Merge pull request #172 from supertokens/feat/webauthn-1

feat: webauthn support

Author: tamassoltesz

src/main/java/io/supertokens/pluginInterface/RECIPE_ID.java

@@ -22,7 +22,7 @@ public enum RECIPE_ID {
     EMAIL_PASSWORD("emailpassword"), THIRD_PARTY("thirdparty"), SESSION("session"),
     EMAIL_VERIFICATION("emailverification"), JWT("jwt"), PASSWORDLESS("passwordless"), USER_METADATA("usermetadata"),
     USER_ROLES("userroles"), USER_ID_MAPPING("useridmapping"), DASHBOARD("dashboard"), TOTP("totp"),
-    MULTITENANCY("multitenancy"), ACCOUNT_LINKING("accountlinking"), MFA("mfa"), OAUTH("oauth");
+    MULTITENANCY("multitenancy"), ACCOUNT_LINKING("accountlinking"), MFA("mfa"), OAUTH("oauth"), WEBAUTHN("webauthn");
 
     private final String name;
 

src/main/java/io/supertokens/pluginInterface/StorageUtils.java

@@ -30,6 +30,7 @@
 import io.supertokens.pluginInterface.useridmapping.UserIdMappingStorage;
 import io.supertokens.pluginInterface.usermetadata.sqlStorage.UserMetadataSQLStorage;
 import io.supertokens.pluginInterface.userroles.sqlStorage.UserRolesSQLStorage;
+import io.supertokens.pluginInterface.webauthn.slqStorage.WebAuthNSQLStorage;
 
 public class StorageUtils {
     public static AuthRecipeSQLStorage getAuthRecipeStorage(Storage storage) {
@@ -151,4 +152,11 @@ public static OAuthStorage getOAuthStorage(Storage storage) {
         }
         return (OAuthStorage) storage;
     }
+
+    public static WebAuthNSQLStorage getWebAuthNStorage(Storage storage) {
+        if (storage.getType() != STORAGE_TYPE.SQL) {
+            throw new UnsupportedOperationException("");
+        }
+        return (WebAuthNSQLStorage) storage;
+    }
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeStorage.java

@@ -58,6 +58,9 @@ AuthRecipeUserInfo[] listPrimaryUsersByEmail(TenantIdentifier tenantIdentifier,
     AuthRecipeUserInfo[] listPrimaryUsersByPhoneNumber(TenantIdentifier tenantIdentifier, String phoneNumber)
             throws StorageQueryException;
 
+    AuthRecipeUserInfo getPrimaryUserByWebauthNCredentialId(TenantIdentifier tenantIdentifier, String webauthNCredentialId)
+            throws StorageQueryException;
+
     AuthRecipeUserInfo[] listPrimaryUsersByThirdPartyInfo(AppIdentifier appIdentifier, String thirdPartyId,
                                                           String thirdPartyUserId)
             throws StorageQueryException;

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeUserInfo.java

@@ -16,12 +16,15 @@
 
 package io.supertokens.pluginInterface.authRecipe;
 
+import com.google.gson.Gson;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 import io.supertokens.pluginInterface.RECIPE_ID;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 public class AuthRecipeUserInfo {
 
