(()=>{var e,n,r,i={96846:(e,n,r)=>{"use strict";var i=r(85471),a=r(32981);function o(t){const e=new Uint8Array(t);let n="";for(const t of e)n+=String.fromCharCode(t);return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function s(t){const e=t.replace(/-/g,"+").replace(/_/g,"/"),n=(4-e.length%4)%4,r=e.padEnd(e.length+n,"="),i=atob(r),a=new ArrayBuffer(i.length),o=new Uint8Array(a);for(let t=0;te=>(_.debug(t),e),I=Object.freeze({READY:1,REGISTRATION:2,NAMING:3,PERSIST:4}),W={name:"AddDevice",components:{NcButton:b.A,NcTextField:w.A},props:{httpWarning:Boolean,isHttps:{type:Boolean,default:!1},isLocalhost:{type:Boolean,default:!1}},setup:()=>({RegistrationSteps:I}),data:()=>({name:"",credential:{},step:I.READY}),watch:{step(){this.step===I.NAMING&&this.$nextTick((()=>this.$refs.nameInput?.focus()))}},methods:{async start(){this.step=I.REGISTRATION,console.debug("Starting WebAuthn registration");try{await(0,v.C)(),this.credential=await async function(){const t=(0,R.Jv)("/settings/api/personal/webauthn/registration");try{_.debug("Fetching webauthn registration data");const{data:e}=await E.Ay.get(t);return _.debug("Start webauthn registration"),await async function(t){if(!c())throw new Error("WebAuthn is not supported in this browser");const e={publicKey:{...t,challenge:s(t.challenge),user:{...t.user,id:s(t.user.id)},excludeCredentials:t.excludeCredentials?.map(l)}};let n;e.signal=d.createNewAbortSignal();try{n=await navigator.credentials.create(e)}catch(t){throw function({error:t,options:e}){const{publicKey:n}=e;if(!n)throw Error("options was missing required publicKey property");if("AbortError"===t.name){if(e.signal instanceof AbortSignal)return new u({message:"Registration ceremony was sent an abort signal",code:"ERROR_CEREMONY_ABORTED",cause:t})}else if("ConstraintError"===t.name){if(!0===n.authenticatorSelection?.requireResidentKey)return new u({message:"Discoverable credentials were required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",cause:t});if("required"===n.authenticatorSelection?.userVerification)return new u({message:"User verification was required but no available authenticator supported it",code:"ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",cause:t})}else{if("InvalidStateError"===t.name)return new u({message:"The authenticator was previously registered",code:"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",cause:t});if("NotAllowedError"===t.name)return new u({message:t.message,code:"ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",cause:t});if("NotSupportedError"===t.name)return 0===n.pubKeyCredParams.filter((t=>"public-key"===t.type)).length?new u({message:'No entry in pubKeyCredParams was of type "public-key"',code:"ERROR_MALFORMED_PUBKEYCREDPARAMS",cause:t}):new u({message:"No available authenticator supported any of the specified pubKeyCredParams algorithms",code:"ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",cause:t});if("SecurityError"===t.name){const e=window.location.hostname;if("localhost"!==(r=e)&&!/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(r))return new u({message:`${window.location.hostname} is an invalid domain`,code:"ERROR_INVALID_DOMAIN",cause:t});if(n.rp.id!==e)return new u({message:`The RP ID "${n.rp.id}" is invalid for this domain`,code:"ERROR_INVALID_RP_ID",cause:t})}else if("TypeError"===t.name){if(n.user.id.byteLength<1||n.user.id.byteLength>64)return new u({message:"User ID was not between 1 and 64 characters",code:"ERROR_INVALID_USER_ID_LENGTH",cause:t})}else if("UnknownError"===t.name)return new u({message:"The authenticator was unable to process the specified options, or could not create a new credential",code:"ERROR_AUTHENTICATOR_GENERAL_ERROR",cause:t})}var r;return t}({error:t,options:e})}if(!n)throw new Error("Registration was not completed");const{id:r,rawId:i,response:a,type:p}=n;let v,g,m,y;if("function"==typeof a.getTransports&&(v=a.getTransports()),"function"==typeof a.getPublicKeyAlgorithm)try{g=a.getPublicKeyAlgorithm()}catch(t){f("getPublicKeyAlgorithm()",t)}if("function"==typeof a.getPublicKey)try{const t=a.getPublicKey();null!