Click to expand the diff!
```diff
diff --git a/administrator/language/en-GB/com_users.ini b/administrator/language/en-GB/com_users.ini
index 48d696fe4d9bc..56bcedadc5b63 100644
--- a/administrator/language/en-GB/com_users.ini
+++ b/administrator/language/en-GB/com_users.ini
@@ -66,7 +66,7 @@ COM_USERS_CONFIG_FRONTEND_SHOW_TITLE_LABEL="Show title in frontend"
COM_USERS_CONFIG_IMPORT_FAILED="An error was encountered while importing the configuration: %s."
COM_USERS_CONFIG_INTEGRATION_SETTINGS_DESC="These settings determine how the Users Component will integrate with other extensions."
COM_USERS_CONFIG_LBL_NOGROUP="( no group )"
-COM_USERS_CONFIG_MFAONSILENT_DESC="Should the user have to go through Multi-factor Authentication after a silent user login? Silent logins are those which do not require a username and password e.g. the Remember Me feature, WebAuthn etc."
+COM_USERS_CONFIG_MFAONSILENT_DESC="Should the user have to go through Multi-factor Authentication after a silent user login? Silent logins are those which do not require a username and password e.g. the Remember Me feature, passkeys etc."
COM_USERS_CONFIG_MFAONSILENT_LABEL="Multi-factor Authentication after silent login"
COM_USERS_CONFIG_MULTIFACTORAUTH_SETTINGS_DESC="Configure how Multi-factor Authentication works in Joomla."
COM_USERS_CONFIG_MULTIFACTORAUTH_SETTINGS_LABEL="Multi-factor Authentication"
@@ -78,7 +78,7 @@ COM_USERS_CONFIG_REDIRECTONLOGIN_LABEL="Onboard new users"
COM_USERS_CONFIG_REDIRECTURL_DESC="If it's not empty redirects to this URL instead of the Multi-factor Authentication setup page when the option above is enabled. WARNING: This must be a URL inside your site. You cannot log in to an external link or to a different subdomain."
COM_USERS_CONFIG_REDIRECTURL_LABEL="Custom redirection URL"
COM_USERS_CONFIG_SAVE_FAILED="An error was encountered while saving the configuration: %s."
-COM_USERS_CONFIG_SILENTRESPONSES_DESC="For experts. A comma–separated list of Joomla authentication response types which are considered silent logins. The default is cookie (the Remember Me feature) and passwordless (WebAuthn)."
+COM_USERS_CONFIG_SILENTRESPONSES_DESC="For experts. A comma–separated list of Joomla authentication response types which are considered silent logins. The default is cookie (the Remember Me feature) and passwordless (passkeys)."
COM_USERS_CONFIG_SILENTRESPONSES_LABEL="Silent login authentication response types (for experts)"
COM_USERS_CONFIG_USER_OPTIONS="User Options"
COM_USERS_CONFIG_MFATRYCOUNT_LABEL="Maximum MFA tries"
@@ -360,7 +360,7 @@ COM_USERS_OPTION_SELECT_LEVEL_END="- Select End Level -"
COM_USERS_OPTION_SELECT_LEVEL_START="- Select Start Level -"
COM_USERS_PASSWORD_RESET_REQUIRED="Password Reset Required"
COM_USERS_POSTINSTALL_MULTIFACTORAUTH_ACTION="Enable the new Multi-factor Authentication plugins"
-COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY="
Joomla! comes with a drastically improved Multi-factor Authentication experience to help you secure the logins of your users.
Unlike the Two Factor Authentication feature in previous versions of Joomla, users no longer have to enter a Security Code with their username and password. The Multi-factor Authentication happens in a separate step after logging into the site. Until they complete their Multi-factor Authentication validation users cannot navigate to other pages or use the site. This makes Multi-factor Authentication phishing–resistant. It also allows for interactive validation methods like WebAuthn (including integration with Windows Hello, Apple TouchID / FaceID and Android Biometric Screen Lock), or sending 6-digit authentication codes by email. Both of these interactive, convenient methods are now available as plugins shipped with Joomla! itself.
"
+COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY="
Joomla! comes with a drastically improved Multi-factor Authentication experience to help you secure the logins of your users.
Unlike the Two Factor Authentication feature in previous versions of Joomla, users no longer have to enter a Security Code with their username and password. The Multi-factor Authentication happens in a separate step after logging into the site. Until they complete their Multi-factor Authentication validation users cannot navigate to other pages or use the site. This makes Multi-factor Authentication phishing–resistant. It also allows for interactive validation methods like passkeys (including integration with Windows Hello, Apple TouchID / FaceID and Android Biometric Screen Lock), or sending 6-digit authentication codes by email. Both of these interactive, convenient methods are now available as plugins shipped with Joomla! itself.
"
COM_USERS_POSTINSTALL_MULTIFACTORAUTH_TITLE="Improved Multi-factor Authentication"
COM_USERS_REQUIRE_PASSWORD_RESET="Require Password Reset"
COM_USERS_REVIEW_HEADING="Review Date"
diff --git a/administrator/language/en-GB/plg_multifactorauth_webauthn.ini b/administrator/language/en-GB/plg_multifactorauth_webauthn.ini
index 11adfe91cd382..a3edee65bb718 100644
--- a/administrator/language/en-GB/plg_multifactorauth_webauthn.ini
+++ b/administrator/language/en-GB/plg_multifactorauth_webauthn.ini
@@ -3,21 +3,21 @@
; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
-PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Web Authentication"
+PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Passkeys"
PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_LOGIN_REQUEST="Invalid authentication request."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_PK="The authenticator registration has failed. The authenticator response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register authenticators on behalf of another user."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your authenticator."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for authenticator registration but somehow received an authenticator registration request from the browser. This means that someone tried to hack you or something is broken."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_BODY="Your browser doesn't support the WebAuthn standard. Not all browsers are compatible with WebAuthn on all devices just yet."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD="Your browser lacks support for WebAuthn"
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_BODY="Please access the site over HTTPS to enable Multi-factor Authentication with WebAuthn."
