teamhanko · FreddyDevelop · Nov 10, 2023 · Nov 8, 2023 · Nov 8, 2023 · Nov 9, 2023
diff --git a/server/api/dto/intern/webauthn_credential.go b/server/api/dto/intern/webauthn_credential.go
@@ -10,7 +10,7 @@ import (
 	"time"
 )
 
-func WebauthnCredentialToModel(credential *webauthn.Credential, userId uuid.UUID, webauthnUserId uuid.UUID, backupEligible bool, backupState bool) *models.WebauthnCredential {
+func WebauthnCredentialToModel(credential *webauthn.Credential, userId string, webauthnUserId uuid.UUID, backupEligible bool, backupState bool) *models.WebauthnCredential {
 	now := time.Now().UTC()
 	aaguid, _ := uuid.FromBytes(credential.Authenticator.AAGUID)
 	credentialID := base64.RawURLEncoding.EncodeToString(credential.ID)

diff --git a/server/api/dto/intern/webauthn_session_data.go b/server/api/dto/intern/webauthn_session_data.go
@@ -7,6 +7,7 @@ import (
 	"github.com/gobuffalo/nulls"
 	"github.com/gofrs/uuid"
 	"github.com/teamhanko/passkey-server/persistence/models"
+	"strings"
 	"time"
 )
 
@@ -20,8 +21,8 @@ func WebauthnSessionDataFromModel(data *models.WebauthnSessionData) *webauthn.Se
 		allowedCredentials = append(allowedCredentials, credentialId)
 	}
 	var userId []byte = nil
-	if !data.UserId.IsNil() {
-		userId = data.UserId.Bytes()
+	if strings.TrimSpace(data.UserId) != "" {
+		userId = []byte(data.UserId)
 	}
 	return &webauthn.SessionData{
 		Challenge:            data.Challenge,
@@ -34,7 +35,6 @@ func WebauthnSessionDataFromModel(data *models.WebauthnSessionData) *webauthn.Se
 
 func WebauthnSessionDataToModel(data *webauthn.SessionData, tenantId uuid.UUID, operation models.Operation) *models.WebauthnSessionData {
 	id, _ := uuid.NewV4()
-	userId, _ := uuid.FromBytes(data.UserID)
 	now := time.Now()
 
 	var allowedCredentials []models.WebauthnSessionDataAllowedCredential
@@ -54,7 +54,7 @@ func WebauthnSessionDataToModel(data *webauthn.SessionData, tenantId uuid.UUID,
 	return &models.WebauthnSessionData{
 		ID:                 id,
 		Challenge:          data.Challenge,
-		UserId:             userId,
+		UserId:             string(data.UserID),
 		UserVerification:   string(data.UserVerification),
 		CreatedAt:          now,
 		UpdatedAt:          now,

diff --git a/server/api/dto/intern/webauthn_user.go b/server/api/dto/intern/webauthn_user.go
@@ -2,12 +2,11 @@ package intern
 
 import (
 	"github.com/go-webauthn/webauthn/webauthn"
-	"github.com/gofrs/uuid"
 	"github.com/teamhanko/passkey-server/persistence/models"
 )
 
 type WebauthnUser struct {
-	UserId              uuid.UUID
+	UserId              string
 	Name                string
 	Icon                string
 	DisplayName         string
@@ -25,7 +24,7 @@ func NewWebauthnUser(user models.WebauthnUser) *WebauthnUser {
 }
 
 func (u *WebauthnUser) WebAuthnID() []byte {
-	return u.UserId.Bytes()
+	return []byte(u.UserId)
 }
 
 func (u *WebauthnUser) WebAuthnName() string {

diff --git a/server/api/dto/request/requests.go b/server/api/dto/request/requests.go
@@ -9,7 +9,7 @@ type TenantDto struct {
 }
 
 type ListCredentialsDto struct {
-	UserId string `query:"user_id" validate:"required,uuid4"`
+	UserId string `query:"user_id" validate:"required"`
 }
 
 type DeleteCredentialsDto struct {
@@ -22,7 +22,7 @@ type UpdateCredentialsDto struct {
 }
 
 type InitRegistrationDto struct {
-	UserId      string  `json:"user_id" validate:"required,uuid4"`
+	UserId      string  `json:"user_id" validate:"required"`
 	Username    string  `json:"username" validate:"required"`
 	DisplayName *string `json:"display_name"`
 	Icon        *string `json:"icon"`

