Frontend: Enable WebAuthn device registration without TOTP
What does this MR do and why?
This MR enables the posibility of register a WebAuthn device without the need to set up TOTP as 2FA and resolves Frontend: Enable WebAuthn device registration w... (!111659 - merged)
Replaced the JQuery application to register WebAuthn devices by a Vue component.
Made the WebAuthn device registration possible without TOTP. Therefore,
the Set up new device button is always available.
Increased security by adding a required password field to be able to register a new device.
We also introduced a few minor UI improvements.
A new set of tests are needed in spec/features/webauthn_spec.rb when the webauthn_without_totp is enable. However, I will do that in a follow-up so it doesn't clash with the changes made in that file in the backend MR.
Changelog: changed
Screenshots or screen recordings
| before | after |
|---|---|
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
The whole process using Chrome:
Screen_Recording_2023-02-13_at_21.01.36
How to set up and validate locally
- In rails console, enable the feature flag:
Feature.enable(:webauthn_without_totp) - Go to https://gdk.test:3443/-/profile/two_factor_auth
- Select
Set up new device. It should be available even if the two-factor authentication using TOTP is disabled. - Follow the workflow.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
- [s] I have evaluated the MR acceptance checklist for this MR.