(()=>{var e,n,r,i={96846:(e,n,r)=>{"use strict";var i=r(85471),a=r(32981),o=r(96763);function s(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function c(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,r=e.padEnd(e.length+n,"="),i=atob(r),a=new ArrayBuffer(i.length),o=new Uint8Array(a);for(let t=0;te=>(x.debug(t),e),O=Object.freeze({READY:1,REGISTRATION:2,NAMING:3,PERSIST:4}),S={name:"AddDevice",components:{NcButton:w.A,NcTextField:_.A},props:{httpWarning:Boolean,isHttps:{type:Boolean,default:!1},isLocalhost:{type:Boolean,default:!1}},setup:()=>({RegistrationSteps:O}),data:()=>({name:"",credential:{},step:O.READY}),watch:{step(){this.step===O.NAMING&&this.$nextTick((()=>this.$refs.nameInput?.focus()))}},methods:{async start(){this.step=O.REGISTRATION,I.debug("Starting WebAuthn registration");try{await(0,g.C)(),this.credential=await async function(){const t=(0,C.Jv)("/settings/api/personal/webauthn/registration");try{x.debug("Fetching webauthn registration data");const{data:e}=await E.Ay.get(t);return x.debug("Start webauthn registration"),await async function(t){if(!l())throw new Error("WebAuthn is not supported in this browser");const e={publicKey:{...t,challenge:c(t.challenge),user:{...t.user,id:c(t.user.id)},excludeCredentials:t.excludeCredentials?.map(u)}};let n;e.signal=p.createNewAbortSignal();try{n=await navigator.credentials.create(e)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new d({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new d({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new d({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new d({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new d({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new d({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new d({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if("localhost"!==(r=e)&&!/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(r))return new d({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new d({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new d({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new d({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}var r;return t}({error:t,options:e})}if(!n)throw new Error("Registration was not completed");const{id:r,rawId:i,response:a,type:o}=n;let h,g,m,y;if("function"==typeof a.getTransports&&(h=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{g=a.getPublicKeyAlgorithm()}catch(t){v("getPublicKeyAlgorithm()",t)}if("function"==typeof a.getPublicKey)try{const t=a.getPublicKey();null!==t&&(m=s(t))}catch(t){v("getPublicKey()",t)}if("function"==typeof a.getAuthenticatorData)try{y=s(a.getAuthenticatorData())}catch(t){v("getAuthenticatorData()",t)}return{id:r,rawId:s(i),response:{attestationObject:s(a.attestationObject),clientDataJSON:s(a.clientDataJSON),transports:h,publicKeyAlgorithm:g,publicKey:m,authenticatorData:y},type:o,clientExtensionResults:n.getClientExtensionResults(),authenticatorAttachment:f(n.authenticatorAttachment)}}(e)}catch(t){if(x.error(t),(0,E.F0)(t))throw new Error((0,R.Tl)("settings","Could not register device: Network error"));if("InvalidStateError"===t.name)throw new Error((0,R.Tl)("settings","Could not register device: Probably already registered"));throw new Error((0,R.Tl)("settings","Could not register device"))}}(),this.step=O.NAMING}catch(t){(0,b.Qg)(t),this.step=O.READY}},submit(){return this.step=O.PERSIST,(0,g.C)().then(W("confirmed password")).then(this.saveRegistrationData).then(W("registration data saved")).then((()=>this.reset())).then(W("app reset")).catch(I.error)},async saveRegistrationData(){try{const t=await async function(t,e){const n=(0,C.Jv)("/settings/api/personal/webauthn/registration");return(await E.Ay.post(n,{name:t,data:JSON.stringify(e)})).data}(this.name,this.credential);x.info("new device added",{device:t}),this.