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_HEAD="WebAuthn is only available on HTTPS"
-PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="You have not configured an Authenticator yet or the Authenticator you are trying to use is ineligible."
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_CONFIGURED="You have already configured your Authenticator. Please note that you can only modify its title from this page."
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS="Web Authentication"
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_INSTRUCTIONS="Use the “%s” button on this page to start the Web Authentication process. Then please follow the instructions given to you by your browser to complete Web Authentication with your preferred Authenticator."
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_REGISTERKEY="Register your Authenticator"
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO="Use WebAuthn with any hardware or software security key."
-PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_VALIDATEKEY="Validate with your Authenticator"
-PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use W3C Web Authentication (Webauthn) as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_PK="The passkey registration has failed. The passkey response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passkeys on behalf of another user."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your passkey."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for passkey registration but somehow received a passkey registration request from the browser. This means that someone tried to hack you or something is broken."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_BODY="Your browser doesn't support the passkey standard. Not all browsers are compatible with passkeys on all devices just yet."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD="Your browser lacks support for passkeys"
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_BODY="Please access the site over HTTPS to enable Multi-factor Authentication with passkeys."
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_HEAD="Passkeys is only available on HTTPS"
+PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="You have not configured a passkey yet or the passkey you are trying to use is ineligible."
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_CONFIGURED="You have already configured your passkey. Please note that you can only modify its title from this page."
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS="Passkey"
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_INSTRUCTIONS="Use the “%s” button on this page to start the Web Authentication process. Then please follow the instructions given to you by your browser to complete Web Authentication with your preferred passkey."
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_REGISTERKEY="Register your passkey"
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO="Use browser passkeys with any hardware or software security key."
+PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_VALIDATEKEY="Validate with your passkey"
+PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use browser passkeys as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)."
diff --git a/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini b/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini
index 8f6890a389ecb..cd6d1e8f0faa4 100644
--- a/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini
+++ b/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini
@@ -3,5 +3,5 @@
; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
-PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Web Authentication"
-PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use W3C Web Authentication (Webauthn) as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)."
+PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Passkeys"
+PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use browser passkeys as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)."
diff --git a/administrator/language/en-GB/plg_system_webauthn.ini b/administrator/language/en-GB/plg_system_webauthn.ini
index 5c7f8465f20c5..5c6c8b77e5c59 100644
--- a/administrator/language/en-GB/plg_system_webauthn.ini
+++ b/administrator/language/en-GB/plg_system_webauthn.ini
@@ -3,49 +3,49 @@
; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
-PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login"
-PLG_SYSTEM_WEBAUTHN_CANNOT_ADD_FOR_A_USER="You cannot add or remove authenticators on behalf of users. Users must login, and set up their own devices."
-PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."
+PLG_SYSTEM_WEBAUTHN="System - Passkey (Passwordless) Login"
+PLG_SYSTEM_WEBAUTHN_CANNOT_ADD_FOR_A_USER="You cannot add or remove passkeys on behalf of users. Users must login, and set up their own devices."
+PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using passkeys. Please note that the passkeys tab in the user profile editor and the passkeys login buttons will only be displayed if the user is accessing the site over HTTPS. Registering passkeys and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."
PLG_SYSTEM_WEBAUTHN_ERR_CANNOT_FIND_USERNAME="Cannot find the username field in the login module. Sorry, Passwordless authentication will not work on this site unless you use a different login module."
PLG_SYSTEM_WEBAUTHN_ERR_CANT_STORE_FOR_GUEST="Cannot possibly store credentials for Guest user!"
-PLG_SYSTEM_WEBAUTHN_ERR_CORRUPT_STORED_CREDENTIAL="The stored credentials are corrupt for your user account. Log in using another method, then remove and add again your login authenticator."
+PLG_SYSTEM_WEBAUTHN_ERR_CORRUPT_STORED_CREDENTIAL="The stored credentials are corrupt for your user account. Log in using another method, then remove and add again your passkey."
PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_LOGIN_REQUEST="Invalid passwordless login request. Something is broken or this is an attempt to hack the site."
-PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_PK="The authenticator registration has failed. The authenticator response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken."
-PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passwordless authentication tokens on behalf of another user."
-PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your authenticator."
-PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for authenticator registration but somehow received an authenticator registration request from the browser. This means that someone tried to hack you or something is broken."
+PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_PK="The passkey registration has failed. The passkey response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken."
+PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passkeys on behalf of another user."
+PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your passkey."
+PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for passkey registration but somehow received a passkey registration request from the browser. This means that someone tried to hack you or something is broken."
PLG_SYSTEM_WEBAUTHN_ERR_CREDENTIAL_ID_ALREADY_IN_USE="Cannot save credentials. These credentials are already being used by a different user."
-PLG_SYSTEM_WEBAUTHN_ERR_EMPTY_USERNAME="You need to enter your username (but NOT your password) before selecting the Web Authentication login button."
+PLG_SYSTEM_WEBAUTHN_ERR_EMPTY_USERNAME="You need to enter your username (but NOT your password) before selecting the passkey login button."
PLG_SYSTEM_WEBAUTHN_ERR_INVALID_USERNAME="The specified username does not correspond to a user account that has enabled passwordless login on this site."
