Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: WebAuthN Sign In, Sign Up and Options methods support - NEW #952

Merged
merged 26 commits into from
Nov 25, 2024
Merged

feat: WebAuthN Sign In, Sign Up and Options methods support - NEW #952

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
c57b645
add initial passkey types
niftyvictor Oct 10, 2024
56422f3
passkey types cleanup
niftyvictor Oct 11, 2024
f102128
added untested support for options, sign in and sign up methods
niftyvictor Oct 16, 2024
de9fb88
Merge branch 'feat/webauthn/base' into feat/webauthn/basic-methods
niftyvictor Oct 16, 2024
40bd6e9
updated types based on pr changes
niftyvictor Oct 17, 2024
e150fc2
pr changes. removed incorrect errors and added missing ones
niftyvictor Oct 18, 2024
8c8d711
added missing user type
niftyvictor Oct 18, 2024
ced57b1
added webauthn details to user object
niftyvictor Oct 18, 2024
fbbed56
pr fixes. centralized error types and added crud for credentials
niftyvictor Oct 21, 2024
64a4a6b
pr fixes
niftyvictor Oct 21, 2024
3186aa5
pr fixes and added decode method
niftyvictor Oct 21, 2024
3fa31ce
added types implementation and minor fixes
niftyvictor Oct 28, 2024
177b580
pr fixes
niftyvictor Oct 28, 2024
5d1363e
pr fixes and cleanup
niftyvictor Oct 28, 2024
57e210d
pr fixes
niftyvictor Oct 28, 2024
ea42bd1
updated initial recipe implementation
niftyvictor Oct 29, 2024
b8cffc1
fixed implementation
niftyvictor Nov 6, 2024
bf9e00f
added basic build
niftyvictor Nov 8, 2024
b44752f
added basic build exports
niftyvictor Nov 8, 2024
dba5cda
pr fixes
niftyvictor Nov 8, 2024
c84a76a
pr fixes
niftyvictor Nov 8, 2024
3649b45
pr fixes
niftyvictor Nov 12, 2024
3bb7234
pr fixes
niftyvictor Nov 12, 2024
ce371d1
pr fixes
niftyvictor Nov 12, 2024
d356701
added missing default email delivery implementation
niftyvictor Nov 25, 2024
e743046
added basic tests and mock
niftyvictor Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion lib/ts/recipe/webauthn/api/registerOptions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ export default async function registerOptions(

const requestBody = await options.req.getJSONBody();

let email = requestBody.email;
let email = requestBody.email?.trim();
let recoverAccountToken = requestBody.recoverAccountToken;

if (
Expand All @@ -43,6 +43,18 @@ export default async function registerOptions(
});
}

// same as for passwordless lib/ts/recipe/passwordless/api/createCode.ts
if (email !== undefined) {
const validateError = await options.config.validateEmailAddress(email, tenantId);
if (validateError !== undefined) {
send200Response(options.res, {
status: "INVALID_EMAIL_ERROR",
err: validateError,
});
return true;
}
}

let result = await apiImplementation.registerOptionsPOST({
email,
recoverAccountToken,
Expand Down
35 changes: 11 additions & 24 deletions lib/ts/recipe/webauthn/types.ts
View file
Open in desktop
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -98,11 +98,9 @@ export type TypeInputValidateEmailAddress = (
) => Promise<string | undefined> | string | undefined;

// centralize error types in order to prevent missing cascading errors
type RegisterOptionsErrorResponse =
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" };
type RegisterOptionsErrorResponse = { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" };

type SignInOptionsErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" } | { status: "INVALID_EMAIL_ERROR" };
type SignInOptionsErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type SignUpErrorResponse =
| { status: "EMAIL_ALREADY_EXISTS_ERROR" }
Expand All @@ -113,7 +111,7 @@ type SignInErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type VerifyCredentialsErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type GenerateRecoverAccountTokenErrorResponse = { status: "UNKNOWN_USER_ID_ERROR" } | { status: "INVALID_EMAIL_ERROR" };
type GenerateRecoverAccountTokenErrorResponse = { status: "UNKNOWN_USER_ID_ERROR" };

type ConsumeRecoverAccountTokenErrorResponse = { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" };

Expand Down Expand Up @@ -202,7 +200,6 @@ export type RecipeInterface = {
}
// | RegisterOptionsErrorResponse
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" }
>;

signInOptions(input: {
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -298,7 +295,6 @@ export type RecipeInterface = {
| { status: "OK"; token: string }
// | GenerateRecoverAccountTokenErrorResponse
| { status: "UNKNOWN_USER_ID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" }
>;

// make sure the email maps to options email
Expand Down Expand Up @@ -492,12 +488,9 @@ export type RecipeInterface = {
status: "OK";
id: string;
relyingPartyId: string;
relyingPartyName: string;
origin: string;
userName: string;
userDisplayName: string;
email: string;
timeout: string;
attestation: string;
challenge: string;
rishabhpoddar marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did we remove relyingPartyName, userName, userDisplayName and attestation?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the schema and we don't store them in the generated options. userName is the email and i renamed it to be more simple.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So ideally, the output of registerOptions function should be similar to the output of this function. For example, in the registerOptions output, we have:

user: {
                  id: string;
                  name: string; // user email
                  displayName: string; //user email
              };

Now in the output of getGeneratedOptions, it's totally different. So this is strange.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because we only store what is needed to verify the credentials. See the schema here (webauthn_user_generated_options) https://docs.google.com/document/d/1G7tO9_dSNi8wur3ajGg4pq-wiHatKDbHv2sBt-uSbQg/edit?tab=t.0#heading=h.td4zxgo1675k

}
// | GetGeneratedOptionsErrorResponse
Expand All @@ -518,9 +511,9 @@ export type APIOptions = {

type RegisterOptionsPOSTErrorResponse =
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" };
| { status: "INVALID_EMAIL_ERROR"; err: string };

type SignInOptionsPOSTErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" } | { status: "INVALID_EMAIL_ERROR" };
type SignInOptionsPOSTErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type SignUpPOSTErrorResponse =
| {
Expand All @@ -533,13 +526,10 @@ type SignUpPOSTErrorResponse =

type SignInPOSTErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type GenerateRecoverAccountTokenPOSTErrorResponse =
| {
status: "RECOVER_ACCOUNT_NOT_ALLOWED";
reason: string;
}
| { status: "UNKNOWN_USER_ID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" };
type GenerateRecoverAccountTokenPOSTErrorResponse = {
status: "RECOVER_ACCOUNT_NOT_ALLOWED";
reason: string;
};

type RecoverAccountPOSTErrorResponse =
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" }
Expand Down Expand Up @@ -589,7 +579,7 @@ export type APIInterface = {
| GeneralErrorResponse
// | RegisterOptionsPOSTErrorResponse
| { status: "RECOVER_ACCOUNT_TOKEN_INVALID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" }
| { status: "INVALID_EMAIL_ERROR"; err: string }
>);

signInOptionsPOST:
Expand All @@ -610,7 +600,6 @@ export type APIInterface = {
| GeneralErrorResponse
// | SignInOptionsPOSTErrorResponse
| { status: "WRONG_CREDENTIALS_ERROR" }
| { status: "INVALID_EMAIL_ERROR" }
>);

signUpPOST:
Expand Down Expand Up @@ -679,8 +668,6 @@ export type APIInterface = {
status: "RECOVER_ACCOUNT_NOT_ALLOWED";
reason: string;
}
| { status: "UNKNOWN_USER_ID_ERROR" }
| { status: "INVALID_EMAIL_ERROR" }
>);

recoverAccountPOST:
Expand Down
Loading