fix: backend fixes (#1452)

* fix: email change not possible if init state

* fix: email change not possible if init state

* passwordless

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/command/user_human_webauthn_model.go

@@ -53,11 +53,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanU2FVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanWebAuthNSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@@ -65,11 +65,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanU2FSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanWebAuthNRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@@ -77,11 +77,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.HumanU2FRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.UserRemovedEvent:
 			wm.WriteModel.AppendEvents(e)