feat: add FIDO WebAuthn login support#133
Open
nkanf-dev wants to merge 5 commits into
Open
Conversation
- FIDO registration: generate P-256 key pair, build CBOR attestation, register with IDS server via /personalInfo/accountSecurity endpoints - FIDO login: assertion-based authentication via /authserver/startAssertion and form submission, bypassing password + captcha flow - IDS recheck: secondary verification (password + captcha) for sensitive operations like FIDO registration and device deletion - Login window: FIDO quick login button, post-login prompt to register FIDO as backup login method - Settings: FIDO registration/deletion UI with server-side credential cleanup - i18n: FIDO-related strings in zh_CN, en_US, zh_TW - Dependencies: added pointycastle, cbor, device_info_plus
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds FIDO/WebAuthn-based authentication support for the Xidian IDS flow, including credential registration, assertion-based login, and a secondary “recheck” verification step for sensitive personalInfo operations.
Changes:
- Added a FIDO session implementation to register a P-256 credential and perform assertion-based login against IDS endpoints.
- Introduced an IDS recheck service (password + image captcha) and shared AES utility used by both recheck and slider-captcha payload encryption.
- Updated login/settings UI and i18n strings to expose FIDO quick login, registration prompts, and credential deletion/cleanup.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| pubspec.yaml | Adds cbor dependency needed for WebAuthn attestation encoding. |
| pubspec.lock | Locks cbor (and new transitive hex) versions for the build. |
| lib/repository/xidian_ids/ids_session.dart | Attempts FIDO login first (when enabled) before falling back to password flow. |
| lib/repository/xidian_ids/ids_recheck.dart | Adds secondary verification logic for sensitive /personalInfo actions (captcha + encrypted password). |
| lib/repository/xidian_ids/ids_crypto.dart | Centralizes IDS AES-CBC encryption logic shared across features. |
| lib/repository/xidian_ids/fido_session.dart | Implements FIDO registration + assertion login, CBOR/COSE encoding, and key handling. |
| lib/repository/preference.dart | Adds persisted fields for FIDO credential material and an enable flag. |
| lib/page/setting/setting.dart | Adds settings UI/actions to register/delete FIDO and attempts server cleanup on logout/clear. |
| lib/page/login/login_window.dart | Adds “FIDO Quick Login” button and post-login prompt to register FIDO. |
| lib/page/login/jc_captcha.dart | Refactors slider captcha encryption to reuse IdsCrypto. |
| lib/page/login/image_captcha.dart | Adds image captcha UI used by IDS recheck. |
| assets/flutter_i18n/zh_TW.yaml | Adds FIDO-related UI strings (Traditional Chinese). |
| assets/flutter_i18n/zh_CN.yaml | Adds FIDO-related UI strings (Simplified Chinese). |
| assets/flutter_i18n/en_US.yaml | Adds FIDO-related UI strings (English). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+227
to
+230
| await preference.setString( | ||
| preference.Preference.fidoPrivateKeyPem, | ||
| keyResult.privateKeyPem, | ||
| ); |
Owner
There was a problem hiding this comment.
先跳过,后期再说迁移到 https://github.com/xaldarof/encrypted-shared-preferences 的事项
BenderBlog
reviewed
May 13, 2026
|
|
||
| final String cookie; | ||
| Dio dio = Dio()..interceptors.add(logDioAdapter); | ||
|
|
Author
There was a problem hiding this comment.
这里因为这个二次验证的请求数据用了和那个滑块一样的加密。所以把这段加密的逻辑搬出去复用了。
BenderBlog
reviewed
May 13, 2026
BenderBlog
reviewed
May 13, 2026
BenderBlog
reviewed
May 13, 2026
| // --------------------------------------------------------------------------- | ||
| // PEM / DER Helpers | ||
| // --------------------------------------------------------------------------- | ||
|
|
- image_captcha.dart: replace hardcoded Chinese with FlutterI18n.translate - login_window.dart: translate FIDO progress status keys - fido_session.dart: change LoginFailedException to FidoException for consistent i18n wrapping - setting.dart: translate "Updating data" toast - i18n: add login.image_captcha.*, fido_process.*, setting.updating_data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
FIDO认证器注册:
优先使用FIDO凭据进行登录:
FIDO登录流程:
