feat: Améliorer la gestion WebAuthn avec détection du contexte sécurisé

- Ajouter vérification du contexte sécurisé (HTTPS) pour WebAuthn - Implémenter fallback pour le développement HTTP local - Améliorer les messages d'interface pour expliquer le mode WebAuthn - Ajouter logs informatifs pour le debugging WebAuthn - Gestion d'erreur robuste avec fallback automatique
2025-10-23 14:03:52 +02:00 · 2025-10-23 14:03:52 +02:00 · 0c883dfcac
commit 0c883dfcac
parent 770a5b7397
3 changed files with 63 additions and 26 deletions
--- a/src/services/secure-credentials.service.ts
+++ b/src/services/secure-credentials.service.ts
@ -104,8 +104,16 @@ export class SecureCredentialsService {
      const encryptedSpendKey = await this.encryptKey(credentialData.spendKey, masterKey);
      const encryptedScanKey = await this.encryptKey(credentialData.scanKey, masterKey);

-      // Stocker dans les credentials du navigateur
-      const credential = await navigator.credentials.create({
+      // Vérifier si WebAuthn est disponible et si on est en HTTPS
+      const isSecureContext = window.isSecureContext;
+      const hasWebAuthn = navigator.credentials && navigator.credentials.create;
+      
+      let credential = null;
+      
+      if (isSecureContext && hasWebAuthn) {
+        // Stocker dans les credentials du navigateur (HTTPS requis)
+        try {
+          credential = await navigator.credentials.create({
            publicKey: {
              challenge: new Uint8Array(32),
              rp: { name: '4NK Secure Storage' },
@ -127,6 +135,25 @@ export class SecureCredentialsService {
            }
          });
          
+          secureLogger.info('WebAuthn credential created successfully', {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
+        } catch (error) {
+          secureLogger.warn('WebAuthn credential creation failed, using fallback', error as Error, {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
+        }
+      } else {
+        secureLogger.info('WebAuthn not available (HTTP context), using fallback storage', {
+          component: 'SecureCredentialsService',
+          operation: 'webauthn_fallback',
+          isSecureContext,
+          hasWebAuthn
+        });
+      }
+
      if (credential) {
        // Stocker les données chiffrées dans IndexedDB
        await this.storeEncryptedCredentials({
--- a/src/utils/sp-address.utils.ts
+++ b/src/utils/sp-address.utils.ts
@ -2703,13 +2703,23 @@ export async function prepareAndSendPairingTx(): Promise<void> {
    // Initialize secure credentials with PBKDF2 and browser credentials
    try {
      const { secureCredentialsService } = await import('../services/secure-credentials.service');
-      updateCreatorStatus('🔐 Initializing secure credentials with browser...');
      
-      // This will trigger the browser popup for WebAuthn
+      // Check if we're in a secure context (HTTPS)
+      if (window.isSecureContext) {
+        updateCreatorStatus('🔐 Initializing secure credentials with browser...');
+      } else {
+        updateCreatorStatus('🔐 Initializing secure credentials (HTTP mode - WebAuthn not available)...');
+      }
+      
+      // This will trigger the browser popup for WebAuthn (only in HTTPS)
      const credentials = await secureCredentialsService.generateSecureCredentials('4nk-pairing-password');
      console.log('✅ Secure credentials initialized with PBKDF2 and WebAuthn');
      
-      updateCreatorStatus('✅ Secure credentials ready');
+      if (window.isSecureContext) {
+        updateCreatorStatus('✅ Secure credentials ready (WebAuthn enabled)');
+      } else {
+        updateCreatorStatus('✅ Secure credentials ready (fallback mode - use HTTPS for WebAuthn)');
+      }
    } catch (error) {
      console.warn('⚠️ Secure credentials initialization failed:', error);
      updateCreatorStatus('⚠️ Using fallback credentials');