PLG_SYSTEM_WEBAUTHN_ERR_LABEL_NOT_SAVED="Could not save the new label"
-PLG_SYSTEM_WEBAUTHN_ERR_NOT_DELETED="Could not remove the authenticator"
+PLG_SYSTEM_WEBAUTHN_ERR_NOT_DELETED="Could not remove the passkey"
PLG_SYSTEM_WEBAUTHN_ERR_NOUSER="No user account has been found"
-PLG_SYSTEM_WEBAUTHN_ERR_NO_BROWSER_SUPPORT="Sorry, your browser does not support the W3C Web Authentication standard for passwordless logins or your site is not being served over HTTPS with a valid certificate, signed by a Certificate Authority your browser trusts. You will need to log into this site using your username and password."
-PLG_SYSTEM_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="Cannot find the stored credentials for your login authenticator."
-PLG_SYSTEM_WEBAUTHN_ERR_USER_REMOVED="The user for this authenticator seems to no longer exist on this site."
-PLG_SYSTEM_WEBAUTHN_ERR_XHR_INITCREATE="Cannot get the authenticator registration information from your site."
-PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_DESC="Only allow authenticators with verifiable cryptographic signatures to be used for WebAuthn logins. Strongly recommended for high security environments. Requires the system temporary directory being writeable by PHP, and the OpenSSL extension. May prevent some cheaper, non-certified authenticators from working at all. Disabling it also prevents Joomla from identifying the make and model of the authenticator you are using (no icon will be displayed next to the Authenticator Name)."
+PLG_SYSTEM_WEBAUTHN_ERR_NO_BROWSER_SUPPORT="Sorry, your browser does not support the passkeys standard for passwordless logins or your site is not being served over HTTPS with a valid certificate, signed by a Certificate Authority your browser trusts. You will need to log into this site using your username and password."
+PLG_SYSTEM_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="Cannot find the stored credentials for your passkey."
+PLG_SYSTEM_WEBAUTHN_ERR_USER_REMOVED="The user for this passkey seems to no longer exist on this site."
+PLG_SYSTEM_WEBAUTHN_ERR_XHR_INITCREATE="Cannot get the passkey registration information from your site."
+PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_DESC="Only allow passkeys with verifiable cryptographic signatures to be used for passkey logins. Strongly recommended for high security environments. Requires the system temporary directory being writeable by PHP, and the OpenSSL extension. May prevent some cheaper, non-certified passkeys from working at all. Disabling it also prevents Joomla from identifying the make and model of the passkey you are using (no icon will be displayed next to the passkey Name)."
PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_LABEL="Attestation Support"
-PLG_SYSTEM_WEBAUTHN_FIELD_DESC="Lets you manage passwordless login methods using the W3C Web Authentication standard. You need a supported browser and authenticator (eg Google Chrome or Firefox with a FIDO2 certified security key).
You can find more details in the WebAuthn Passwordless Login documentation."
-PLG_SYSTEM_WEBAUTHN_FIELD_LABEL="W3C Web Authentication (WebAuthn) Login"
-PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d WebAuthn authenticators already set up: %s"
-PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_0="No WebAuthn authenticator has been set up yet"
-PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_1="One WebAuthn authenticator already set up: %2$s"
-PLG_SYSTEM_WEBAUTHN_HEADER="W3C Web Authentication (WebAuthn) Login"
-PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR="Generic Authenticator"
+PLG_SYSTEM_WEBAUTHN_FIELD_DESC="Lets you manage passwordless login methods using passkeys. You need a supported browser and passkey (eg Google Chrome or Firefox with a FIDO2 certified security key).
You can find more details in the Passkey Passwordless Login documentation."
+PLG_SYSTEM_WEBAUTHN_FIELD_LABEL="Passkey Login"
+PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d passkeys already set up: %s"
+PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_0="No passkey has been set up yet"
+PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_1="One passkey already set up: %2$s"
+PLG_SYSTEM_WEBAUTHN_HEADER="Passkey Login"
+PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR="Generic Passkey"
PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR_LABEL="%s added on %s"
-PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the W3C Web Authentication (WebAuthn) standard in compatible browsers. You need to have already set up WebAuthn authentication in your user profile."
-PLG_SYSTEM_WEBAUTHN_LOGIN_LABEL="Web Authentication"
-PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_ADD_LABEL="Add New Authenticator"
+PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the browser passkey standard in compatible browsers. You need to have already set up passkey authentication in your user profile."
+PLG_SYSTEM_WEBAUTHN_LOGIN_LABEL="Sign in with a passkey"
+PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_ADD_LABEL="Add New Passkey"
PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_CANCEL_LABEL="Cancel"
PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_DELETE_LABEL="Remove"
PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_EDIT_LABEL="Edit Name"
PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_SAVE_LABEL="Save"
-PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_DESC="A short name for the authenticator used with this passwordless login method."
-PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Authenticator Name"
+PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_DESC="A short name for the passkey used with this passkeys login method."
+PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Passkey Name"
PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_ACTIONS_LABEL="Actions"
-PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_NOMETHODS_LABEL="No authenticators have been set up yet."
-PLG_SYSTEM_WEBAUTHN_MSG_DELETED="The authenticator has been removed."
+PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_NOMETHODS_LABEL="No passkeys have been set up yet."
+PLG_SYSTEM_WEBAUTHN_MSG_DELETED="The passkey has been removed."
PLG_SYSTEM_WEBAUTHN_MSG_SAVED_LABEL="The label has been saved."
-PLG_SYSTEM_WEBAUTHN_REQUIRES_GMP="Either of the PHP extensions GMP or BCmath must be loaded to add authenticators."