==t&&(m=o(t))}catch(t){f("getPublicKey()",t)}if("function"==typeof a.getAuthenticatorData)try{y=o(a.getAuthenticatorData())}catch(t){f("getAuthenticatorData()",t)}return{id:r,rawId:o(i),response:{attestationObject:o(a.attestationObject),clientDataJSON:o(a.clientDataJSON),transports:v,publicKeyAlgorithm:g,publicKey:m,authenticatorData:y},type:p,clientExtensionResults:n.getClientExtensionResults(),authenticatorAttachment:h(n.authenticatorAttachment)}}(e)}catch(t){if(_.error(t),(0,E.F0)(t))throw new Error((0,x.Tl)("settings","Could not register device: Network error"));if("InvalidStateError"===t.name)throw new Error((0,x.Tl)("settings","Could not register device: Probably already registered"));throw new Error((0,x.Tl)("settings","Could not register device"))}}(),this.step=I.NAMING}catch(t){(0,A.Qg)(t),this.step=I.READY}},submit(){return this.step=I.PERSIST,(0,v.C)().then(C("confirmed password")).then(this.saveRegistrationData).then(C("registration data saved")).then((()=>this.reset())).then(C("app reset")).catch(console.error)},async saveRegistrationData(){try{const t=await async function(t,e){const n=(0,R.Jv)("/settings/api/personal/webauthn/registration");return(await E.Ay.post(n,{name:t,data:JSON.stringify(e)})).data}(this.name,this.credential);_.info("new device added",{device:t}),this.$emit("added",t)}catch(e){throw _.error("Error persisting webauthn registration",{error:e}),new Error(t("settings","Server error while trying to complete WebAuthn device registration"))}},reset(){this.name="",this.registrationData={},this.step=I.READY}}};var O=r(85072),S=r.n(O),N=r(97825),D=r.n(N),T=r(77659),k=r.n(T),P=r(55056),B=r.n(P),L=r(10540),M=r.n(L),j=r(41113),F=r.n(j),q=r(82720),K={};K.styleTagTransform=F(),K.setAttributes=B(),K.insert=k().bind(null,"head"),K.domAPI=D(),K.insertStyleElement=M(),S()(q.A,K),q.A&&q.A.locals&&q.A.locals;var U=r(14486);const z=(0,U.A)(W,(function(){var t=this,e=t._self._c;return t.isHttps||t.isLocalhost?e("div",[t.step===t.RegistrationSteps.READY?e("NcButton",{attrs:{type:"primary"},on:{click:t.start}},[t._v("\n\t\t"+t._s(t.t("settings","Add WebAuthn device"))+"\n\t")]):t.step===t.RegistrationSteps.REGISTRATION?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v("\n\t\t"+t._s(t.t("settings","Please authorize your WebAuthn device."))+"\n\t")]):t.step===t.RegistrationSteps.NAMING?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v(" "),e("form",{on:{submit:function(e){return e.preventDefault(),t.submit.apply(null,arguments)}}},[e("NcTextField",{ref:"nameInput",staticClass:"new-webauthn-device__name",attrs:{label:t.t("settings","Device name"),value:t.name,"show-trailing-button":"","trailing-button-label":t.t("settings","Add"),"trailing-button-icon":"arrowRight"},on:{"update:value":function(e){t.name=e},"trailing-button-click":t.submit}})],1)]):t.step===t.RegistrationSteps.PERSIST?e("div",{staticClass:"new-webauthn-device"},[e("span",{staticClass:"icon-loading-small webauthn-loading"}),t._v("\n\t\t"+t._s(t.t("settings","Adding your device …"))+"\n\t")]):e("div",[t._v("\n\t\tInvalid registration step. This should not have happened.\n\t")])],1):e("div",[t._v("\n\t"+t._s(t.t("settings","Passwordless authentication requires a secure connection."))+"\n")])}),[],!1,null,"c0c703c4",null).exports;var G=r(24764);const $={name:"Device",components:{NcActionButton:r(89257).A,NcActions:G.A},props:{name:{type:String,required:!0}}};var H=r(42328),Y={};Y.styleTagTransform=F(),Y.setAttributes=B(),Y.insert=k().bind(null,"head"),Y.domAPI=D(),Y.insertStyleElement=M(),S()(H.A,Y),H.A&&H.A.locals&&H.A.locals;const V=(0,U.A)($,(function(){var t=this,e=t._self._c;return e("li",{staticClass:"webauthn-device"},[e("span",{staticClass:"icon-webauthn-device"}),t._v("\n\t"+t._s(t.name||t.t("settings","Unnamed device"))+"\n\t"),e("NcActions",{attrs:{"force-menu":!0}},[e("NcActionButton",{attrs:{icon:"icon-delete"},on:{click:function(e){return t.