Skip to content

feat(webauthn): allow userName in register handler options #275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

feat(webauthn): allow userName in register handler options #275

wants to merge 5 commits into from

Conversation

@fayazara
Copy link
Contributor

@fayazara fayazara commented Nov 10, 2024

Allow passing userName directly to defineWebAuthnRegisterEventHandler to support linking credentials to existing users without requiring userName in request body.

No breaking change as it maintains backward compatibility while adding new functionality.

How it works?

export default defineWebAuthnRegisterEventHandler({
  userName: '[email protected]',
  async onSuccess(event, { credential }) {
    // your db actions or whatever you'd like to do with the credential
    return credential
  },
})

@pkg-pr-new
Copy link

pkg-pr-new bot commented Nov 10, 2024
edited
Loading

Open in Stackblitz

pnpm add https://pkg.pr.new/atinux/nuxt-auth-utils@275

commit: 93c705c

@fayazara
Copy link
Contributor Author

fayazara commented Nov 10, 2024

@atinux @Gerbuuun I have made a small enhancement to the register event handler, please take a look

Issue ref: #272

@Gerbuuun
Copy link
Contributor

Gerbuuun commented Nov 10, 2024
edited
Loading

Old response I think it is better to just do the check inside the handler already like you did before? That way the dev doesn't need to implement it themselves. (it will add new behaviour..)

Something like this

let user: T;
try {
  // If user is logged in, use the current user's username
  const { user } = await requireUserSession(event);
  user = { userName: user.email };
}
catch {
  // Else do the currently implemented checks
  if (!body.user?.userName)
    throw createError({
      message: 'Invalid request, missing userName or verify property',
      statusCode: 400,
    })

  user = body.user
  if (validateUser) {
    user = await validateUserData(body.user, validateUser)
  }
}

// rest of registration event handler..

Just realized that we don't know what shape user is, so doing it internally might not be the correct solution

@Gerbuuun
Copy link
Contributor

Gerbuuun commented Nov 10, 2024

Other idea:
Make

if (body.verify === undefined || !body.user?.userName)
  throw createError({
    message: 'Invalid request, missing userName or verify property',
    statusCode: 400,
  })

the default validateUser function and don't force any shape to the request body?

@fayazara
Copy link
Contributor Author

fayazara commented Nov 10, 2024

Other idea: Make

if (body.verify === undefined || !body.user?.userName)
  throw createError({
    message: 'Invalid request, missing userName or verify property',
    statusCode: 400,
  })

the default validateUser function and don't force any shape to the request body?

Didn't quite get this, How would a said api method look like?

export default defineWebAuthnRegisterEventHandler({
  async onSuccess(event, { credential }) {
    const { user } = await requireUserSession(event);
    // we have the users email here
    return user;
  },
});

Another ideas was to have a separate method for this called defineWebAuthnConnectEventHandler - but feels unnecessary

@fayazara
Copy link
Contributor Author

fayazara commented Nov 14, 2024

@Gerbuuun Updated this to check if the user is already logged in, this way is a user is already logged in, then we pick the userName from the session

@atinux atinux closed this Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fayazara @Gerbuuun @atinux