$emit("added",t)}catch(e){throw x.error("Error persisting webauthn registration",{error:e}),new Error(t("settings","Server error while trying to complete WebAuthn device registration"))}},reset(){this.name="",this.registrationData={},this.step=O.READY}}};var N=r(85072),D=r.n(N),T=r(97825),k=r.n(T),P=r(77659),B=r.n(P),L=r(55056),M=r.n(L),j=r(10540),F=r.n(j),q=r(41113),K=r.n(q),U=r(82720),z={};z.styleTagTransform=K(),z.setAttributes=M(),z.insert=B().bind(null,"head"),z.domAPI=k(),z.insertStyleElement=F(),D()(U.A,z),U.A&&U.A.locals&&U.A.locals;var G=r(14486);const $=(0,G.A)(S,(function(){var t=this,e=t._self._c;return t.isHttps||t.isLocalhost?e("div",[t.step===t.RegistrationSteps.READY?e("NcButton",{attrs:{type:"primary"},on:{click:t.start}},[t._v("\n\t\t"+t._s(t.t("settings","Add WebAuthn device"))+"\n\t")]):t.step===t.RegistrationSteps.REGISTRATION?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v("\n\t\t"+t._s(t.t("settings","Please authorize your WebAuthn device."))+"\n\t")]):t.step===t.RegistrationSteps.NAMING?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v(" "),e("form",{on:{submit:function(e){return e.preventDefault(),t.submit.apply(null,arguments)}}},[e("NcTextField",{ref:"nameInput",staticClass:"new-webauthn-device__name",attrs:{label:t.t("settings","Device name"),value:t.name,"show-trailing-button":"","trailing-button-label":t.t("settings","Add"),"trailing-button-icon":"arrowRight"},on:{"update:value":function(e){t.name=e},"trailing-button-click":t.submit}})],1)]):t.step===t.RegistrationSteps.PERSIST?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v("\n\t\t"+t._s(t.t("settings","Adding your device …"))+"\n\t")]):e("div",[t._v("\n\t\tInvalid registration step. This should not have happened.\n\t")])],1):e("div",[t._v("\n\t"+t._s(t.t("settings","Passwordless authentication requires a secure connection."))+"\n")])}),[],!1,null,"c0c703c4",null).exports;var H=r(24764);const Y={name:"Device",components:{NcActionButton:r(89257).A,NcActions:H.A},props:{name:{type:String,required:!0}}};var V=r(42328),J={};J.styleTagTransform=K(),J.setAttributes=M(),J.insert=B().bind(null,"head"),J.domAPI=k(),J.insertStyleElement=F(),D()(V.A,J),V.A&&V.A.locals&&V.A.locals;const X=(0,G.A)(Y,(function(){var t=this,e=t._self._c;return e("li",{staticClass:"webauthn-device"},[e("span",{staticClass:"icon-webauthn-device"}),t._v("\n\t"+t._s(t.name||t.t("settings","Unnamed device"))+"\n\t"),e("NcActions",{attrs:{"force-menu":!0}},[e("NcActionButton",{attrs:{icon:"icon-delete"},on:{click:function(e){return t.$emit("delete")}}},[t._v("\n\t\t\t"+t._s(t.t("settings","Delete"))+"\n\t\t")])],1)],1)}),[],!1,null,"60aaa94c",null).exports,Q=A()("name"),Z={components:{AddDevice:$,Device:X,NcNoteCard:m.A},props:{initialDevices:{type:Array,required:!0},isHttps:{type:Boolean,default:!1},isLocalhost:{type:Boolean,default:!1}},setup:()=>({supportsWebauthn:l()}),data(){return{devices:this.initialDevices}},computed:{sortedDevices(){return Q(this.devices)}},methods:{deviceAdded(t){x.debug(`adding new device to the list ${t.id}`),this.devices.push(t)},async deleteDevice(t){x.info(`deleting webauthn device ${t}`),await(0,g.C)(),await async function(t){const e=(0,C.Jv)(`/settings/api/personal/webauthn/registration/${t}`);await E.Ay.delete(e)}(t),this.devices=this.devices.filter((e=>e.id!