@micha.bigler/ui-core-micha 1.4.32 → 1.4.34

package/dist/utils/authService.js

@@ -1,7 +1,9 @@
-// src/utils/authService.js
-import { getPasskeyRegistrationOptions, completePasskeyRegistration, getPasskeyLoginOptions, completePasskeyLogin, fetchCurrentUser } from '../auth/authApi';
+import { getPasskeyRegistrationOptions, completePasskeyRegistration, getPasskeyLoginOptions, completePasskeyLogin, fetchCurrentUser, authenticateWithMFA } from '../auth/authApi';
 import { ensureWebAuthnSupport, serializeCredential } from '../utils/webauthn';
 import { normaliseApiError } from '../utils/auth-errors';
+import apiClient from '../auth/apiClient';
+// Falls du die Konstanten importieren möchtest, um Hardcoding zu vermeiden:
+import { HEADLESS_BASE } from '../auth/authConfig';
 export async function registerPasskey(name = 'Passkey') {
     ensureWebAuthnSupport();
     // 1. Get Options from Server
@@ -9,11 +11,9 @@ export async function registerPasskey(name = 'Passkey') {
     // 2. Call Browser API
     let credential;
     try {
-        // Note: Parse JSON to Options needs a helper if creationOptions is raw JSON strings
-        // modern browsers/allauth usually provide correct types, but check your library version
-        // For standard Allauth headless, you might need window.PublicKeyCredential.parseCreationOptionsFromJSON
-        const pubKey = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
-        credential = await navigator.credentials.create({ publicKey: pubKey });
+        const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
+        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        credential = await navigator.credentials.create({ publicKey: publicKeyOptions });
     }
     catch (err) {
         if (err.name === 'NotAllowedError') {
@@ -27,19 +27,19 @@ export async function registerPasskey(name = 'Passkey') {
 }
 export async function loginWithPasskey() {
     ensureWebAuthnSupport();
-    // 1. Get Challenge (für passwordless Login)
+    // 1. Get Challenge
     const requestOptions = await getPasskeyLoginOptions();
     // 2. Browser Sign
     let assertion;
     try {
-        const pubKey = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        assertion = await navigator.credentials.get({ publicKey: pubKey });
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
+        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     }
     catch (err) {
         if (err.name === 'NotAllowedError') {
             throw normaliseApiError(new Error('Auth.PASSKEY_CANCELLED'), 'Auth.PASSKEY_CANCELLED');
         }
-        // Wenn der Browser sagt "No credentials found", werfen wir das weiter
         throw err;
     }
     // 3. Complete
@@ -48,10 +48,48 @@ export async function loginWithPasskey() {
     // 4. Reload User
     return fetchCurrentUser();
 }
+/**
+ * WebAuthn als 2. Faktor nutzen (wenn Passwort schon eingegeben wurde).
+ */
+export async function authenticateMfaWithPasskey() {
+    var _a;
+    ensureWebAuthnSupport();
+    let requestOptions;
+    try {
+        // Nutze HEADLESS_BASE falls verfügbar, sonst den Pfad
+        const url = typeof HEADLESS_BASE !== 'undefined'
+            ? `${HEADLESS_BASE}/auth/2fa/authenticate`
+            : '/api/auth/browser/v1/auth/2fa/authenticate';
+        const res = await apiClient.get(url);
+        const data = ((_a = res.data) === null || _a === void 0 ? void 0 : _a.data) || res.data;
+        requestOptions = data.request_options || data;
+    }
+    catch (err) {
+        throw normaliseApiError(err, 'Auth.MFA_CHALLENGE_FAILED');
+    }
+    if (!requestOptions) {
+        throw new Error('No WebAuthn challenge received for MFA.');
+    }
+    // 2. Browser Sign
+    let assertion;
+    try {
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
+        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
+    }
+    catch (err) {
+        if (err.name === 'NotAllowedError') {
+            throw normaliseApiError(new Error('Auth.PASSKEY_CANCELLED'), 'Auth.PASSKEY_CANCELLED');
+        }
+        throw err;
+    }
+    // 3. Authenticate via existing API function
+    const credentialJson = serializeCredential(assertion);
+    return authenticateWithMFA({ credential: credentialJson });
+}
 export function startSocialLogin(provider) {
     if (typeof window === 'undefined') {
         throw normaliseApiError(new Error('Auth.SOCIAL_LOGIN_NOT_IN_BROWSER'), 'Auth.SOCIAL_LOGIN_NOT_IN_BROWSER');
     }
-    // Browser-Redirect ist ein Side-Effect -> Service Layer
     window.location.href = `/accounts/${provider}/login/?process=login`;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@micha.bigler/ui-core-micha",
-  "version": "1.4.32",
+  "version": "1.4.34",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "private": false,