diff --git a/server/api/handler/credentials.go b/server/api/handler/credentials.go
@@ -3,10 +3,10 @@ package handler
 import (
 	"fmt"
 	"github.com/gobuffalo/pop/v6"
-	"github.com/gofrs/uuid"
 	"github.com/labstack/echo/v4"
 	"github.com/teamhanko/passkey-server/api/dto/request"
 	"github.com/teamhanko/passkey-server/api/dto/response"
+	"github.com/teamhanko/passkey-server/api/helper"
 	"github.com/teamhanko/passkey-server/persistence"
 	"github.com/teamhanko/passkey-server/persistence/models"
 	"net/http"
@@ -40,14 +40,14 @@ func (credHandler *credentialsHandler) List(ctx echo.Context) error {
 		return err
 	}
 
-	userId, err := uuid.FromString(requestDto.UserId)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
 	}
 
 	credentialPersister := credHandler.persister.GetWebauthnCredentialPersister(nil)
-	credentialModels, err := credentialPersister.GetFromUser(userId)
+	credentialModels, err := credentialPersister.GetFromUser(requestDto.UserId, h.Tenant.ID)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -83,7 +83,7 @@ func (credHandler *credentialsHandler) Update(ctx echo.Context) error {
 		})
 	}
 
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -98,7 +98,7 @@ func (credHandler *credentialsHandler) Update(ctx echo.Context) error {
 			ctx.Logger().Error(err)
 			return err
 		}
-		err := h.auditLog.CreateWithConnection(tx, ctx, h.tenant, models.AuditLogWebAuthnCredentialUpdated, &credential.UserId, nil)
+		err := h.AuditLog.CreateWithConnection(tx, ctx, h.Tenant, models.AuditLogWebAuthnCredentialUpdated, &credential.UserId, nil)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return err
@@ -121,7 +121,7 @@ func (credHandler *credentialsHandler) Delete(ctx echo.Context) error {
 		return err
 	}
 
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -135,7 +135,7 @@ func (credHandler *credentialsHandler) Delete(ctx echo.Context) error {
 			return err
 		}
 
-		err = h.auditLog.CreateWithConnection(tx, ctx, h.tenant, models.AuditLogWebAuthnCredentialDeleted, nil, nil)
+		err = h.AuditLog.CreateWithConnection(tx, ctx, h.Tenant, models.AuditLogWebAuthnCredentialDeleted, nil, nil)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return err

diff --git a/server/api/handler/login.go b/server/api/handler/login.go
@@ -11,6 +11,7 @@ import (
 	"github.com/labstack/echo/v4"
 	"github.com/teamhanko/passkey-server/api/dto/intern"
 	"github.com/teamhanko/passkey-server/api/dto/response"
+	"github.com/teamhanko/passkey-server/api/helper"
 	"github.com/teamhanko/passkey-server/crypto/jwt"
 	"github.com/teamhanko/passkey-server/persistence"
 	"github.com/teamhanko/passkey-server/persistence/models"
@@ -35,21 +36,21 @@ func NewLoginHandler(persister persistence.Persister) (WebauthnHandler, error) {
 }
 
 func (lh *loginHandler) Init(ctx echo.Context) error {
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
 	}
 
-	options, sessionData, err := h.webauthn.BeginDiscoverableLogin(
-		webauthn.WithUserVerification(h.config.WebauthnConfig.UserVerification),
+	options, sessionData, err := h.Webauthn.BeginDiscoverableLogin(
+		webauthn.WithUserVerification(h.Config.WebauthnConfig.UserVerification),
 	)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return fmt.Errorf("failed to create webauthn assertion options for discoverable login: %w", err)
 	}
 
-	err = lh.persister.GetWebauthnSessionDataPersister(nil).Create(*intern.WebauthnSessionDataToModel(sessionData, h.tenant.ID, models.WebauthnOperationAuthentication))
+	err = lh.persister.GetWebauthnSessionDataPersister(nil).Create(*intern.WebauthnSessionDataToModel(sessionData, h.Tenant.ID, models.WebauthnOperationAuthentication))
 	if err != nil {
 		ctx.Logger().Error(err)
 		return fmt.Errorf("failed to store webauthn assertion session data: %w", err)
@@ -71,7 +72,7 @@ func (lh *loginHandler) Finish(ctx echo.Context) error {
 		return echo.NewHTTPError(http.StatusBadRequest, err)
 	}
 
