diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f3aaf432e239f..515ec79e526ed 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -50,3 +50,10 @@ build/media_source/*/js/* @wilsonge plugins/system/httpheaders/* @zero-24 administrator/components/com_csp/* @zero-24 components/com_csp/* @zero-24 + +# Web Authentication (WebAuthn) + +plugins/system/webauthn/* @nikosdion +media/plg_system_webauthn/* @nikosdion +language/administrator/en-GB/en-GB.plg_system_webauthn.ini @nikosdion +language/administrator/en-GB/en-GB.plg_system_webauthn.sys.ini @nikosdion diff --git a/.gitignore b/.gitignore index 89f7804d40967..ee85aa319e20d 100644 --- a/.gitignore +++ b/.gitignore @@ -101,3 +101,6 @@ RoboFile.ini # Media Manager /media/com_media/js/mediamanager.min.js.map /media/com_media/css/mediamanager.min.css.map + +# Web Authentication plugin +!/build/media_source/plg_system_webauthn/js/*.es6.js diff --git a/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-02.sql b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-02.sql new file mode 100644 index 0000000000000..4cf70da3dffb4 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/mysql/4.0.0-2019-07-02.sql @@ -0,0 +1,14 @@ +CREATE TABLE IF NOT EXISTS `#__webauthn_credentials` +( + `id` VARCHAR(1000) NOT NULL COMMENT 'Credential ID', + `user_id` VARCHAR(128) NOT NULL COMMENT 'User handle', + `label` VARCHAR(190) NOT NULL COMMENT 'Human readable label', + `credential` MEDIUMTEXT NOT NULL COMMENT 'Credential source data, JSON format', + PRIMARY KEY (`id`(100)), + INDEX (`user_id`(100)) +) ENGINE = InnoDB + DEFAULT CHARSET = utf8mb4 + DEFAULT COLLATE = utf8mb4_unicode_ci; + +INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`, `client_id`, `enabled`, `access`, `protected`, `manifest_cache`, `params`, `checked_out`, `checked_out_time`, `ordering`, `state`) VALUES +(0, 'plg_system_webauthn', 'plugin', 'webauthn', 'system', 0, 1, 1, 0, '', '{}', 0, '0000-00-00 00:00:00', 0, 0); diff --git a/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-02.sql b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-02.sql new file mode 100644 index 0000000000000..f3b8c2402776c --- /dev/null +++ b/administrator/components/com_admin/sql/updates/postgresql/4.0.0-2019-07-02.sql @@ -0,0 +1,13 @@ +CREATE TABLE IF NOT EXISTS "#__webauthn_credentials" +( + "id" varchar(1000) NOT NULL, + "user_id" varchar(128) NOT NULL, + "label" varchar(190) NOT NULL, + "credential" TEXT NOT NULL, + PRIMARY KEY ("id") +); + +CREATE INDEX "#__webauthn_credentials_user_id" ON "#__webauthn_credentials" ("user_id"); + +INSERT INTO "#__extensions" ("package_id", "name", "type", "element", "folder", "client_id", "enabled", "access", "protected", "manifest_cache", "params", "checked_out", "checked_out_time", "ordering", "state") VALUES +(0, 'plg_system_webauthn', 'plugin', 'webauthn', 'system', 0, 1, 1, 0, '', '{}', 0, '1970-01-01 00:00:00', 8, 0); diff --git a/administrator/language/en-GB/en-GB.plg_system_webauthn.ini b/administrator/language/en-GB/en-GB.plg_system_webauthn.ini new file mode 100644 index 0000000000000..57ea022d85be4 --- /dev/null +++ b/administrator/language/en-GB/en-GB.plg_system_webauthn.ini @@ -0,0 +1,46 @@ +; Joomla! Project +; Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved. +; License GNU General Public License version 2 or later; see LICENSE.txt, see LICENSE.php +; Note : All ini files need to be saved as UTF-8 + +PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login" +PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API." + +PLG_SYSTEM_WEBAUTHN_LOGIN_LABEL="Web Authentication" +PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the W3C Web Authentication (WebAuthn) standard in compatible browsers. You need to have already set up WebAuthn authentication in your user profile." + +PLG_SYSTEM_WEBAUTHN_HEADER="W3C Web Authentication (WebAuthn) Login" +PLG_SYSTEM_WEBAUTHN_FIELD_LABEL="W3C Web Authentication (WebAuthn) Login" +PLG_SYSTEM_WEBAUTHN_FIELD_DESC="Lets you manage passwordless login methods using the W3C Web Authentication standard. You need a supported browser and authenticator (e.g. Google Chrome or Firefox with a FIDO2 certified security key)." + +PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Authenticator name" +PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_DESC="A short name for the authenticator used with this passwordless login method." +PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_NOMETHODS_LABEL="No authenticators have been set up