthn API navigator.credentials.get()...');`
`598`	`623`	`console.log('Available authenticators will be queried automatically');`
`599`		`-`
`600`		`-constcredential=awaitnavigator.credentials.get({`
	`624`	`+`
	`625`	`+constcredential=(awaitnavigator.credentials.get({`
`601`	`626`	`publicKey:convertedOptions`
`602`		`-})asPublicKeyCredential;`
	`627`	`+}))asPublicKeyCredential;`
`603`	`628`
`604`	`629`	`if(!credential){`
`605`	`630`	`console.error('No credential returned from WebAuthn API');`
`606`	`631`	`thrownewError('认证失败');`
`607`	`632`	`}`
`608`		`-`
	`633`	`+`
`609`	`634`	`console.log('=== CREDENTIAL DEBUG INFO ===');`
`610`	`635`	`console.log('Credential ID:',credential.id);`
`611`	`636`	`console.log('Credential ID length:',credential.id.length);`
`612`	`637`	`console.log('Credential type:',credential.type);`
`613`	`638`	`console.log('Credential rawId length:',credential.rawId.byteLength);`
`614`	`639`	`console.log('Credential rawId as base64:',this.arrayBufferToBase64(credential.rawId));`
`615`		`-`
	`640`	`+`
`616`	`641`	`// 验证 credential.id 和 rawId 的一致性`
`617`	`642`	`constrawIdBase64=this.arrayBufferToBase64(credential.rawId);`
`618`	`643`	`console.log('ID consistency check:');`
`619`	`644`	`console.log(' credential.id:',credential.id);`
`620`	`645`	`console.log(' rawId as base64:',rawIdBase64);`
`621`	`646`	`console.log(' IDs match:',credential.id===rawIdBase64);`
`622`		`-`
	`647`	`+`
`623`	`648`	`constcredentialResponse=credential.responseasAuthenticatorAssertionResponse;`
`624`	`649`	`console.log('Authenticator response type:',credentialResponse.constructor.name);`
`625`	`650`	`console.log('User handle:',credentialResponse.userHandle ?this.arrayBufferToBase64(credentialResponse.userHandle) :'null');`
`@@ -644,10 +669,10 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`644`	`669`	`signatureLength:requestPayload.signature.length,`
`645`	`670`	`userHandle:requestPayload.userHandle`
`646`	`671`	`});`
`647`		`-`
	`672`	`+`
`648`	`673`	`constfinishResponse=awaitthis.http.post<any>('/passkey/authentication/finish?_allow_anonymous=true',requestPayload).toPromise();`
`649`	`674`	`console.log('Backend finish response:',finishResponse);`
`650`		`-`
	`675`	`+`
`651`	`676`	`if(!finishResponse\|\|finishResponse.code!==0){`
`652`	`677`	`console.error('Backend verification failed:',finishResponse);`
`653`	`678`	`thrownewError(finishResponse?.message\|\|'Passkey认证失败');`
`@@ -657,13 +682,13 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`657`	`682`	`console.log('Step 5: Authentication successful, setting user info...');`
`658`	`683`	`constauthResult=finishResponse.data;`
`659`	`684`	`console.log('Auth result received:',authResult);`
`660`		`-`
	`685`	`+`
`661`	`686`	this.msg.success(`Passkey 登录成功！欢迎${authResult.username\|\|'用户'}`);
`662`		`-`
	`687`	`+`
`663`	`688`	`// 清空路由复用信息`
`664`	`689`	`console.log('Clearing reuse tab service...');`
`665`	`690`	`this.reuseTabService.clear();`
`666`		`-`
	`691`	`+`
`667`	`692`	`// 设置用户Token信息`
`668`	`693`	`if(authResult&&authResult.userId){`
`669`	`694`	`console.log('Valid auth result with userId:',authResult.userId);`