-PLG_SYSTEM_WEBAUTHN_TABLE_CAPTION="WebAuthn Authenticators"
+PLG_SYSTEM_WEBAUTHN_REQUIRES_GMP="Either of the PHP extensions GMP or BCmath must be loaded to add passkeys."
+PLG_SYSTEM_WEBAUTHN_TABLE_CAPTION="Passkeys"
diff --git a/administrator/language/en-GB/plg_system_webauthn.sys.ini b/administrator/language/en-GB/plg_system_webauthn.sys.ini
index 5ed4596fcdfcf..21a49757ded2e 100644
--- a/administrator/language/en-GB/plg_system_webauthn.sys.ini
+++ b/administrator/language/en-GB/plg_system_webauthn.sys.ini
@@ -3,5 +3,5 @@
; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
-PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login"
-PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."
+PLG_SYSTEM_WEBAUTHN="System - Passkey (Passwordless) Login"
+PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using passkeys. Please note that the passkeys tab in the user profile editor and the passkeys login buttons will only be displayed if the user is accessing the site over HTTPS. Registering passkeys and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts."
diff --git a/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg b/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg
new file mode 100644
index 0000000000000..4a8edbfd40987
--- /dev/null
+++ b/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg
@@ -0,0 +1,14 @@
+
diff --git a/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg b/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg
new file mode 100644
index 0000000000000..80d19577c876f
--- /dev/null
+++ b/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg
@@ -0,0 +1 @@
+
diff --git a/build/media_source/plg_system_webauthn/scss/button.scss b/build/media_source/plg_system_webauthn/scss/button.scss
index b2d153b6525d3..26a20f1cd2dd0 100644
--- a/build/media_source/plg_system_webauthn/scss/button.scss
+++ b/build/media_source/plg_system_webauthn/scss/button.scss
@@ -1,6 +1,5 @@
button[class*=plg_system_webauthn_login_button] {
- max-height: 3rem;
- padding: .25rem;
+ padding: .4rem;
span[class*=icon] {
display: inline-block;
diff --git a/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss b/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss
index 5528b46ec864a..0841d8f677b03 100644
--- a/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss
+++ b/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss
@@ -73,10 +73,11 @@
// WebAuthn
.plg_system_webauthn_login_button svg {
- margin-inline-end: 2px;
+ width: 30px;
+ margin: 4px;
}
-.plg_system_webauthn_login_button svg path {
+.plg_system_webauthn_login_button svg path, .plg_system_webauthn_login_button svg circle {
fill: var(--white);
}
diff --git a/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss b/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss
index 73230b650c982..1e901c9909480 100644
--- a/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss
+++ b/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss
@@ -67,9 +67,10 @@
// WebAuthn
.plg_system_webauthn_login_button svg {
- margin-inline-end: 2px;
+ width: 30px;
+ margin: 4px;
}
-.plg_system_webauthn_login_button svg path {
+.plg_system_webauthn_login_button svg path, .plg_system_webauthn_login_button svg circle {
fill: var(--black);
}
diff --git a/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php b/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php
index 91544407601bf..5eef7a60a5232 100644
--- a/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php
+++ b/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php
@@ -95,7 +95,7 @@ public function onUserMultifactorGetMethod(GetMethod $event): void
'name' => $this->mfaMethodName,
'display' => Text::_('PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS'),
'shortinfo' => Text::_('PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO'),
- 'image' => 'media/plg_multifactorauth_webauthn/images/webauthn.svg',
+ 'image' => 'media/plg_multifactorauth_webauthn/images/passkeys.svg',
'allowMultiple' => true,
'allowEntryBatching' => true,
]
diff --git a/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php b/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php
index 95f266c9f0a34..184aa3e76cc54 100644
--- a/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php
+++ b/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php
@@ -76,7 +76,7 @@ public function onUserLoginButtons(Event $event): void
UserHelper::genRandomPassword(12) . '-' . UserHelper::genRandomPassword(8);
// Get local path to image
- $image = HTMLHelper::_('image', 'plg_system_webauthn/webauthn.svg', '', '', true, true);
+ $image = HTMLHelper::_('image', 'plg_system_webauthn/fido-passkey-black.svg', '', '', true, true);
// If you can't find the image then skip it
$image = $image ? JPATH_ROOT . substr($image, \strlen(Uri::root(true))) : '';
```
PR w związku ze zmianą oryginału https://github.com/joomla/joomla-cms/pull/41085 Poniżej zmiany w oryginale:
Click to expand the diff!