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -82,20 +83,24 @@ func (lh *loginHandler) Finish(ctx echo.Context) error {
 		webauthnUserPersister := lh.persister.GetWebauthnUserPersister(tx)
 		credentialPersister := lh.persister.GetWebauthnCredentialPersister(tx)
 
-		sessionData, err := lh.getSessionDataByChallenge(parsedRequest.Response.CollectedClientData.Challenge, sessionDataPersister, h.tenant.ID)
+		sessionData, err := lh.getSessionDataByChallenge(parsedRequest.Response.CollectedClientData.Challenge, sessionDataPersister, h.Tenant.ID)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return echo.NewHTTPError(http.StatusUnauthorized, "failed to get session data").SetInternal(err)
 		}
 		sessionDataModel := intern.WebauthnSessionDataFromModel(sessionData)
 
-		webauthnUser, err := lh.getWebauthnUserByUserHandle(parsedRequest.Response.UserHandle, h.tenant.ID, webauthnUserPersister)
+		webauthnUser, err := lh.getWebauthnUserByUserHandle(parsedRequest.Response.UserHandle, h.Tenant.ID, webauthnUserPersister)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return echo.NewHTTPError(http.StatusUnauthorized, "failed to get user handle").SetInternal(err)
 		}
 
-		credential, err := h.webauthn.ValidateDiscoverableLogin(func(rawID, userHandle []byte) (user webauthn.User, err error) {
+		// backward compatibility
+		userId := lh.convertUserHandle(parsedRequest.Response.UserHandle)
+		parsedRequest.Response.UserHandle = []byte(userId)
+
+		credential, err := h.Webauthn.ValidateDiscoverableLogin(func(rawID, userHandle []byte) (user webauthn.User, err error) {
 			return webauthnUser, nil
 		}, *sessionDataModel, parsedRequest)
 
@@ -154,10 +159,7 @@ func (lh *loginHandler) getSessionDataByChallenge(challenge string, persister pe
 }
 
 func (lh *loginHandler) getWebauthnUserByUserHandle(userHandle []byte, tenantId uuid.UUID, persister persisters.WebauthnUserPersister) (*intern.WebauthnUser, error) {
-	userId, err := uuid.FromBytes(userHandle)
-	if err != nil {
-		return nil, echo.NewHTTPError(http.StatusBadRequest, "failed to parse userHandle as uuid").SetInternal(err)
-	}
+	userId := lh.convertUserHandle(userHandle)
 
 	user, err := persister.GetByUserId(userId, tenantId)
 	if err != nil {
@@ -170,3 +172,13 @@ func (lh *loginHandler) getWebauthnUserByUserHandle(userHandle []byte, tenantId
 
 	return intern.NewWebauthnUser(*user), nil
 }
+
+func (lh *loginHandler) convertUserHandle(userHandle []byte) string {
+	userId := string(userHandle)
+	userUuid, err := uuid.FromBytes(userHandle)
+	if err == nil {
+		userId = userUuid.String()
+	}
+
+	return userId
+}
diff --git a/server/api/handler/registration.go b/server/api/handler/registration.go
@@ -11,6 +11,7 @@ import (
 	"github.com/teamhanko/passkey-server/api/dto/intern"
 	"github.com/teamhanko/passkey-server/api/dto/request"
 	"github.com/teamhanko/passkey-server/api/dto/response"
+	"github.com/teamhanko/passkey-server/api/helper"
 	"github.com/teamhanko/passkey-server/crypto/jwt"
 	"github.com/teamhanko/passkey-server/persistence"
 	"github.com/teamhanko/passkey-server/persistence/models"
@@ -46,7 +47,7 @@ func (r *registrationHandler) Init(ctx echo.Context) error {
 		return err
 	}
 
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -56,7 +57,7 @@ func (r *registrationHandler) Init(ctx echo.Context) error {
 		webauthnUserPersister := r.persister.GetWebauthnUserPersister(tx)
 		webauthnSessionPersister := r.persister.GetWebauthnSessionDataPersister(tx)
 
