passkey优化

2025-12-07 01:18:27 +08:00 · 2025-10-08 11:53:52 +08:00 · 2025-10-08 11:53:52 +08:00 · 10c5b46810
commit 10c5b46810
parent a5f8d15b2d
6 changed files with 91 additions and 54 deletions
--- a/maxkey-starter/maxkey-starter-passkey/src/main/java/org/dromara/maxkey/passkey/config/PasskeyProperties.java
+++ b/maxkey-starter/maxkey-starter-passkey/src/main/java/org/dromara/maxkey/passkey/config/PasskeyProperties.java
@ -21,7 +21,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 /**
 * Passkey配置属性
 */
-@ConfigurationProperties(prefix = "maxkey.passkey")
+@ConfigurationProperties(prefix = "maxkey.login.passkey")
 public class PasskeyProperties {
    
    /**
--- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.html
+++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.html
@ -101,7 +101,7 @@
      {{ 'app.login.login' | i18n }}
    </button>
  </nz-form-item>
-  <nz-form-item *ngIf="loginType == 'normal'">
+  <nz-form-item *ngIf="passkeyEnabled">
    <button nz-button type="button" nzType="default" nzSize="large" (click)="passkeyLogin()" nzBlock>
      <i nz-icon nzType="safety-certificate" nzTheme="outline"></i>
      {{ 'mxk.login.passkey-login' | i18n }}
--- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
@ -56,6 +56,8 @@ export class UserLoginComponent implements OnInit, OnDestroy {
  loading = false;
  passwordVisible = false;
  qrexpire = false;
+  passkeyEnabled = false;
+  passkeyAllowedOrigins = [];
  imageCaptcha = '';
  captchaType = '';
  state = '';
@ -136,6 +138,25 @@ export class UserLoginComponent implements OnInit, OnDestroy {
            this.socials = res.data.socials;
            this.state = res.data.state;
            this.captchaType = res.data.captcha;
+            this.passkeyEnabled = res.data.passkeyEnabled;
+            this.passkeyAllowedOrigins = res.data.passkeyAllowedOrigins;
+            let passkeyAllowedOriginsMatch = false;
+            for (let allowedOrigin of this.passkeyAllowedOrigins) {
+              console.log(`passkey allowedOrigin ${allowedOrigin}`);
+              console.log(`location ${window.location.href}`);
+              if (
+                window.location.href.startsWith('http://localhost') ||
+                (window.location.href.startsWith('https') && window.location.href.indexOf(allowedOrigin) > -1)
+              ) {
+                console.log(window.location.href.indexOf(allowedOrigin) > -1);
+                passkeyAllowedOriginsMatch = true;
+              }
+            }
+            if (window.PublicKeyCredential && this.passkeyEnabled && passkeyAllowedOriginsMatch) {
+              this.passkeyEnabled = true;
+            } else {
+              this.passkeyEnabled = false;
+            }
            if (this.captchaType === 'NONE') {
              //清除校验规则
              this.form.get('captcha')?.clearValidators();
@ -537,10 +558,12 @@ export class UserLoginComponent implements OnInit, OnDestroy {
        }

        // 检查是否是没有注册 Passkey 的错误
-        if (errorMessage.includes('没有注册任何 Passkey') || 
+        if (
+          errorMessage.includes('没有注册任何 Passkey') ||
          errorMessage.includes('No Passkeys registered') ||
          errorMessage.includes('还没有注册任何 Passkey') ||
-            errorMessage.includes('系统中还没有注册任何 Passkey')) {
+          errorMessage.includes('系统中还没有注册任何 Passkey')
+        ) {
          // 直接显示友好提示并返回，不抛出错误避免被全局拦截器捕获
          this.msg.warning('还未注册 Passkey，请注册 Passkey');
          console.log('=== PASSKEY LOGIN DEBUG END ===');
@ -555,10 +578,12 @@ export class UserLoginComponent implements OnInit, OnDestroy {
        console.error('Failed to get auth options:', authOptionsResponse);
        // 检查是否是没有注册 Passkey 的错误
        const errorMessage = authOptionsResponse?.message || '获取认证选项失败';
-        if (errorMessage.includes('没有注册任何 Passkey') || 
+        if (
+          errorMessage.includes('没有注册任何 Passkey') ||
          errorMessage.includes('No Passkeys registered') ||
          errorMessage.includes('还没有注册任何 Passkey') ||
-            errorMessage.includes('系统中还没有注册任何 Passkey')) {
+          errorMessage.includes('系统中还没有注册任何 Passkey')
+        ) {
          // 直接显示友好提示并返回，不抛出错误避免被全局拦截器捕获
          this.msg.warning('还未注册 Passkey，请注册 Passkey');
          console.log('=== PASSKEY LOGIN DEBUG END ===');
@ -597,9 +622,9 @@ export class UserLoginComponent implements OnInit, OnDestroy {
      console.log('Step 3: Calling WebAuthn API navigator.credentials.get()...');
      console.log('Available authenticators will be queried automatically');