package/src/utils/authService.js

@@ -1,11 +1,20 @@
-// src/utils/authService.js
-import { getPasskeyRegistrationOptions, completePasskeyRegistration, getPasskeyLoginOptions, completePasskeyLogin, fetchCurrentUser } from '../auth/authApi';
+import { 
+  getPasskeyRegistrationOptions, 
+  completePasskeyRegistration, 
+  getPasskeyLoginOptions, 
+  completePasskeyLogin, 
+  fetchCurrentUser,
+  authenticateWithMFA 
+} from '../auth/authApi';
 
 import { 
     ensureWebAuthnSupport, 
     serializeCredential 
 } from '../utils/webauthn';
 import { normaliseApiError } from '../utils/auth-errors';
+import apiClient from '../auth/apiClient';
+// Falls du die Konstanten importieren möchtest, um Hardcoding zu vermeiden:
+import { HEADLESS_BASE } from '../auth/authConfig'; 
 
 export async function registerPasskey(name = 'Passkey') {
   ensureWebAuthnSupport();
@@ -16,11 +25,9 @@ export async function registerPasskey(name = 'Passkey') {
   // 2. Call Browser API
   let credential;
   try {
-      // Note: Parse JSON to Options needs a helper if creationOptions is raw JSON strings
-      // modern browsers/allauth usually provide correct types, but check your library version
-      // For standard Allauth headless, you might need window.PublicKeyCredential.parseCreationOptionsFromJSON
-      const pubKey = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
-      credential = await navigator.credentials.create({ publicKey: pubKey });
+      const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
+      // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+      credential = await navigator.credentials.create({ publicKey: publicKeyOptions });
   } catch (err) {
       if (err.name === 'NotAllowedError') {
           throw normaliseApiError(new Error('Auth.PASSKEY_CANCELLED'), 'Auth.PASSKEY_CANCELLED');
@@ -36,19 +43,19 @@ export async function registerPasskey(name = 'Passkey') {
 export async function loginWithPasskey() {
     ensureWebAuthnSupport();
     
-    // 1. Get Challenge (für passwordless Login)
+    // 1. Get Challenge
     const requestOptions = await getPasskeyLoginOptions();
     
     // 2. Browser Sign
     let assertion;
     try {
-        const pubKey = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        assertion = await navigator.credentials.get({ publicKey: pubKey });
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
+        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     } catch (err) {
          if (err.name === 'NotAllowedError') {
             throw normaliseApiError(new Error('Auth.PASSKEY_CANCELLED'), 'Auth.PASSKEY_CANCELLED');
          }
-         // Wenn der Browser sagt "No credentials found", werfen wir das weiter
          throw err;
     }
 
@@ -59,6 +66,49 @@ export async function loginWithPasskey() {
     // 4. Reload User
     return fetchCurrentUser();
 }
+
+/**
+ * WebAuthn als 2. Faktor nutzen (wenn Passwort schon eingegeben wurde).
+ */
+export async function authenticateMfaWithPasskey() {
+    ensureWebAuthnSupport();
+
+    let requestOptions;
+    try {
+        // Nutze HEADLESS_BASE falls verfügbar, sonst den Pfad
+        const url = typeof HEADLESS_BASE !== 'undefined' 
+            ? `${HEADLESS_BASE}/auth/2fa/authenticate`
+            : '/api/auth/browser/v1/auth/2fa/authenticate';
+
+        const res = await apiClient.get(url);
+        const data = res.data?.data || res.data;
+        requestOptions = data.request_options || data;
+    } catch (err) {
+        throw normaliseApiError(err, 'Auth.MFA_CHALLENGE_FAILED');
+    }
+
+    if (!requestOptions) {
+        throw new Error('No WebAuthn challenge received for MFA.');
+    }
+
+    // 2. Browser Sign
+    let assertion;
+    try {
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
+        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
+    } catch (err) {
+         if (err.name === 'NotAllowedError') {
+            throw normaliseApiError(new Error('Auth.PASSKEY_CANCELLED'), 'Auth.PASSKEY_CANCELLED');
+         }
+         throw err;
+    }
+
+    // 3. Authenticate via existing API function
+    const credentialJson = serializeCredential(assertion);
+    return authenticateWithMFA({ credential: credentialJson });
+}
+
 export function startSocialLogin(provider) {
   if (typeof window === 'undefined') {
     throw normaliseApiError(
@@ -66,6 +116,5 @@ export function startSocialLogin(provider) {
       'Auth.SOCIAL_LOGIN_NOT_IN_BROWSER'
     );
   }
-  // Browser-Redirect ist ein Side-Effect -> Service Layer
   window.location.href = `/accounts/${provider}/login/?process=login`;
-}
+}