`@@ -684,12 +709,12 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`684`	`709`	`passwordSetType:authResult.passwordSetType\|\|'normal',`
`685`	`710`	`authorities:authResult.authorities\|\|[]`
`686`	`711`	`};`
`687`		`-`
	`712`	`+`
`688`	`713`	`console.log('Setting auth info:',userInfo);`
`689`		`-`
	`714`	`+`
`690`	`715`	`// 设置认证信息`
`691`	`716`	`this.authnService.auth(userInfo);`
`692`		`-`
	`717`	`+`
`693`	`718`	`// 使用 navigate 方法进行跳转，它会处理 StartupService 的重新加载`
`694`	`719`	`console.log('Navigating with auth result...');`
`695`	`720`	`this.authnService.navigate(authResult);`
`@@ -698,28 +723,30 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`698`	`723`	`console.error('Invalid auth result - missing userId:',authResult);`
`699`	`724`	`thrownewError('认证成功但用户数据无效');`
`700`	`725`	`}`
`701`		`-`
`702`	`726`	`}catch(error:any){`
`703`	`727`	`console.error('=== PASSKEY LOGIN ERROR ===');`
`704`	`728`	`console.error('Error type:',error.constructor.name);`
`705`	`729`	`console.error('Error message:',error.message);`
`706`	`730`	`console.error('Error stack:',error.stack);`
`707`	`731`	`console.error('Full error object:',error);`
`708`		`-`
	`732`	`+`
`709`	`733`	`// 检查是否是没有注册 Passkey 的错误`
`710`		`-if(error.message&&(error.message.includes('PASSKEY_NOT_REGISTERED')\|\|`
`711`		`-error.message.includes('没有找到可用的凭据')\|\|`
`712`		`-error.message.includes('No credentials available')\|\|`
`713`		`-error.message.includes('用户未注册')\|\|`
`714`		`-error.message.includes('credential not found')\|\|`
`715`		`-error.message.includes('没有注册任何 Passkey')\|\|`
`716`		`-error.message.includes('No Passkeys registered')\|\|`
`717`		`-error.message.includes('还没有注册任何 Passkey'))){`
	`734`	`+if(`
	`735`	`+error.message&&`
	`736`	`+(error.message.includes('PASSKEY_NOT_REGISTERED')\|\|`
	`737`	`+error.message.includes('没有找到可用的凭据')\|\|`
	`738`	`+error.message.includes('No credentials available')\|\|`
	`739`	`+error.message.includes('用户未注册')\|\|`
	`740`	`+error.message.includes('credential not found')\|\|`
	`741`	`+error.message.includes('没有注册任何 Passkey')\|\|`
	`742`	`+error.message.includes('No Passkeys registered')\|\|`
	`743`	`+error.message.includes('还没有注册任何 Passkey'))`
	`744`	`+){`
`718`	`745`	`this.msg.warning('还未注册 Passkey，请注册 Passkey');`
`719`	`746`	`console.log('=== PASSKEY LOGIN DEBUG END ===');`
`720`	`747`	`return;`
`721`	`748`	`}`
`722`		`-`
	`749`	`+`
`723`	`750`	`// 如果是 WebAuthn 相关错误，提供更详细的信息`
`724`	`751`	`if(error.name){`
`725`	`752`	`console.error('WebAuthn error name:',error.name);`
`@@ -747,10 +774,10 @@ export class UserLoginComponent implements OnInit, OnDestroy {`
`747`	`774`	`break;`
`748`	`775`	`default:`
`749`	`776`	`console.error('Unknown WebAuthn error');`
`750`		`-this.msg.error('Passkey 登录失败：'+(error.message\|\|'请重试或使用其他登录方式'));`
	`777`	+this.msg.error(`Passkey 登录失败：${error.message\|\|'请重试或使用其他登录方式'}`);
`751`	`778`	`}`
`752`	`779`	`}else{`
`753`		`-this.msg.error('Passkey 登录失败：'+(error.message\|\|'请重试或使用其他登录方式'));`
	`780`	+this.msg.error(`Passkey 登录失败：${error.message\|\|'请重试或使用其他登录方式'}`);
`754`	`781`	`}`
`755`	`782`	`console.log('=== PASSKEY LOGIN DEBUG END ===');`
`756`	`783`	`}finally{`

