Fork upstream WebAuthn provider #134
Conversation
iandunn
force-pushed
the
webauthn-provider
branch
from
3d26028
to
07457e6
Compare
iandunn
force-pushed
the
webauthn-provider
branch
from
07457e6
to
7672929
Compare
This will give us a starting point for our version of the provider. The files were copied verbatim, and then minor changes were made to adjust file paths etc and get it working in this plugin. Future commits will swap in the MadWizard library, and make other changes to fit w.org needs. Co-Authored-By: mcguffin <[email protected]>
|
Anything in particular we should be looking for or paying attention to. I don't have a suitable device to test with, but unsure if that is necessary? |
|
I tested by registering 2 keys, making sure the "test" button worked for each, and that I could log in with each, and then deleting the keys. I also tested the interim login modal. IMO the most important thing at this phase is identifying any significant code changes that we'll want to make to the provider itself (not its libraries). If you look through the code in the files mentioned above, and note any red flags, that'd be really helpful! |
|
You may be able to use a software key to test with, but I'd recommend expensing a Yubikey or something similar. |
Without it, tests will fail incorrectly in local environments.
otherwise get `Uncaught Error: Class "Two_Factor_Provider" not found in wp-content/plugins/wporg-two-factor/providers/webauthn/class-two-factor-webauthn.php:11`
Should have one tomorrow, so will be able to test this then. |
|
Moving this back to a draft because integrating this and #146 is turning out to be more time consuming that I hoped. I'm going to try another approach instead. |
|
I didn't test this PR, as it's moved back to draft - had a quick skim of the code and nothing stood out. |
See #114
This forks the provider from WordPress/two-factor#427 as starting point for our customized version of it. More work will be needed to close that issue, but I'm planning to do it across several PRs to keep it manageable.
This one just forks the upstream PR and gets it working inside our plugin. Future PRs will migrate to the MadWizard library, remove abstractions, increase test coverage, and make other changes to fit w.org's needs. After we refine everything, we can eventually contribute it upstream as an alternate proposal.
A lot of this will be removed or changed significantly in the following PRs, so the only parts that are really worth reviewing are:
phpunit.xml.distwporg-two-factor.phpproviders/webauthn/class-two-factor-webauthn.phpproviders/webauthn/webauthn-admin.jsproviders/webauthn/webauthn-login.jsproviders/webauthn/webauthn-login.js