From c802bea639efd006659036fbae26e42e41a534a4 Mon Sep 17 00:00:00 2001
From: Dusan Jakub <dusan.jakub@ysoft.com>
Date: Wed, 27 Sep 2023 10:48:46 +0200
Subject: [PATCH] webauthn - add a stealthy link from regular login page

---
 src/main/java/com/ysoft/geecon/OAuthResource.java     | 10 ++++++++++
 src/main/resources/templates/OAuthResource/login.html |  6 ++++++
 src/main/resources/templates/base.html                |  9 +++++++++
 3 files changed, 25 insertions(+)

diff --git a/src/main/java/com/ysoft/geecon/OAuthResource.java b/src/main/java/com/ysoft/geecon/OAuthResource.java
index 3d8ff2e..c534b8c 100644
--- a/src/main/java/com/ysoft/geecon/OAuthResource.java
+++ b/src/main/java/com/ysoft/geecon/OAuthResource.java
@@ -79,6 +79,16 @@ public class OAuthResource {
         return Templates.loginPasswordless(params.getLoginHint(), sessionId, "");
     }
 
+    @POST
+    @Path("passwordless")
+    @Produces(MediaType.TEXT_HTML)
+    @Blocking
+    public TemplateInstance postPasswordless(@FormParam("sessionId") String sessionId) {
+        AuthorizationSession session = sessionsRepo.getSession(sessionId).orElseThrow(
+                () -> new OAuthUserVisibleException(ErrorResponse.Error.access_denied, "Invalid session"));
+        return Templates.loginPasswordless(session.params().getLoginHint(), sessionId, "");
+    }
+
     @POST
     @Path("passwordless/register")
     @Produces(MediaType.TEXT_HTML)
diff --git a/src/main/resources/templates/OAuthResource/login.html b/src/main/resources/templates/OAuthResource/login.html
index 786ed3b..bcfbe8d 100644
--- a/src/main/resources/templates/OAuthResource/login.html
+++ b/src/main/resources/templates/OAuthResource/login.html
@@ -37,6 +37,12 @@
                         <li class="collection-item">bob / Password1</li>
                         <li class="collection-item">user / user</li>
                     </ul>
+    <form action="/auth/passwordless" method="post" class="right-align">
+    <input type="hidden" name="sessionId" value="{sessionId}">
+    <small>Pst, you can try
+        <button type="submit" class="link-button">passwordless login</button>
+        .</small>
+    </form>
                 </div>
             </div>
         </div>
diff --git a/src/main/resources/templates/base.html b/src/main/resources/templates/base.html
index f4c2aaa..5ce9aaa 100644
--- a/src/main/resources/templates/base.html
+++ b/src/main/resources/templates/base.html
@@ -40,6 +40,15 @@
             background-color: #0056b3
         }
 
+        .link-button {
+            background: none;
+            border: none;
+            color: #1a0dab;
+            text-decoration: underline;
+            cursor: pointer;
+            padding: 0;
+        }
+
         .collection {
             border: none;
         }