`‎maxkey-web-frontend/maxkey-web-app/src/style-icons-auto.ts‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -107,6 +107,8 @@ import {`
`107`	`107`	`FileProtectOutline,`
`108`	`108`	`HistoryOutline,`
`109`	`109`	`UserAddOutline,`
	`110`	`+SafetyCertificateOutline,`
	`111`	`+PlusCircleOutline,`
`110`	`112`	`AuditOutline`
`111`	`113`	`}from'@ant-design/icons-angular/icons';`
`112`	`114`	`import{QR_DEFULAT_CONFIG}from'@delon/abc/qr';`
`@@ -199,5 +201,7 @@ export const ICONS_AUTO = [`
`199`	`201`	`FileProtectOutline,`
`200`	`202`	`HistoryOutline,`
`201`	`203`	`UserAddOutline,`
	`204`	`+SafetyCertificateOutline,`
	`205`	`+PlusCircleOutline,`
`202`	`206`	`AuditOutline`
`203`	`207`	`];`

`‎maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@`
`33`	`33`	`importorg.dromara.maxkey.constants.ConstsLoginType;`
`34`	`34`	`importorg.dromara.maxkey.entity.*;`
`35`	`35`	`importorg.dromara.maxkey.entity.idm.UserInfo;`
	`36`	`+importorg.dromara.maxkey.passkey.config.PasskeyProperties;`
`36`	`37`	`importorg.dromara.maxkey.password.onetimepwd.AbstractOtpAuthn;`
`37`	`38`	`importorg.dromara.maxkey.password.sms.SmsOtpAuthnService;`
`38`	`39`	`importorg.dromara.maxkey.persistence.service.SocialsAssociatesService;`
`@@ -72,6 +73,9 @@ public class LoginEntryPoint {`
`72`	`73`
`73`	`74`	`@Autowired`
`74`	`75`	`ApplicationConfigapplicationConfig;`
	`76`	`+`
	`77`	`+@Autowired`
	`78`	`+PasskeyPropertiespasskeyProperties;`
`75`	`79`
`76`	`80`	`@Autowired`
`77`	`81`	`AbstractAuthenticationProviderauthenticationProvider ;`
`@@ -134,6 +138,8 @@ public Message<?> get(@RequestParam(value = "remember_me", required = false) Str`
`134`	`138`	`model.put("otpType",tfaOtpAuthn.getOtpType());`
`135`	`139`	`model.put("otpInterval",tfaOtpAuthn.getInterval());`
`136`	`140`	`}`
	`141`	`+model.put("passkeyEnabled",passkeyProperties.isEnabled());`
	`142`	`+model.put("passkeyAllowedOrigins",passkeyProperties.getRelyingParty().getAllowedOrigins());`
`137`	`143`
`138`	`144`	`if(applicationConfig.getLoginConfig().isKerberos()){`
`139`	`145`	`model.put("userDomainUrlJson",kerberosService.buildKerberosProxys());`

`‎maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -90,10 +90,10 @@ maxkey.notices.visible =false`
`90`	`90`	`############################################################################`
`91`	`91`	`# Passkey Configuration #`
`92`	`92`	`############################################################################`
`93`		`-maxkey.passkey.enabled=true`
`94`		`-maxkey.passkey.relying-party.name=MaxKey`
`95`		`-maxkey.passkey.relying-party.id=localhost`
`96`		`-maxkey.passkey.relying-party.allowed-origins=http://localhost:8527,http://localhost:8080,http://localhost`
	`93`	`+maxkey.login.passkey.enabled=true`
	`94`	`+maxkey.login.passkey.relying-party.name=MaxKey`
	`95`	`+maxkey.login.passkey.relying-party.id=localhost`
	`96`	`+maxkey.login.passkey.relying-party.allowed-origins=http://localhost`
`97`	`97`	`############################################################################`
`98`	`98`	`#ssl configuration #`
`99`	`99`	`############################################################################`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit10c5b46

File tree

6 files changed

6 files changed

`‎maxkey-starter/maxkey-starter-passkey/src/main/java/org/dromara/maxkey/passkey/config/PasskeyProperties.java‎`

`‎maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.html‎`

`‎maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts‎`

`‎maxkey-web-frontend/maxkey-web-app/src/style-icons-auto.ts‎`

`‎maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java‎`

`‎maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties‎`

0 commit comments