-		webauthnUser.Tenant = h.tenant
+		webauthnUser.Tenant = h.Tenant
 		internalUserDto, _, err := r.GetWebauthnUser(webauthnUser.UserID, webauthnUser.Tenant.ID, webauthnUserPersister)
 		if err != nil {
 			ctx.Logger().Error(err)
@@ -74,24 +75,24 @@ func (r *registrationHandler) Init(ctx echo.Context) error {
 		}
 
 		t := true
-		options, sessionData, err := h.webauthn.BeginRegistration(
+		options, sessionData, err := h.Webauthn.BeginRegistration(
 			internalUserDto,
 			webauthn.WithAuthenticatorSelection(protocol.AuthenticatorSelection{
 				RequireResidentKey: &t,
 				ResidentKey:        protocol.ResidentKeyRequirementRequired,
-				UserVerification:   h.config.WebauthnConfig.UserVerification,
+				UserVerification:   h.Config.WebauthnConfig.UserVerification,
 			}),
 			webauthn.WithConveyancePreference(protocol.PreferNoAttestation),
 			// don't set the excludeCredentials list, so an already registered device can be re-registered
 		)
 
-		err = webauthnSessionPersister.Create(*intern.WebauthnSessionDataToModel(sessionData, h.tenant.ID, models.WebauthnOperationRegistration))
+		err = webauthnSessionPersister.Create(*intern.WebauthnSessionDataToModel(sessionData, h.Tenant.ID, models.WebauthnOperationRegistration))
 		if err != nil {
 			ctx.Logger().Error(err)
 			return fmt.Errorf("failed to create session data: %w", err)
 		}
 
-		err = h.auditLog.CreateWithConnection(tx, ctx, h.tenant, models.AuditLogWebAuthnRegistrationInitSucceeded, &webauthnUser.UserID, nil)
+		err = h.AuditLog.CreateWithConnection(tx, ctx, h.Tenant, models.AuditLogWebAuthnRegistrationInitSucceeded, &webauthnUser.UserID, nil)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return fmt.Errorf("failed to create audit log: %w", err)
@@ -108,7 +109,7 @@ func (r *registrationHandler) Finish(ctx echo.Context) error {
 		return echo.NewHTTPError(http.StatusBadRequest, "unable to parse credential creation response").SetInternal(err)
 	}
 
-	h, err := GetHandlerContext(ctx)
+	h, err := helper.GetHandlerContext(ctx)
 	if err != nil {
 		ctx.Logger().Error(err)
 		return err
@@ -118,13 +119,13 @@ func (r *registrationHandler) Finish(ctx echo.Context) error {
 		sessionDataPersister := r.persister.GetWebauthnSessionDataPersister(tx)
 		webauthnUserPersister := r.persister.GetWebauthnUserPersister(tx)
 
-		sessionData, err := r.getSessionByChallenge(parsedRequest.Response.CollectedClientData.Challenge, h.tenant.ID, sessionDataPersister)
+		sessionData, err := r.getSessionByChallenge(parsedRequest.Response.CollectedClientData.Challenge, h.Tenant.ID, sessionDataPersister)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return err
 		}
 
-		webauthnUser, userModel, err := r.GetWebauthnUser(sessionData.UserId, h.tenant.ID, webauthnUserPersister)
+		webauthnUser, userModel, err := r.GetWebauthnUser(sessionData.UserId, h.Tenant.ID, webauthnUserPersister)
 		if err != nil {
 			ctx.Logger().Error(err)
 			return err
@@ -134,7 +135,7 @@ func (r *registrationHandler) Finish(ctx echo.Context) error {
 			return echo.NewHTTPError(http.StatusNotFound, "user not found")
 		}
 
-		credential, err := h.webauthn.CreateCredential(webauthnUser, *intern.WebauthnSessionDataFromModel(sessionData), parsedRequest)
+		credential, err := h.Webauthn.CreateCredential(webauthnUser, *intern.WebauthnSessionDataFromModel(sessionData), parsedRequest)
 		if err != nil {
 			errorMessage := "failed to validate attestation"
 			errorStatus := http.StatusBadRequest
@@ -193,7 +194,7 @@ func (r *registrationHandler) getSessionByChallenge(challenge string, tenantId u
 	return sessionData, nil
 }
 
-func (r *registrationHandler) GetWebauthnUser(userId uuid.UUID, tenantId uuid.UUID, persister persisters.WebauthnUserPersister) (*intern.WebauthnUser, *models.WebauthnUser, error) {
+func (r *registrationHandler) GetWebauthnUser(userId string, tenantId uuid.UUID, persister persisters.WebauthnUserPersister) (*intern.WebauthnUser, *models.WebauthnUser, error) {
 	user, err := persister.GetByUserId(userId, tenantId)
 	if err != nil {
 		return nil, nil, err