@@ -124,7 +127,7 @@ public int hashCode() {
         return hashCode;
     }
 
-    public JsonObject toJson() {
+    public JsonObject toJson(boolean includeWebauthn) {
         if (!didCallSetExternalUserId) {
             throw new RuntimeException("Found a bug: Did you forget to call setExternalUserId?");
         }
@@ -142,7 +145,13 @@ public JsonObject toJson() {
         Set<String> emails = new HashSet<>();
         Set<String> phoneNumbers = new HashSet<>();
         Set<LoginMethod.ThirdParty> thirdParty = new HashSet<>();
+        Set<String> webauthn = new HashSet<>();
         for (LoginMethod loginMethod : this.loginMethods) {
+            if (!includeWebauthn) {
+                if (loginMethod.recipeId == RECIPE_ID.WEBAUTHN) {
+                    continue;
+                }
+            }
             if (loginMethod.email != null) {
                 emails.add(loginMethod.email);
             }
@@ -152,6 +161,9 @@ public JsonObject toJson() {
             if (loginMethod.thirdParty != null) {
                 thirdParty.add(loginMethod.thirdParty);
             }
+            if(loginMethod.webauthN != null) {
+                webauthn.addAll(loginMethod.webauthN.credentialIds);
+            }
         }
         JsonArray emailsJson = new JsonArray();
         for (String email : emails) {
@@ -172,6 +184,14 @@ public JsonObject toJson() {
         }
         jsonObject.add("thirdParty", thirdPartyJson);
 
+        if (includeWebauthn) {
+            JsonObject webauthnJson = new JsonObject();
+            JsonArray j = new JsonArray();
+            j.addAll(new Gson().toJsonTree(webauthn).getAsJsonArray());
+            webauthnJson.add("credentialIds", j);
+            jsonObject.add("webauthn", webauthnJson);
+        }
+
         // now we add login methods..
         JsonArray loginMethodsArr = new JsonArray();
         for (LoginMethod lM : this.loginMethods) {
@@ -197,6 +217,13 @@ public JsonObject toJson() {
                 thirdPartyJsonObject.addProperty("userId", lM.thirdParty.userId);
                 lMJsonObject.add("thirdParty", thirdPartyJsonObject);
             }
+            if (includeWebauthn) {
+                if(lM.webauthN != null) {
+                    JsonObject webauthNJson = new JsonObject();
+                    webauthNJson.add("credentialIds", new Gson().toJsonTree(lM.webauthN.credentialIds));
+                    lMJsonObject.add("webauthn", webauthNJson);
+                }
+            }
             loginMethodsArr.add(lMJsonObject);
         }
         jsonObject.add("loginMethods", loginMethodsArr);

src/main/java/io/supertokens/pluginInterface/authRecipe/LoginMethod.java

@@ -20,6 +20,7 @@
 
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 public class LoginMethod {
@@ -42,6 +43,8 @@ public class LoginMethod {
 
     public final Set<String> tenantIds;
 
+    public final WebAuthN webauthN;
+
     public transient final String passwordHash;
 
     private boolean didCallSetExternalUserId = false;
@@ -55,6 +58,7 @@ public LoginMethod(String recipeUserId, long timeJoined, boolean verified, Strin
         this.email = email;
         this.phoneNumber = null;
         this.thirdParty = null;
+        this.webauthN = null;
         this.tenantIds = new HashSet<>();
         Collections.addAll(this.tenantIds, tenantIds);
         this.passwordHash = passwordHash;
@@ -71,6 +75,7 @@ public LoginMethod(String recipeUserId, long timeJoined, boolean verified, Passw
         this.tenantIds = new HashSet<>();
         Collections.addAll(this.tenantIds, tenantIds);
         this.thirdParty = null;
+        this.webauthN = null;
         this.passwordHash = null;
     }
 
@@ -84,6 +89,22 @@ public LoginMethod(String recipeUserId, long timeJoined, boolean verified, Strin
         this.tenantIds = new HashSet<>();
         Collections.addAll(this.tenantIds, tenantIds);
         this.thirdParty = thirdPartyInfo;
+        this.webauthN = null;
+        this.phoneNumber = null;
+        this.passwordHash = null;
+    }
+
+    public LoginMethod(String recipeUserId, long timeJoined, boolean verified, String email, WebAuthN webauthN,
+                       String[] tenantIds) {
+        this.verified = verified;
+        this.timeJoined = timeJoined;
+        this.recipeUserId = recipeUserId;
+        this.recipeId = RECIPE_ID.WEBAUTHN;
+        this.email = email;
+        this.tenantIds = new HashSet<>();
+        Collections.addAll(this.tenantIds, tenantIds);
+        this.webauthN = webauthN;
+        this.thirdParty = null;
         this.phoneNumber = null;
         this.passwordHash = null;
     }
@@ -147,6 +168,32 @@ public int hashCode() {
         }
     }
 