```diff diff --git a/administrator/language/en-GB/com_users.ini b/administrator/language/en-GB/com_users.ini index 48d696fe4d9bc..56bcedadc5b63 100644 --- a/administrator/language/en-GB/com_users.ini +++ b/administrator/language/en-GB/com_users.ini @@ -66,7 +66,7 @@ COM_USERS_CONFIG_FRONTEND_SHOW_TITLE_LABEL="Show title in frontend" COM_USERS_CONFIG_IMPORT_FAILED="An error was encountered while importing the configuration: %s." COM_USERS_CONFIG_INTEGRATION_SETTINGS_DESC="These settings determine how the Users Component will integrate with other extensions." COM_USERS_CONFIG_LBL_NOGROUP="( no group )" -COM_USERS_CONFIG_MFAONSILENT_DESC="Should the user have to go through Multi-factor Authentication after a silent user login? Silent logins are those which do not require a username and password e.g. the Remember Me feature, WebAuthn etc." +COM_USERS_CONFIG_MFAONSILENT_DESC="Should the user have to go through Multi-factor Authentication after a silent user login? Silent logins are those which do not require a username and password e.g. the Remember Me feature, passkeys etc." COM_USERS_CONFIG_MFAONSILENT_LABEL="Multi-factor Authentication after silent login" COM_USERS_CONFIG_MULTIFACTORAUTH_SETTINGS_DESC="Configure how Multi-factor Authentication works in Joomla." COM_USERS_CONFIG_MULTIFACTORAUTH_SETTINGS_LABEL="Multi-factor Authentication" @@ -78,7 +78,7 @@ COM_USERS_CONFIG_REDIRECTONLOGIN_LABEL="Onboard new users" COM_USERS_CONFIG_REDIRECTURL_DESC="If it's not empty redirects to this URL instead of the Multi-factor Authentication setup page when the option above is enabled. WARNING: This must be a URL inside your site. You cannot log in to an external link or to a different subdomain." COM_USERS_CONFIG_REDIRECTURL_LABEL="Custom redirection URL" COM_USERS_CONFIG_SAVE_FAILED="An error was encountered while saving the configuration: %s." -COM_USERS_CONFIG_SILENTRESPONSES_DESC="For experts. A comma–separated list of Joomla authentication response types which are considered silent logins. The default iscookie(the Remember Me feature) andpasswordless(WebAuthn)." +COM_USERS_CONFIG_SILENTRESPONSES_DESC="For experts. A comma–separated list of Joomla authentication response types which are considered silent logins. The default iscookie(the Remember Me feature) andpasswordless(passkeys)." COM_USERS_CONFIG_SILENTRESPONSES_LABEL="Silent login authentication response types (for experts)" COM_USERS_CONFIG_USER_OPTIONS="User Options" COM_USERS_CONFIG_MFATRYCOUNT_LABEL="Maximum MFA tries" @@ -360,7 +360,7 @@ COM_USERS_OPTION_SELECT_LEVEL_END="- Select End Level -" COM_USERS_OPTION_SELECT_LEVEL_START="- Select Start Level -" COM_USERS_PASSWORD_RESET_REQUIRED="Password Reset Required" COM_USERS_POSTINSTALL_MULTIFACTORAUTH_ACTION="Enable the new Multi-factor Authentication plugins" -COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY="Joomla! comes with a drastically improved Multi-factor Authentication experience to help you secure the logins of your users.
Unlike the Two Factor Authentication feature in previous versions of Joomla, users no longer have to enter a Security Code with their username and password. The Multi-factor Authentication happens in a separate step after logging into the site. Until they complete their Multi-factor Authentication validation users cannot navigate to other pages or use the site. This makes Multi-factor Authentication phishing–resistant. It also allows for interactive validation methods like WebAuthn (including integration with Windows Hello, Apple TouchID / FaceID and Android Biometric Screen Lock), or sending 6-digit authentication codes by email. Both of these interactive, convenient methods are now available as plugins shipped with Joomla! itself.
" +COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY="Joomla! comes with a drastically improved Multi-factor Authentication experience to help you secure the logins of your users.
Unlike the Two Factor Authentication feature in previous versions of Joomla, users no longer have to enter a Security Code with their username and password. The Multi-factor Authentication happens in a separate step after logging into the site. Until they complete their Multi-factor Authentication validation users cannot navigate to other pages or use the site. This makes Multi-factor Authentication phishing–resistant. It also allows for interactive validation methods like passkeys (including integration with Windows Hello, Apple TouchID / FaceID and Android Biometric Screen Lock), or sending 6-digit authentication codes by email. Both of these interactive, convenient methods are now available as plugins shipped with Joomla! itself.
" COM_USERS_POSTINSTALL_MULTIFACTORAUTH_TITLE="Improved Multi-factor Authentication" COM_USERS_REQUIRE_PASSWORD_RESET="Require Password Reset" COM_USERS_REVIEW_HEADING="Review Date" diff --git a/administrator/language/en-GB/plg_multifactorauth_webauthn.ini b/administrator/language/en-GB/plg_multifactorauth_webauthn.ini index 11adfe91cd382..a3edee65bb718 100644 --- a/administrator/language/en-GB/plg_multifactorauth_webauthn.ini +++ b/administrator/language/en-GB/plg_multifactorauth_webauthn.ini @@ -3,21 +3,21 @@ ; License GNU General Public License version 2 or later; see LICENSE.txt ; Note : All ini files need to be saved as UTF-8 -PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Web Authentication" +PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Passkeys" PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_LOGIN_REQUEST="Invalid authentication request." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_PK="The authenticator registration has failed. The authenticator response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register authenticators on behalf of another user." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your authenticator." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for authenticator registration but somehow received an authenticator registration request from the browser. This means that someone tried to hack you or something is broken." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_BODY="Your browser doesn't support the WebAuthn standard. Not all browsers are compatible with WebAuthn on all devices just yet." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD="Your browser lacks support for WebAuthn" -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_BODY="Please access the site over HTTPS to enable Multi-factor Authentication with WebAuthn." -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_HEAD="WebAuthn is only available on HTTPS" -PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="You have not configured an Authenticator yet or the Authenticator you are trying to use is ineligible." -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_CONFIGURED="You have already configured your Authenticator. Please note that you can only modify its title from this page." -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS="Web Authentication" -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_INSTRUCTIONS="Use the “%s” button on this page to start the Web Authentication process. Then please follow the instructions given to you by your browser to complete Web Authentication with your preferred Authenticator." -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_REGISTERKEY="Register your Authenticator" -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO="Use WebAuthn with any hardware or software security key." -PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_VALIDATEKEY="Validate with your Authenticator" -PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use W3C Web Authentication (Webauthn) as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_PK="The passkey registration has failed. The passkey response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passkeys on behalf of another user." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your passkey." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for passkey registration but somehow received a passkey registration request from the browser. This means that someone tried to hack you or something is broken." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_BODY="Your browser doesn't support the passkey standard. Not all browsers are compatible with passkeys on all devices just yet." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTAVAILABLE_HEAD="Your browser lacks support for passkeys" +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_BODY="Please access the site over HTTPS to enable Multi-factor Authentication with passkeys." +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NOTHTTPS_HEAD="Passkeys is only available on HTTPS" +PLG_MULTIFACTORAUTH_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="You have not configured a passkey yet or the passkey you are trying to use is ineligible." +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_CONFIGURED="You have already configured your passkey. Please note that you can only modify its title from this page." +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS="Passkey" +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_INSTRUCTIONS="Use the “%s” button on this page to start the Web Authentication process. Then please follow the instructions given to you by your browser to complete Web Authentication with your preferred passkey." +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_REGISTERKEY="Register your passkey" +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO="Use browser passkeys with any hardware or software security key." +PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_VALIDATEKEY="Validate with your passkey" +PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use browser passkeys as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)." diff --git a/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini b/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini index 8f6890a389ecb..cd6d1e8f0faa4 100644 --- a/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini +++ b/administrator/language/en-GB/plg_multifactorauth_webauthn.sys.ini @@ -3,5 +3,5 @@ ; License GNU General Public License version 2 or later; see LICENSE.txt ; Note : All ini files need to be saved as UTF-8 -PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Web Authentication" -PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use W3C Web Authentication (Webauthn) as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)." +PLG_MULTIFACTORAUTH_WEBAUTHN="Multi-factor Authentication - Passkeys" +PLG_MULTIFACTORAUTH_WEBAUTHN_XML_DESCRIPTION="Use browser passkeys as a Multi-factor Authentication method. All modern browsers support it. Most browsers offer device-specific authentication protected by a password and/or biometrics (fingerprint sensor, face scan, …)." diff --git a/administrator/language/en-GB/plg_system_webauthn.ini b/administrator/language/en-GB/plg_system_webauthn.ini index 5c7f8465f20c5..5c6c8b77e5c59 100644 --- a/administrator/language/en-GB/plg_system_webauthn.ini +++ b/administrator/language/en-GB/plg_system_webauthn.ini @@ -3,49 +3,49 @@ ; License GNU General Public License version 2 or later; see LICENSE.txt ; Note : All ini files need to be saved as UTF-8 -PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login" -PLG_SYSTEM_WEBAUTHN_CANNOT_ADD_FOR_A_USER="You cannot add or remove authenticators on behalf of users. Users must login, and set up their own devices." -PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts." +PLG_SYSTEM_WEBAUTHN="System - Passkey (Passwordless) Login" +PLG_SYSTEM_WEBAUTHN_CANNOT_ADD_FOR_A_USER="You cannot add or remove passkeys on behalf of users. Users must login, and set up their own devices." +PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using passkeys. Please note that the passkeys tab in the user profile editor and the passkeys login buttons will only be displayed if the user is accessing the site over HTTPS. Registering passkeys and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts." PLG_SYSTEM_WEBAUTHN_ERR_CANNOT_FIND_USERNAME="Cannot find the username field in the login module. Sorry, Passwordless authentication will not work on this site unless you use a different login module." PLG_SYSTEM_WEBAUTHN_ERR_CANT_STORE_FOR_GUEST="Cannot possibly store credentials for Guest user!" -PLG_SYSTEM_WEBAUTHN_ERR_CORRUPT_STORED_CREDENTIAL="The stored credentials are corrupt for your user account. Log in using another method, then remove and add again your login authenticator." +PLG_SYSTEM_WEBAUTHN_ERR_CORRUPT_STORED_CREDENTIAL="The stored credentials are corrupt for your user account. Log in using another method, then remove and add again your passkey." PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_LOGIN_REQUEST="Invalid passwordless login request. Something is broken or this is an attempt to hack the site." -PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_PK="The authenticator registration has failed. The authenticator response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken." -PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passwordless authentication tokens on behalf of another user." -PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your authenticator." -PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for authenticator registration but somehow received an authenticator registration request from the browser. This means that someone tried to hack you or something is broken." