fix: webauthn settings

ory · Feb 13, 2024 · debd68d · debd68d
1 parent 5b7562f
commit debd68d
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 28 deletions.
diff --git a/contrib/quickstart/kratos/passkey/identity.schema.json b/contrib/quickstart/kratos/passkey/identity.schema.json
@@ -10,7 +10,7 @@
         "email": {
           "type": "string",
           "format": "email",
-          "title": "E-Mail",
+          "title": "Your E-Mail",
           "minLength": 3,
           "ory.sh/kratos": {
             "credentials": {
@@ -23,25 +23,6 @@
               "passkey": {
                 "display_name": true
               }
-            },
-            "verification": {
-              "via": "email"
-            },
-            "recovery": {
-              "via": "email"
-            }
-          }
-        },
-        "name": {
-          "type": "object",
-          "properties": {
-            "first": {
-              "title": "First Name",
-              "type": "string"
-            },
-            "last": {
-              "title": "Last Name",
-              "type": "string"
             }
           }
         }

diff --git a/selfservice/strategy/webauthn/settings.go b/selfservice/strategy/webauthn/settings.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/ory/kratos/text"
+	"github.com/ory/kratos/ui/node"
 	"github.com/ory/kratos/x/webauthnx"
 
 	"github.com/go-webauthn/webauthn/protocol"
@@ -347,11 +348,10 @@ func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity
 			// We only show the option to remove a credential, if it is not the last one when passwordless,
 			// or, if it is for MFA we show it always.
 			cred := &webAuthns.Credentials[k]
-			if cred.IsPasswordless && count < 2 {
+			f.UI.Nodes.Append(webauthnx.NewWebAuthnUnlink(cred, func(a *node.InputAttributes) {
 				// Do not remove this node because it is the last credential the identity can sign in with.
-				continue
-			}
-			f.UI.Nodes.Append(webauthnx.NewWebAuthnUnlink(cred))
+				a.Disabled = cred.IsPasswordless && count < 2
+			}))
 		}
 	}
 

diff --git a/x/webauthnx/nodes.go b/x/webauthnx/nodes.go
@@ -58,10 +58,14 @@ func NewWebAuthnConnectionName() *node.Node {
 		WithMetaLabel(text.NewInfoSelfServiceRegisterWebAuthnDisplayName())
 }
 
-func NewWebAuthnUnlink(c *identity.CredentialWebAuthn) *node.Node {
-	return node.NewInputField(node.WebAuthnRemove, fmt.Sprintf("%x", c.ID), node.WebAuthnGroup,
-		node.InputAttributeTypeSubmit).
-		WithMetaLabel(text.NewInfoSelfServiceRemoveWebAuthn(stringsx.Coalesce(c.DisplayName, "unnamed"), c.AddedAt))
+func NewWebAuthnUnlink(c *identity.CredentialWebAuthn, opts ...node.InputAttributesModifier) *node.Node {
+	return node.NewInputField(
+		node.WebAuthnRemove,
+		fmt.Sprintf("%x", c.ID),
+		node.WebAuthnGroup,
+		node.InputAttributeTypeSubmit,
+		opts...,
+	).WithMetaLabel(text.NewInfoSelfServiceRemoveWebAuthn(stringsx.Coalesce(c.DisplayName, "unnamed"), c.AddedAt))
 }
 
 func NewPasskeyUnlink(c *identity.CredentialWebAuthn, opts ...node.InputAttributesModifier) *node.Node {