yet." +PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_ACTIONS_LABEL="Actions" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_DELETE_LABEL="Remove" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_EDIT_LABEL="Edit name" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_ADD_LABEL="Add new authenticator" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_SAVE_LABEL="Save" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_CANCEL_LABEL="Cancel" + +PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR_LABEL="Authenticator added on %s" + +PLG_SYSTEM_WEBAUTHN_MSG_SAVED_LABEL="The label has been saved successfully." +PLG_SYSTEM_WEBAUTHN_MSG_DELETED="The authenticator has been removed successfully." + +PLG_SYSTEM_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="Cannot find the stored credentials for your login authenticator." +PLG_SYSTEM_WEBAUTHN_ERR_CORRUPT_STORED_CREDENTIAL="The stored credentials are corrupt for your user account. Log in using another method, then remove and add again your login authenticator." +PLG_SYSTEM_WEBAUTHN_ERR_CANT_STORE_FOR_GUEST="Cannot possibly store credentials for Guest user!" +PLG_SYSTEM_WEBAUTHN_ERR_CREDENTIAL_ID_ALREADY_IN_USE="Cannot save credentials. These credentials are already being used by a different user." +PLG_SYSTEM_WEBAUTHN_ERR_USER_REMOVED="The user for this authenticator seems to no longer exist on this site." +PLG_SYSTEM_WEBAUTHN_ERR_NO_BROWSER_SUPPORT="Sorry, your browser does not support the W3C Web Authentication standard for passwordless logins. You will need to log into this site using your username and password." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for authenticator registration but somehow received an authenticator registration request from the browser. This means that someone tried to hack you or something is broken." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_PK="The authenticator registration has failed. The authenticator response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passwordless authentication tokens on behalf of another user." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your authenticator." +PLG_SYSTEM_WEBAUTHN_ERR_LABEL_NOT_SAVED="Could not save the new label" +PLG_SYSTEM_WEBAUTHN_ERR_NOT_DELETED="Could not remove the authenticator" +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_LOGIN_REQUEST="Invalid passwordless login request. Something is broken or this is an attempt to hack the site." +PLG_SYSTEM_WEBAUTHN_ERR_CANNOT_FIND_USERNAME="Cannot find the username field in the login module. Sorry, Passwordless authentication will not work on this site unless you use a different login module." +PLG_SYSTEM_WEBAUTHN_ERR_EMPTY_USERNAME="You need to enter your username (but NOT your password) before clicking the Passwordless Login button." +PLG_SYSTEM_WEBAUTHN_ERR_INVALID_USERNAME="The specified username does not correspond to a user account that has enabled passwordless login on this site." diff --git a/administrator/language/en-GB/en-GB.plg_system_webauthn.sys.ini b/administrator/language/en-GB/en-GB.plg_system_webauthn.sys.ini new file mode 100644 index 0000000000000..4be68e3ed6857 --- /dev/null +++ b/administrator/language/en-GB/en-GB.plg_system_webauthn.sys.ini @@ -0,0 +1,7 @@ +; Joomla! Project +; Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved. +; License GNU General Public License version 2 or later; see LICENSE.txt, see LICENSE.php +; Note : All ini files need to be saved as UTF-8 + +PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login" +PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API." diff --git a/administrator/modules/mod_login/mod_login.php b/administrator/modules/mod_login/mod_login.php index 53445e1b0f54e..23d407779b1b6 100644 --- a/administrator/modules/mod_login/mod_login.php +++ b/administrator/modules/mod_login/mod_login.php @@ -15,6 +15,7 @@ $langs = LoginHelper::getLanguageList(); $twofactormethods = AuthenticationHelper::getTwoFactorMethods(); +$extraButtons = AuthenticationHelper::getLoginButtons('form-login'); $return = LoginHelper::getReturnUri(); require ModuleHelper::getLayoutPath('mod_login', $params->get('layout', 'default')); diff --git a/administrator/modules/mod_login/tmpl/default.php b/administrator/modules/mod_login/tmpl/default.php index 16fcc38bf42ce..36c61a791e36a 100644 --- a/administrator/modules/mod_login/tmpl/default.php +++ b/administrator/modules/mod_login/tmpl/default.php @@ -96,6 +96,25 @@ class="form-control input-full" + +