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_PK="The passkey registration has failed. The passkey response received from the browser does not match the Public Key issued by the server. This means that someone tried to hack you or something is broken." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_INVALID_USER="For security reasons you are not allowed to register passkeys on behalf of another user." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_ATTESTED_DATA="Something went wrong but no further information about the error is available at this time. Please retry registering your passkey." +PLG_SYSTEM_WEBAUTHN_ERR_CREATE_NO_PK="The server has not issued a Public Key for passkey registration but somehow received a passkey registration request from the browser. This means that someone tried to hack you or something is broken." PLG_SYSTEM_WEBAUTHN_ERR_CREDENTIAL_ID_ALREADY_IN_USE="Cannot save credentials. These credentials are already being used by a different user." -PLG_SYSTEM_WEBAUTHN_ERR_EMPTY_USERNAME="You need to enter your username (but NOT your password) before selecting the Web Authentication login button." +PLG_SYSTEM_WEBAUTHN_ERR_EMPTY_USERNAME="You need to enter your username (but NOT your password) before selecting the passkey login button." PLG_SYSTEM_WEBAUTHN_ERR_INVALID_USERNAME="The specified username does not correspond to a user account that has enabled passwordless login on this site." PLG_SYSTEM_WEBAUTHN_ERR_LABEL_NOT_SAVED="Could not save the new label" -PLG_SYSTEM_WEBAUTHN_ERR_NOT_DELETED="Could not remove the authenticator" +PLG_SYSTEM_WEBAUTHN_ERR_NOT_DELETED="Could not remove the passkey" PLG_SYSTEM_WEBAUTHN_ERR_NOUSER="No user account has been found" -PLG_SYSTEM_WEBAUTHN_ERR_NO_BROWSER_SUPPORT="Sorry, your browser does not support the W3C Web Authentication standard for passwordless logins or your site is not being served over HTTPS with a valid certificate, signed by a Certificate Authority your browser trusts. You will need to log into this site using your username and password." -PLG_SYSTEM_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="Cannot find the stored credentials for your login authenticator." -PLG_SYSTEM_WEBAUTHN_ERR_USER_REMOVED="The user for this authenticator seems to no longer exist on this site." -PLG_SYSTEM_WEBAUTHN_ERR_XHR_INITCREATE="Cannot get the authenticator registration information from your site." -PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_DESC="Only allow authenticators with verifiable cryptographic signatures to be used for WebAuthn logins. Strongly recommended for high security environments. Requires the system temporary directory being writeable by PHP, and the OpenSSL extension. May prevent some cheaper, non-certified authenticators from working at all. Disabling it also prevents Joomla from identifying the make and model of the authenticator you are using (no icon will be displayed next to the Authenticator Name)." +PLG_SYSTEM_WEBAUTHN_ERR_NO_BROWSER_SUPPORT="Sorry, your browser does not support the passkeys standard for passwordless logins or your site is not being served over HTTPS with a valid certificate, signed by a Certificate Authority your browser trusts. You will need to log into this site using your username and password." +PLG_SYSTEM_WEBAUTHN_ERR_NO_STORED_CREDENTIAL="Cannot find the stored credentials for your passkey." +PLG_SYSTEM_WEBAUTHN_ERR_USER_REMOVED="The user for this passkey seems to no longer exist on this site." +PLG_SYSTEM_WEBAUTHN_ERR_XHR_INITCREATE="Cannot get the passkey registration information from your site." +PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_DESC="Only allow passkeys with verifiable cryptographic signatures to be used for passkey logins. Strongly recommended for high security environments. Requires the system temporary directory being writeable by PHP, and the OpenSSL extension. May prevent some cheaper, non-certified passkeys from working at all. Disabling it also prevents Joomla from identifying the make and model of the passkey you are using (no icon will be displayed next to the passkey Name)." PLG_SYSTEM_WEBAUTHN_FIELD_ATTESTATION_SUPPORT_LABEL="Attestation Support" -PLG_SYSTEM_WEBAUTHN_FIELD_DESC="Lets you manage passwordless login methods using the W3C Web Authentication standard. You need a supported browser and authenticator (eg Google Chrome or Firefox with a FIDO2 certified security key).MacOS/iOS/watchOS: Touch/Face ID.
Windows: Hello (Fingerprint / Facial Recognition / PIN).
Android: Biometric screen lock.
You can find more details in the WebAuthn Passwordless Login documentation." -PLG_SYSTEM_WEBAUTHN_FIELD_LABEL="W3C Web Authentication (WebAuthn) Login" -PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d WebAuthn authenticators already set up: %s" -PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_0="No WebAuthn authenticator has been set up yet" -PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_1="One WebAuthn authenticator already set up: %2$s" -PLG_SYSTEM_WEBAUTHN_HEADER="W3C Web Authentication (WebAuthn) Login" -PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR="Generic Authenticator" +PLG_SYSTEM_WEBAUTHN_FIELD_DESC="Lets you manage passwordless login methods using passkeys. You need a supported browser and passkey (eg Google Chrome or Firefox with a FIDO2 certified security key).
MacOS/iOS/watchOS: Touch/Face ID.
Windows: Hello (Fingerprint / Facial Recognition / PIN).
Android: Biometric screen lock.
You can find more details in the Passkey Passwordless Login documentation." +PLG_SYSTEM_WEBAUTHN_FIELD_LABEL="Passkey Login" +PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED="%d passkeys already set up: %s" +PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_0="No passkey has been set up yet" +PLG_SYSTEM_WEBAUTHN_FIELD_N_AUTHENTICATORS_REGISTERED_1="One passkey already set up: %2$s" +PLG_SYSTEM_WEBAUTHN_HEADER="Passkey Login" +PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR="Generic Passkey" PLG_SYSTEM_WEBAUTHN_LBL_DEFAULT_AUTHENTICATOR_LABEL="%s added on %s" -PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the W3C Web Authentication (WebAuthn) standard in compatible browsers. You need to have already set up WebAuthn authentication in your user profile." -PLG_SYSTEM_WEBAUTHN_LOGIN_LABEL="Web Authentication" -PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_ADD_LABEL="Add New Authenticator" +PLG_SYSTEM_WEBAUTHN_LOGIN_DESC="Login without a password using the browser passkey standard in compatible browsers. You need to have already set up passkey authentication in your user profile." +PLG_SYSTEM_WEBAUTHN_LOGIN_LABEL="Sign in with a