==t)),x.info(`webauthn device ${t} removed successfully`)}}};var tt=r(8327),et={};et.styleTagTransform=K(),et.setAttributes=M(),et.insert=B().bind(null,"head"),et.domAPI=k(),et.insertStyleElement=F(),D()(tt.A,et),tt.A&&tt.A.locals&&tt.A.locals;const nt=(0,G.A)(Z,(function(){var t=this,e=t._self._c;return e("div",{staticClass:"section",attrs:{id:"security-webauthn"}},[e("h2",[t._v(t._s(t.t("settings","Passwordless Authentication")))]),t._v(" "),e("p",{staticClass:"settings-hint hidden-when-empty"},[t._v("\n\t\t"+t._s(t.t("settings","Set up your account for passwordless authentication following the FIDO2 standard."))+"\n\t")]),t._v(" "),0===t.devices.length?e("NcNoteCard",{attrs:{type:"info"}},[t._v("\n\t\t"+t._s(t.t("settings","No devices configured."))+"\n\t")]):e("h3",{attrs:{id:"security-webauthn__active-devices"}},[t._v("\n\t\t"+t._s(t.t("settings","The following devices are configured for your account:"))+"\n\t")]),t._v(" "),e("ul",{staticClass:"security-webauthn__device-list",attrs:{"aria-labelledby":"security-webauthn__active-devices"}},t._l(t.sortedDevices,(function(n){return e("Device",{key:n.id,attrs:{name:n.name},on:{delete:function(e){return t.deleteDevice(n.id)}}})})),1),t._v(" "),t.supportsWebauthn?t._e():e("NcNoteCard",{attrs:{type:"warning"}},[t._v("\n\t\t"+t._s(t.t("settings","Your browser does not support WebAuthn."))+"\n\t")]),t._v(" "),t.supportsWebauthn?e("AddDevice",{attrs:{"is-https":t.isHttps,"is-localhost":t.isLocalhost},on:{added:t.deviceAdded}}):t._e()],1)}),[],!1,null,"e3727450",null).exports;r.nc=btoa(OC.requestToken),i.Ay.prototype.t=t,new(i.Ay.extend(nt))({propsData:{initialDevices:(0,a.C)("settings","webauthn-devices"),isHttps:"https:"===window.location.protocol,isLocalhost:"localhost"===window.location.hostname}}).$mount("#security-webauthn")},82720:(t,e,n)=>{"use strict";n.d(e,{A:()=>s});var r=n(71354),i=n.n(r),a=n(76314),o=n.n(a)()(i());o.push([t.id,".webauthn-loading[data-v-c0c703c4]{display:inline-block;vertical-align:sub;margin-inline:2px}.new-webauthn-device[data-v-c0c703c4]{display:flex;gap:22px;align-items:center}.new-webauthn-device__name[data-v-c0c703c4]{max-width:min(100vw,400px)}","",{version:3,sources:["webpack://./apps/settings/src/components/WebAuthn/AddDevice.vue"],names:[],mappings:"AACA,mCACC,oBAAA,CACA,kBAAA,CACA,iBAAA,CAGD,sCACC,YAAA,CACA,QAAA,CACA,kBAAA,CAEA,4CACC,0BAAA",sourcesContent:["\n.webauthn-loading {\n\tdisplay: inline-block;\n\tvertical-align: sub;\n\tmargin-inline: 2px;\n}\n\n.new-webauthn-device {\n\tdisplay: flex;\n\tgap: 22px;\n\talign-items: center;\n\n\t&__name {\n\t\tmax-width: min(100vw, 400px);\n\t}\n}\n"],sourceRoot:""}]);const s=o},42328:(t,e,n)=>{"use strict";n.d(e,{A:()=>s});var r=n(71354),i=n.n(r),a=n(76314),o=n.n(a)()(i());o.push([t.id,"\n.webauthn-device[data-v-60aaa94c] {\n\tline-height: 300%;\n\tdisplay: flex;\n}\n.icon-webauthn-device[data-v-60aaa94c] {\n\tdisplay: inline-block;\n\tbackground-size: 100%;\n\tpadding: 3px;\n\tmargin: 3px;\n}\n","",{version:3,sources:["webpack://./apps/settings/src/components/WebAuthn/Device.vue"],names:[],mappings:";AAkDA;CACA,iBAAA;CACA,aAAA;AACA;AAEA;CACA,qBAAA;CACA,qBAAA;CACA,YAAA;CACA,WAAA;AACA",sourcesContent:["\x3c!--\n - SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors\n - SPDX-License-Identifier: AGPL-3.0-or-later\n--\x3e\n\n\n\n