$emit("delete")}}},[t._v("\n\t\t\t"+t._s(t.t("settings","Delete"))+"\n\t\t")])],1)],1)}),[],!1,null,"60aaa94c",null).exports,J=y()("name"),X={components:{AddDevice:z,Device:V,NcNoteCard:g.A},props:{initialDevices:{type:Array,required:!0},isHttps:{type:Boolean,default:!1},isLocalhost:{type:Boolean,default:!1}},setup:()=>({supportsWebauthn:c()}),data(){return{devices:this.initialDevices}},computed:{sortedDevices(){return J(this.devices)}},methods:{deviceAdded(t){_.debug(`adding new device to the list ${t.id}`),this.devices.push(t)},async deleteDevice(t){_.info(`deleting webauthn device ${t}`),await(0,v.C)(),await async function(t){const e=(0,R.Jv)(`/settings/api/personal/webauthn/registration/${t}`);await E.Ay.delete(e)}(t),this.devices=this.devices.filter((e=>e.id!==t)),_.info(`webauthn device ${t} removed successfully`)}}};var Q=r(8327),Z={};Z.styleTagTransform=F(),Z.setAttributes=B(),Z.insert=k().bind(null,"head"),Z.domAPI=D(),Z.insertStyleElement=M(),S()(Q.A,Z),Q.A&&Q.A.locals&&Q.A.locals;const tt=(0,U.A)(X,(function(){var t=this,e=t._self._c;return e("div",{staticClass:"section",attrs:{id:"security-webauthn"}},[e("h2",[t._v(t._s(t.t("settings","Passwordless Authentication")))]),t._v(" "),e("p",{staticClass:"settings-hint hidden-when-empty"},[t._v("\n\t\t"+t._s(t.t("settings","Set up your account for passwordless authentication following the FIDO2 standard."))+"\n\t")]),t._v(" "),0===t.devices.length?e("NcNoteCard",{attrs:{type:"info"}},[t._v("\n\t\t"+t._s(t.t("settings","No devices configured."))+"\n\t")]):e("h3",{attrs:{id:"security-webauthn__active-devices"}},[t._v("\n\t\t"+t._s(t.t("settings","The following devices are configured for your account:"))+"\n\t")]),t._v(" "),e("ul",{staticClass:"security-webauthn__device-list",attrs:{"aria-labelledby":"security-webauthn__active-devices"}},t._l(t.sortedDevices,(function(n){return e("Device",{key:n.id,attrs:{name:n.name},on:{delete:function(e){return t.deleteDevice(n.id)}}})})),1),t._v(" "),t.supportsWebauthn?t._e():e("NcNoteCard",{attrs:{type:"warning"}},[t._v("\n\t\t"+t._s(t.t("settings","Your browser does not support WebAuthn."))+"\n\t")]),t._v(" "),t.supportsWebauthn?e("AddDevice",{attrs:{"is-https":t.isHttps,"is-localhost":t.isLocalhost},on:{added:t.deviceAdded}}):t._e()],1)}),[],!1,null,"e3727450",null).exports;r.nc=btoa(OC.requestToken),i.Ay.prototype.t=t,new(i.Ay.extend(tt))({propsData:{initialDevices:(0,a.C)("settings","webauthn-devices"),isHttps:"https:"===window.location.protocol,isLocalhost:"localhost"===window.location.hostname}}).$mount("#security-webauthn")},82720:(t,e,n)=>{"use strict";n.d(e,{A:()=>s});var r=n(71354),i=n.n(r),a=n(76314),o=n.n(a)()(i());o.push([t.id,".webauthn-loading[data-v-c0c703c4]{display:inline-block;vertical-align:sub;margin-inline:2px}.new-webauthn-device[data-v-c0c703c4]{display:flex;gap:22px;align-items:center}.new-webauthn-device__name[data-v-c0c703c4]{max-width:min(100vw,400px)}","",{version:3,sources:["webpack://./apps/settings/src/components/WebAuthn/AddDevice.vue"],names:[],mappings:"AACA,mCACC,oBAAA,CACA,kBAAA,CACA,iBAAA,CAGD,sCACC,YAAA,CACA,QAAA,CACA,kBAAA,CAEA,4CACC,0BAAA",sourceRoot:""}]);const s=o},42328:(t,e,n)=>{"use strict";n.d(e,{A:()=>s});var r=n(71354),i=n.n(r),a=n(76314),o=n.n(a)()(i());o.push([t.id,"\n.webauthn-device[data-v-60aaa94c] {\n\tline-height: 300%;\n\tdisplay: flex;\n}\n.icon-webauthn-device[data-v-60aaa94c] {\n\tdisplay: inline-block;\n\tbackground-size: 100%;\n\tpadding: 3px;\n\tmargin: 3px;\n}\n","",{version:3,sources:["webpack://./apps/settings/src/components/WebAuthn/Device.vue"],names:[],mappings:";AAkDA;CACA,iBAAA;CACA,aAAA;AACA;AAEA;CACA,qBAAA;CACA,qBAAA;CACA,YAAA;CACA,WAAA;AACA",sourcesContent:["\x3c!--\n - SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors\n - SPDX-License-Identifier: AGPL-3.0-or-later\n--\x3e\n\n\n\n