passkey" +PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_ADD_LABEL="Add New Passkey" PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_CANCEL_LABEL="Cancel" PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_DELETE_LABEL="Remove" PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_EDIT_LABEL="Edit Name" PLG_SYSTEM_WEBAUTHN_MANAGE_BTN_SAVE_LABEL="Save" -PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_DESC="A short name for the authenticator used with this passwordless login method." -PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Authenticator Name" +PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_DESC="A short name for the passkey used with this passkeys login method." +PLG_SYSTEM_WEBAUTHN_MANAGE_FIELD_KEYLABEL_LABEL="Passkey Name" PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_ACTIONS_LABEL="Actions" -PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_NOMETHODS_LABEL="No authenticators have been set up yet." -PLG_SYSTEM_WEBAUTHN_MSG_DELETED="The authenticator has been removed." +PLG_SYSTEM_WEBAUTHN_MANAGE_HEADER_NOMETHODS_LABEL="No passkeys have been set up yet." +PLG_SYSTEM_WEBAUTHN_MSG_DELETED="The passkey has been removed." PLG_SYSTEM_WEBAUTHN_MSG_SAVED_LABEL="The label has been saved." -PLG_SYSTEM_WEBAUTHN_REQUIRES_GMP="Either of the PHP extensions GMP or BCmath must be loaded to add authenticators." -PLG_SYSTEM_WEBAUTHN_TABLE_CAPTION="WebAuthn Authenticators" +PLG_SYSTEM_WEBAUTHN_REQUIRES_GMP="Either of the PHP extensions GMP or BCmath must be loaded to add passkeys." +PLG_SYSTEM_WEBAUTHN_TABLE_CAPTION="Passkeys" diff --git a/administrator/language/en-GB/plg_system_webauthn.sys.ini b/administrator/language/en-GB/plg_system_webauthn.sys.ini index 5ed4596fcdfcf..21a49757ded2e 100644 --- a/administrator/language/en-GB/plg_system_webauthn.sys.ini +++ b/administrator/language/en-GB/plg_system_webauthn.sys.ini @@ -3,5 +3,5 @@ ; License GNU General Public License version 2 or later; see LICENSE.txt ; Note : All ini files need to be saved as UTF-8 -PLG_SYSTEM_WEBAUTHN="System - WebAuthn Passwordless Login" -PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using the W3C Web Authentication (WebAuthn) API. Please note that the WebAuthn tab in the user profile editor and the WebAuthn login buttons will only be displayed if the user is accessing the site over HTTPS. Furthermore, registering WebAuthn authenticators and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts." +PLG_SYSTEM_WEBAUTHN="System - Passkey (Passwordless) Login" +PLG_SYSTEM_WEBAUTHN_DESCRIPTION="Enables passwordless authentication using passkeys. Please note that the passkeys tab in the user profile editor and the passkeys login buttons will only be displayed if the user is accessing the site over HTTPS. Registering passkeys and using them to log into your site will only work when your site is using a valid certificate, signed by a Certificate Authority the user's browser trusts." diff --git a/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg b/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg new file mode 100644 index 0000000000000..4a8edbfd40987 --- /dev/null +++ b/build/media_source/plg_multifactorauth_webauthn/images/passkeys.svg @@ -0,0 +1,14 @@ + diff --git a/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg b/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg new file mode 100644 index 0000000000000..80d19577c876f --- /dev/null +++ b/build/media_source/plg_system_webauthn/images/fido-passkey-black.svg @@ -0,0 +1 @@ + diff --git a/build/media_source/plg_system_webauthn/scss/button.scss b/build/media_source/plg_system_webauthn/scss/button.scss index b2d153b6525d3..26a20f1cd2dd0 100644 --- a/build/media_source/plg_system_webauthn/scss/button.scss +++ b/build/media_source/plg_system_webauthn/scss/button.scss @@ -1,6 +1,5 @@ button[class*=plg_system_webauthn_login_button] { - max-height: 3rem; - padding: .25rem; + padding: .4rem; span[class*=icon] { display: inline-block; diff --git a/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss b/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss index 5528b46ec864a..0841d8f677b03 100644 --- a/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss +++ b/build/media_source/templates/administrator/atum/scss/blocks/_icons.scss @@ -73,10 +73,11 @@ // WebAuthn .plg_system_webauthn_login_button svg { - margin-inline-end: 2px; + width: 30px; + margin: 4px; } -.plg_system_webauthn_login_button svg path { +.plg_system_webauthn_login_button svg path, .plg_system_webauthn_login_button svg circle { fill: var(--white); } diff --git a/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss b/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss index 73230b650c982..1e901c9909480 100644 --- a/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss +++ b/build/media_source/templates/site/cassiopeia/scss/blocks/_icons.scss @@ -67,9 +67,10 @@ // WebAuthn .plg_system_webauthn_login_button svg { - margin-inline-end: 2px; + width: 30px; + margin: 4px; } -.plg_system_webauthn_login_button svg path { +.plg_system_webauthn_login_button svg path, .plg_system_webauthn_login_button svg circle { fill: var(--black); } diff --git a/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php b/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php index 91544407601bf..5eef7a60a5232 100644 --- a/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php +++ b/plugins/multifactorauth/webauthn/src/Extension/Webauthn.php @@ -95,7 +95,7 @@ public function onUserMultifactorGetMethod(GetMethod $event): void 'name' => $this->mfaMethodName, 'display' => Text::_('PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_DISPLAYEDAS'), 'shortinfo' => Text::_('PLG_MULTIFACTORAUTH_WEBAUTHN_LBL_SHORTINFO'), - 'image' => 'media/plg_multifactorauth_webauthn/images/webauthn.svg', + 'image' => 'media/plg_multifactorauth_webauthn/images/passkeys.svg', 'allowMultiple' => true, 'allowEntryBatching' => true, ] diff --git a/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php b/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php index 95f266c9f0a34..184aa3e76cc54 100644 --- a/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php +++ b/plugins/system/webauthn/src/PluginTraits/AdditionalLoginButtons.php @@ -76,7 +76,7 @@ public function onUserLoginButtons(Event $event): void UserHelper::genRandomPassword(12) . '-' . UserHelper::genRandomPassword(8); // Get local path to image - $image = HTMLHelper::_('image', 'plg_system_webauthn/webauthn.svg', '', '', true, true); + $image = HTMLHelper::_('image', 'plg_system_webauthn/fido-passkey-black.svg', '', '', true, true); // If you can't find the image then skip it $image = $image ? JPATH_ROOT . substr($image, \strlen(Uri::root(true))) : ''; ```