From 0f9aa93a39a520a9a43cae4eb995c2f2327c16b4 Mon Sep 17 00:00:00 2001 From: Fayaz Date: Sun, 10 Nov 2024 10:52:37 +0530 Subject: [PATCH 1/5] feat(webauthn): allow userName in register handler options --- src/runtime/server/lib/webauthn/register.ts | 26 +++++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/runtime/server/lib/webauthn/register.ts b/src/runtime/server/lib/webauthn/register.ts index 4f5807f..ffe177e 100644 --- a/src/runtime/server/lib/webauthn/register.ts +++ b/src/runtime/server/lib/webauthn/register.ts @@ -9,6 +9,11 @@ import { useRuntimeConfig } from '#imports' import type { WebAuthnUser, WebAuthnRegisterEventHandlerOptions } from '#auth-utils' import type { RegistrationBody } from '~/src/runtime/types/webauthn' +export interface WebAuthnRegisterOptions { + userName?: string + displayName?: string +} + export function defineWebAuthnRegisterEventHandler({ storeChallenge, getChallenge, @@ -17,19 +22,30 @@ export function defineWebAuthnRegisterEventHandler({ excludeCredentials, onSuccess, onError, -}: WebAuthnRegisterEventHandlerOptions) { + userName, + displayName, +}: WebAuthnRegisterEventHandlerOptions & WebAuthnRegisterOptions) { return eventHandler(async (event) => { const url = getRequestURL(event) const body = await readBody>(event) - if (body.verify === undefined || !body.user?.userName) + + // Check if userName is provided in options or request body + const finalUserName = userName || body.user?.userName + if (!finalUserName) { throw createError({ - message: 'Invalid request, missing userName or verify property', + message: 'userName is required either in options or request body', statusCode: 400, }) + } - let user = body.user - if (validateUser) { + let user: T + if (body.user && validateUser) { user = await validateUserData(body.user, validateUser) + } else { + user = { + userName: finalUserName, + displayName: displayName || finalUserName, + } as T } const _config = defu(await getOptions?.(event, body) ?? {}, useRuntimeConfig(event).webauthn.register, { From d249754a4012403e3dbe0154d7c5f7efc4ee85e0 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Sun, 10 Nov 2024 05:27:19 +0000 Subject: [PATCH 2/5] [autofix.ci] apply automated fixes --- src/runtime/server/lib/webauthn/register.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/runtime/server/lib/webauthn/register.ts b/src/runtime/server/lib/webauthn/register.ts index ffe177e..00e01b0 100644 --- a/src/runtime/server/lib/webauthn/register.ts +++ b/src/runtime/server/lib/webauthn/register.ts @@ -41,7 +41,8 @@ export function defineWebAuthnRegisterEventHandler({ let user: T if (body.user && validateUser) { user = await validateUserData(body.user, validateUser) - } else { + } + else { user = { userName: finalUserName, displayName: displayName || finalUserName, From 62b4523ebff2244f8c55b9998d522333936d71b0 Mon Sep 17 00:00:00 2001 From: Fayaz Date: Thu, 14 Nov 2024 19:09:54 +0530 Subject: [PATCH 3/5] chore: Check if user is already available and if an email is available --- src/runtime/server/lib/webauthn/register.ts | 38 ++++++++------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/src/runtime/server/lib/webauthn/register.ts b/src/runtime/server/lib/webauthn/register.ts index 00e01b0..ba80501 100644 --- a/src/runtime/server/lib/webauthn/register.ts +++ b/src/runtime/server/lib/webauthn/register.ts @@ -5,15 +5,11 @@ import { generateRegistrationOptions, verifyRegistrationResponse } from '@simple import defu from 'defu' import { bufferToBase64URLString } from '@simplewebauthn/browser' import { getRandomValues } from 'uncrypto' -import { useRuntimeConfig } from '#imports' +import { useUserSession, useRuntimeConfig } from '#imports' + import type { WebAuthnUser, WebAuthnRegisterEventHandlerOptions } from '#auth-utils' import type { RegistrationBody } from '~/src/runtime/types/webauthn' -export interface WebAuthnRegisterOptions { - userName?: string - displayName?: string -} - export function defineWebAuthnRegisterEventHandler({ storeChallenge, getChallenge, @@ -22,31 +18,27 @@ export function defineWebAuthnRegisterEventHandler({ excludeCredentials, onSuccess, onError, - userName, - displayName, -}: WebAuthnRegisterEventHandlerOptions & WebAuthnRegisterOptions) { +}: WebAuthnRegisterEventHandlerOptions) { return eventHandler(async (event) => { + const { user: sessionUser } = useUserSession() const url = getRequestURL(event) const body = await readBody>(event) - // Check if userName is provided in options or request body - const finalUserName = userName || body.user?.userName - if (!finalUserName) { + // Check for existing session user's email or body user's userName + if (!sessionUser?.email && (body.verify === undefined || !body.user?.userName)) { throw createError({ - message: 'userName is required either in options or request body', + message: 'No authenticated user found and missing userName in request', statusCode: 400, }) } - let user: T - if (body.user && validateUser) { - user = await validateUserData(body.user, validateUser) - } - else { - user = { - userName: finalUserName, - displayName: displayName || finalUserName, - } as T + // Use session user's email as userName if available, otherwise use body user + let user = sessionUser?.email + ? { ...body.user, userName: sessionUser.email } + : body.user + + if (validateUser) { + user = await validateUserData(user, validateUser) } const _config = defu(await getOptions?.(event, body) ?? {}, useRuntimeConfig(event).webauthn.register, { @@ -159,4 +151,4 @@ function createUserValidationError(validateError?: any) { message: 'User Validation Error', data: validateError, }) -} +} \ No newline at end of file From 40177e63b22a90bd79c3874a511623f17627500a Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:41:05 +0000 Subject: [PATCH 4/5] [autofix.ci] apply automated fixes --- src/runtime/server/lib/webauthn/register.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/server/lib/webauthn/register.ts b/src/runtime/server/lib/webauthn/register.ts index ba80501..6392384 100644 --- a/src/runtime/server/lib/webauthn/register.ts +++ b/src/runtime/server/lib/webauthn/register.ts @@ -151,4 +151,4 @@ function createUserValidationError(validateError?: any) { message: 'User Validation Error', data: validateError, }) -} \ No newline at end of file +} From 93c705c1fed34c0494269acc3268a1af660b348d Mon Sep 17 00:00:00 2001 From: Fayaz Date: Thu, 14 Nov 2024 20:48:38 +0530 Subject: [PATCH 5/5] fix: no useUserSession returned from #imports, use the right import --- src/runtime/server/lib/webauthn/register.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/runtime/server/lib/webauthn/register.ts b/src/runtime/server/lib/webauthn/register.ts index 6392384..1900027 100644 --- a/src/runtime/server/lib/webauthn/register.ts +++ b/src/runtime/server/lib/webauthn/register.ts @@ -5,7 +5,7 @@ import { generateRegistrationOptions, verifyRegistrationResponse } from '@simple import defu from 'defu' import { bufferToBase64URLString } from '@simplewebauthn/browser' import { getRandomValues } from 'uncrypto' -import { useUserSession, useRuntimeConfig } from '#imports' +import { getUserSession, useRuntimeConfig } from '#imports' import type { WebAuthnUser, WebAuthnRegisterEventHandlerOptions } from '#auth-utils' import type { RegistrationBody } from '~/src/runtime/types/webauthn' @@ -20,7 +20,7 @@ export function defineWebAuthnRegisterEventHandler({ onError, }: WebAuthnRegisterEventHandlerOptions) { return eventHandler(async (event) => { - const { user: sessionUser } = useUserSession() + const { user: sessionUser } = await getUserSession(event) const url = getRequestURL(event) const body = await readBody>(event)