Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(webauthn): allow userName in register handler options #275

Closed
wants to merge 5 commits into from
Closed

feat(webauthn): allow userName in register handler options #275

wants to merge 5 commits into from

Conversation

fayazara
Copy link
Contributor

Allow passing userName directly to defineWebAuthnRegisterEventHandler to support linking credentials to existing users without requiring userName in request body.

No breaking change as it maintains backward compatibility while adding new functionality.

How it works?

export default defineWebAuthnRegisterEventHandler({
  userName: '[email protected]',
  async onSuccess(event, { credential }) {
    // your db actions or whatever you'd like to do with the credential
    return credential
  },
})

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Nov 10, 2024
edited
Loading

Open in Stackblitz

pnpm add https://pkg.pr.new/atinux/nuxt-auth-utils@275

commit: 93c705c

@fayazara
Copy link
Contributor Author

@atinux @Gerbuuun I have made a small enhancement to the register event handler, please take a look

Issue ref: #272

@Gerbuuun
Copy link
Contributor

Gerbuuun commented Nov 10, 2024
edited
Loading

Old response I think it is better to just do the check inside the handler already like you did before? That way the dev doesn't need to implement it themselves. (it will add new behaviour..)

Something like this

let user: T;
try {
  // If user is logged in, use the current user's username
  const { user } = await requireUserSession(event);
  user = { userName: user.email };
}
catch {
  // Else do the currently implemented checks
  if (!body.user?.userName)
    throw createError({
      message: 'Invalid request, missing userName or verify property',
      statusCode: 400,
    })

  user = body.user
  if (validateUser) {
    user = await validateUserData(body.user, validateUser)
  }
}

// rest of registration event handler..

Just realized that we don't know what shape user is, so doing it internally might not be the correct solution

@Gerbuuun
Copy link
Contributor

Other idea:
Make

if (body.verify === undefined || !body.user?.userName)
  throw createError({
    message: 'Invalid request, missing userName or verify property',
    statusCode: 400,
  })

the default validateUser function and don't force any shape to the request body?

@fayazara
Copy link
Contributor Author

Other idea: Make

if (body.verify === undefined || !body.user?.userName)
  throw createError({
    message: 'Invalid request, missing userName or verify property',
    statusCode: 400,
  })

the default validateUser function and don't force any shape to the request body?

Didn't quite get this, How would a said api method look like?

export default defineWebAuthnRegisterEventHandler({
  async onSuccess(event, { credential }) {
    const { user } = await requireUserSession(event);
    // we have the users email here
    return user;
  },
});

Another ideas was to have a separate method for this called defineWebAuthnConnectEventHandler - but feels unnecessary

@fayazara
Copy link
Contributor Author

@Gerbuuun Updated this to check if the user is already logged in, this way is a user is already logged in, then we pick the userName from the session

@atinux atinux closed this Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fayazara @Gerbuuun @atinux