fix: passwordless (#1116)

* fix passwordless session handling * only check passwordless when enabled in policy * set preferred user name in webauthn * fix tests * add passwordless in setup * fix(console): exclude credentials for passwordless (#1115) * fix: exclude creds * fix i18n type loginpolicy * fix enter on dialog input * remove arg Co-authored-by: Max Peintner <max@caos.ch>
2025-08-12 03:57:32 +00:00 · 2020-12-17 16:22:27 +01:00
parent c5287364a4
commit b183d49761
19 changed files with 194 additions and 40 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/user.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user.go
@@ -303,11 +303,26 @@ func (repo *UserRepo) RemoveMyMFAOTP(ctx context.Context) error {
 }

 func (repo *UserRepo) AddMFAU2F(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
-	return repo.UserEvents.AddU2F(ctx, userID, true)
+	accountName := ""
+	user, err := repo.UserByID(ctx, userID)
+	if err != nil {
+		logging.Log("EVENT-DAqe1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
+	} else {
+		accountName = user.PreferredLoginName
+	}
+	return repo.UserEvents.AddU2F(ctx, userID, accountName, true)
 }

 func (repo *UserRepo) AddMyMFAU2F(ctx context.Context) (*model.WebAuthNToken, error) {
-	return repo.UserEvents.AddU2F(ctx, authz.GetCtxData(ctx).UserID, false)
+	userID := authz.GetCtxData(ctx).UserID
+	accountName := ""
+	user, err := repo.UserByID(ctx, userID)
+	if err != nil {
+		logging.Log("EVENT-Ghwl1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
+	} else {
+		accountName = user.PreferredLoginName
+	}
+	return repo.UserEvents.AddU2F(ctx, userID, accountName, false)
 }

 func (repo *UserRepo) VerifyMFAU2FSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error {
@@ -331,7 +346,14 @@ func (repo *UserRepo) GetPasswordless(ctx context.Context, userID string) ([]*mo
 }

 func (repo *UserRepo) AddPasswordless(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
-	return repo.UserEvents.AddPasswordless(ctx, userID, true)
+	accountName := ""
+	user, err := repo.UserByID(ctx, userID)
+	if err != nil {
+		logging.Log("EVENT-Vj2k1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
+	} else {
+		accountName = user.PreferredLoginName
+	}
+	return repo.UserEvents.AddPasswordless(ctx, userID, accountName, true)
 }

 func (repo *UserRepo) GetMyPasswordless(ctx context.Context) ([]*model.WebAuthNToken, error) {
@@ -339,7 +361,15 @@ func (repo *UserRepo) GetMyPasswordless(ctx context.Context) ([]*model.WebAuthNT
 }

 func (repo *UserRepo) AddMyPasswordless(ctx context.Context) (*model.WebAuthNToken, error) {
-	return repo.UserEvents.AddPasswordless(ctx, authz.GetCtxData(ctx).UserID, false)
+	userID := authz.GetCtxData(ctx).UserID
+	accountName := ""
+	user, err := repo.UserByID(ctx, userID)
+	if err != nil {
+		logging.Log("EVENT-AEq21").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
+	} else {
+		accountName = user.PreferredLoginName
+	}
+	return repo.UserEvents.AddPasswordless(ctx, authz.GetCtxData(ctx).UserID, accountName, false)
 }

 func (repo *UserRepo) VerifyPasswordlessSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error {