+    public static class WebAuthN {
+        public List<String> credentialIds;
+
+        public WebAuthN(List<String> credentialIds) {
+            this.credentialIds = credentialIds;
+        }
+
+        public void addCredentialId(String credentialId) {
+            this.credentialIds.add(credentialId);
+        }
+
+        @Override
+        public boolean equals(Object other) {
+            if (!(other instanceof WebAuthN)) {
+                return false;
+            }
+            WebAuthN webauthN = (WebAuthN) other;
+            return this.credentialIds.equals(webauthN.credentialIds);
+        }
+
+        @Override
+        public int hashCode() {
+            return credentialIds.hashCode();
+        }
+    }
+
     @Override
     public boolean equals(Object other) {
         if (!(other instanceof LoginMethod)) {
@@ -159,6 +206,7 @@ public boolean equals(Object other) {
                 && java.util.Objects.equals(this.phoneNumber, otherLoginMethod.phoneNumber)
                 && java.util.Objects.equals(this.passwordHash, otherLoginMethod.passwordHash)
                 && java.util.Objects.equals(this.thirdParty, otherLoginMethod.thirdParty)
+                && java.util.Objects.equals(this.webauthN, otherLoginMethod.webauthN)
                 && this.tenantIds.equals(otherLoginMethod.tenantIds);
     }
 
@@ -176,6 +224,7 @@ public int hashCode() {
         result = 31 * result + tenantIds.hashCode();
         result = 31 * result + (passwordHash != null ? passwordHash.hashCode() : 0);
         result = 31 * result + (thirdParty != null ? thirdParty.hashCode() : 0);
+        result = 31 * result + (webauthN != null ? webauthN.hashCode() : 0);
         return result;
     }
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/sqlStorage/AuthRecipeSQLStorage.java

@@ -20,6 +20,7 @@
 import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.sqlStorage.SQLStorage;
 import io.supertokens.pluginInterface.sqlStorage.TransactionConnection;
 
@@ -32,6 +33,10 @@ AuthRecipeUserInfo getPrimaryUserById_Transaction(AppIdentifier appIdentifier, T
                                                       String userId)
             throws StorageQueryException;
 
+    AuthRecipeUserInfo getPrimaryUserByWebauthNCredentialId_Transaction(TenantIdentifier tenantIdentifier, TransactionConnection con,
+                                                                        String credentialId)
+            throws StorageQueryException;
+
     List<AuthRecipeUserInfo> getPrimaryUsersByIds_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
                                                               List<String> userIds)
             throws StorageQueryException;

src/main/java/io/supertokens/pluginInterface/dashboard/DashboardSearchTags.java

@@ -55,6 +55,11 @@ public boolean shouldPasswordlessTableBeSearched() {
         return false;
     }
 
+    public boolean shouldWebauthnTableBeSearched() {
+        List<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = getNonNullSearchFields();
+        return nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) && nonNullSearchTags.size() == 1;
+    }
+
     private List<SUPPORTED_SEARCH_TAGS> getNonNullSearchFields() {
         List<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = new ArrayList<>();
 

src/main/java/io/supertokens/pluginInterface/webauthn/AccountRecoveryTokenInfo.java