-      const credential = await navigator.credentials.get({
+      const credential = (await navigator.credentials.get({
        publicKey: convertedOptions
-      }) as PublicKeyCredential;
+      })) as PublicKeyCredential;

      if (!credential) {
        console.error('No credential returned from WebAuthn API');
@ -698,7 +723,6 @@ export class UserLoginComponent implements OnInit, OnDestroy {
        console.error('Invalid auth result - missing userId:', authResult);
        throw new Error('认证成功但用户数据无效');
      }
-      
    } catch (error: any) {
      console.error('=== PASSKEY LOGIN ERROR ===');
      console.error('Error type:', error.constructor.name);
@ -707,14 +731,17 @@ export class UserLoginComponent implements OnInit, OnDestroy {
      console.error('Full error object:', error);

      // 检查是否是没有注册 Passkey 的错误
-      if (error.message && (error.message.includes('PASSKEY_NOT_REGISTERED') ||
+      if (
+        error.message &&
+        (error.message.includes('PASSKEY_NOT_REGISTERED') ||
          error.message.includes('没有找到可用的凭据') ||
          error.message.includes('No credentials available') ||
          error.message.includes('用户未注册') ||
          error.message.includes('credential not found') ||
          error.message.includes('没有注册任何 Passkey') ||
          error.message.includes('No Passkeys registered') ||
-                           error.message.includes('还没有注册任何 Passkey'))) {
+          error.message.includes('还没有注册任何 Passkey'))
+      ) {
        this.msg.warning('还未注册 Passkey，请注册 Passkey');
        console.log('=== PASSKEY LOGIN DEBUG END ===');
        return;
@ -747,10 +774,10 @@ export class UserLoginComponent implements OnInit, OnDestroy {
            break;
          default:
            console.error('Unknown WebAuthn error');
-            this.msg.error('Passkey 登录失败：' + (error.message || '请重试或使用其他登录方式'));
+            this.msg.error(`Passkey 登录失败：${error.message || '请重试或使用其他登录方式'}`);
        }
      } else {
-        this.msg.error('Passkey 登录失败：' + (error.message || '请重试或使用其他登录方式'));
+        this.msg.error(`Passkey 登录失败：${error.message || '请重试或使用其他登录方式'}`);
      }
      console.log('=== PASSKEY LOGIN DEBUG END ===');
    } finally {
--- a/maxkey-web-frontend/maxkey-web-app/src/style-icons-auto.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/style-icons-auto.ts
@ -107,6 +107,8 @@ import {
  FileProtectOutline,
  HistoryOutline,
  UserAddOutline,
+  SafetyCertificateOutline,
+  PlusCircleOutline,
  AuditOutline
 } from '@ant-design/icons-angular/icons';
 import { QR_DEFULAT_CONFIG } from '@delon/abc/qr';
@ -199,5 +201,7 @@ export const ICONS_AUTO = [
  FileProtectOutline,
  HistoryOutline,
  UserAddOutline,
+  SafetyCertificateOutline,
+  PlusCircleOutline,
  AuditOutline
 ];
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
@ -33,6 +33,7 @@ import org.dromara.maxkey.configuration.ApplicationConfig;
 import org.dromara.maxkey.constants.ConstsLoginType;
 import org.dromara.maxkey.entity.*;
 import org.dromara.maxkey.entity.idm.UserInfo;
+import org.dromara.maxkey.passkey.config.PasskeyProperties;
 import org.dromara.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.dromara.maxkey.password.sms.SmsOtpAuthnService;
 import org.dromara.maxkey.persistence.service.SocialsAssociatesService;
@ -73,6 +74,9 @@ public class LoginEntryPoint {
 	@Autowired
  	ApplicationConfig applicationConfig;
 	
+	@Autowired
+    PasskeyProperties passkeyProperties;
+
 	@Autowired
 	AbstractAuthenticationProvider authenticationProvider ;

@ -134,6 +138,8 @@ public class LoginEntryPoint {
 			model.put("otpType", tfaOtpAuthn.getOtpType());
 			model.put("otpInterval", tfaOtpAuthn.getInterval());
 		}
+		model.put("passkeyEnabled", passkeyProperties.isEnabled());
+		model.put("passkeyAllowedOrigins", passkeyProperties.getRelyingParty().getAllowedOrigins());

 		if( applicationConfig.getLoginConfig().isKerberos()){
 			model.put("userDomainUrlJson", kerberosService.buildKerberosProxys());
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties
@ -90,10 +90,10 @@ maxkey.notices.visible                          =false
 ############################################################################
 # Passkey Configuration                                                     #
 ############################################################################
-maxkey.passkey.enabled=true
-maxkey.passkey.relying-party.name=MaxKey
-maxkey.passkey.relying-party.id=localhost
-maxkey.passkey.relying-party.allowed-origins=http://localhost:8527,http://localhost:8080,http://localhost
+maxkey.login.passkey.enabled=true
+maxkey.login.passkey.relying-party.name=MaxKey
+maxkey.login.passkey.relying-party.id=localhost
+maxkey.login.passkey.relying-party.allowed-origins=http://localhost
 ############################################################################
 #ssl configuration                                                         #
 ############################################################################