From decf4def95600075faacb7b06c48fcf841bb57f1 Mon Sep 17 00:00:00 2001
From: Max Batischev <mblancer@mail.ru>
Date: Sat, 11 Jan 2025 12:02:46 +0300
Subject: [PATCH] Add Support disableDefaultRegistrationPage to WebAuthnDsl

Closes gh-16395

Signed-off-by: Max Batischev <mblancer@mail.ru>
---
 .../config/annotation/web/WebAuthnDsl.kt      |  3 ++
 .../config/annotation/web/WebAuthnDslTests.kt | 36 +++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
index c8296f367df..f1a9600f000 100644
--- a/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
@@ -24,6 +24,7 @@ import org.springframework.security.config.annotation.web.configurers.WebAuthnCo
  * @property rpName the relying party name
  * @property rpId the relying party id
  * @property the allowed origins
+ * @property disableDefaultRegistrationPage disable default webauthn registration page
  * @since 6.4
  * @author Rob Winch
  * @author Max Batischev
@@ -33,12 +34,14 @@ class WebAuthnDsl {
     var rpName: String? = null
     var rpId: String? = null
     var allowedOrigins: Set<String>? = null
+    var disableDefaultRegistrationPage: Boolean? = false
 
     internal fun get(): (WebAuthnConfigurer<HttpSecurity>) -> Unit {
         return { webAuthn ->
             rpName?.also { webAuthn.rpName(rpName) }
             rpId?.also { webAuthn.rpId(rpId) }
             allowedOrigins?.also { webAuthn.allowedOrigins(allowedOrigins) }
+            disableDefaultRegistrationPage?.also { webAuthn.disableDefaultRegistrationPage(disableDefaultRegistrationPage!!) }
         }
     }
 }
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
index 023314cdc35..8bdee169f8a 100644
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
@@ -74,6 +74,42 @@ class WebAuthnDslTests {
                 }
     }
 
+    @Test
+    fun `webauthn and formLogin configured with disabled default registration page`() {
+        spring.register(FormLoginAndNoDefaultRegistrationPageConfiguration::class.java).autowire()
+
+        this.mockMvc.get("/login/webauthn.js")
+                .andExpect {
+                    MockMvcResultMatchers.status().isOk
+                    header {
+                        string("content-type", "text/javascript;charset=UTF-8")
+                    }
+                    content {
+                        string(Matchers.containsString("async function authenticate("))
+                    }
+                }
+    }
+
+    @Configuration
+    @EnableWebSecurity
+    open class FormLoginAndNoDefaultRegistrationPageConfiguration {
+        @Bean
+        open fun userDetailsService(): UserDetailsService  =
+                InMemoryUserDetailsManager()
+
+
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+            http{
+                formLogin { }
+                webAuthn {
+                    disableDefaultRegistrationPage = true
+                }
+            }
+            return http.build()
+        }
+    }
+
     @Configuration
     @EnableWebSecurity
     open class DefaultWebauthnConfig {