@@ -0,0 +1,35 @@
+/*
+ *    Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ *    This software is licensed under the Apache License, Version 2.0 (the
+ *    "License") as published by the Apache Software Foundation.
+ *
+ *    You may not use this file except in compliance with the License. You may
+ *    obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *    License for the specific language governing permissions and limitations
+ *    under the License.
+ */
+
+package io.supertokens.pluginInterface.webauthn;
+
+public class AccountRecoveryTokenInfo {
+
+    public final String userId;
+
+    public final String token;
+
+    public final long expiresAt;
+
+    public final String email;
+
+    public AccountRecoveryTokenInfo(String userId, String email, String token, long expiresAt) {
+        this.userId = userId;
+        this.email = email;
+        this.token = token;
+        this.expiresAt = expiresAt;
+    }
+}

src/main/java/io/supertokens/pluginInterface/webauthn/WebAuthNOptions.java

@@ -0,0 +1,32 @@
+/*
+ *    Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ *    This software is licensed under the Apache License, Version 2.0 (the
+ *    "License") as published by the Apache Software Foundation.
+ *
+ *    You may not use this file except in compliance with the License. You may
+ *    obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *    License for the specific language governing permissions and limitations
+ *    under the License.
+ */
+
+package io.supertokens.pluginInterface.webauthn;
+
+public class WebAuthNOptions {
+
+    public String generatedOptionsId;
+    public String relyingPartyId;
+    public String relyingPartyName;
+    public String userEmail;
+    public Long timeout;
+    public String challenge; //base64 url encoded
+    public String origin;
+    public Long expiresAt;
+    public Long createdAt;
+    public boolean userPresenceRequired;
+    public String userVerification;
+}

src/main/java/io/supertokens/pluginInterface/webauthn/WebAuthNStorage.java

@@ -0,0 +1,53 @@
+/*
+ *    Copyright (c) 2024, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ *    This software is licensed under the Apache License, Version 2.0 (the
+ *    "License") as published by the Apache Software Foundation.
+ *
+ *    You may not use this file except in compliance with the License. You may
+ *    obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *    License for the specific language governing permissions and limitations
+ *    under the License.
+ */
+
+package io.supertokens.pluginInterface.webauthn;
+
+import io.supertokens.pluginInterface.authRecipe.AuthRecipeStorage;
+import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
+import io.supertokens.pluginInterface.webauthn.exceptions.*;
+
+import java.util.List;
+
+public interface WebAuthNStorage extends AuthRecipeStorage {
+
+    WebAuthNStoredCredential saveCredentials(TenantIdentifier tenantIdentifier, WebAuthNStoredCredential credential) throws StorageQueryException;
+
+    WebAuthNOptions saveGeneratedOptions(TenantIdentifier tenantIdentifier, WebAuthNOptions optionsToSave) throws StorageQueryException;
+
+    WebAuthNOptions loadOptionsById(TenantIdentifier tenantIdentifier, String optionsId) throws  StorageQueryException;
+
+    WebAuthNStoredCredential loadCredentialByIdForUser(TenantIdentifier tenantIdentifier, String credentialId, String recipeUserId) throws  StorageQueryException;
+
+    void addRecoverAccountToken(TenantIdentifier tenantIdentifier, AccountRecoveryTokenInfo accountRecoveryTokenInfo) throws
+            DuplicateRecoverAccountTokenException, StorageQueryException;
+
+    void removeCredential(TenantIdentifier tenantIdentifier, String userId, String credentialId)
+            throws StorageQueryException, WebauthNCredentialNotExistsException;
+
+    void removeOptions(TenantIdentifier tenantIdentifier, String optionsId)
+            throws StorageQueryException, WebauthNOptionsNotExistsException;
+
+    List<WebAuthNStoredCredential> listCredentialsForUser(TenantIdentifier tenantIdentifier, String userId) throws StorageQueryException;
+
+    void updateUserEmail(TenantIdentifier tenantIdentifier, String userId, String newEmail)
+            throws StorageQueryException, UserIdNotFoundException, DuplicateUserEmailException;
+
+    void deleteExpiredAccountRecoveryTokens() throws StorageQueryException;
+
+    void deleteExpiredGeneratedOptions() throws StorageQueryException;
+}