fix: pass necessary webauthn data through events (#1541)

2025-08-11 21:17:32 +00:00 · 2021-04-07 12:56:59 +02:00
parent 4d19652cd9
commit f889b85d42
5 changed files with 47 additions and 30 deletions
--- a/internal/command/user_human_webauthn.go
+++ b/internal/command/user_human_webauthn.go
@@ -2,11 +2,13 @@ package command

 import (
 	"context"
+
 	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/eventstore"

 	"github.com/caos/zitadel/internal/domain"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	usr_repo "github.com/caos/zitadel/internal/repository/user"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 )
@@ -45,7 +47,12 @@ func (c *Commands) getHumanU2FLogin(ctx context.Context, userID, authReqID, reso
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5m88U", "Errors.User.NotFound")
 	}
 	return &domain.WebAuthNLogin{
-		Challenge: tokenReadModel.Challenge,
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: tokenReadModel.AggregateID,
+		},
+		Challenge:            tokenReadModel.Challenge,
+		AllowedCredentialIDs: tokenReadModel.AllowedCredentialIDs,
+		UserVerification:     tokenReadModel.UserVerification,
 	}, nil
 }

@@ -259,6 +266,8 @@ func (c *Commands) HumanBeginU2FLogin(ctx context.Context, userID, resourceOwner
 			ctx,
 			userAgg,
 			webAuthNLogin.Challenge,
+			webAuthNLogin.AllowedCredentialIDs,
+			webAuthNLogin.UserVerification,
 			authRequestDomainToAuthRequestInfo(authRequest),
 		),
 	)
@@ -281,6 +290,8 @@ func (c *Commands) HumanBeginPasswordlessLogin(ctx context.Context, userID, reso
 			ctx,
 			userAgg,
 			webAuthNLogin.Challenge,
+			webAuthNLogin.AllowedCredentialIDs,
+			webAuthNLogin.UserVerification,
 			authRequestDomainToAuthRequestInfo(authRequest),
 		),
 	)
--- a/internal/command/user_human_webauthn_model.go
+++ b/internal/command/user_human_webauthn_model.go
@@ -301,9 +301,12 @@ func (wm *HumanPasswordlessTokensReadModel) WebAuthNTokenByID(id string) (idx in
 type HumanU2FLoginReadModel struct {
 	eventstore.WriteModel

-	AuthReqID string
-	Challenge string
-	State     domain.UserState
+	AuthReqID            string
+	Challenge            string
+	AllowedCredentialIDs [][]byte
+	UserVerification     domain.UserVerificationRequirement
+	User
+	State domain.UserState
 }

 func NewHumanU2FLoginReadModel(userID, authReqID, resourceOwner string) *HumanU2FLoginReadModel {
@@ -335,6 +338,8 @@ func (wm *HumanU2FLoginReadModel) Reduce() error {
 		switch e := event.(type) {
 		case *user.HumanU2FBeginLoginEvent:
 			wm.Challenge = e.Challenge
+			wm.AllowedCredentialIDs = e.AllowedCredentialIDs
+			wm.UserVerification = e.UserVerification
 			wm.State = domain.UserStateActive
 		case *user.UserRemovedEvent:
 			wm.State = domain.UserStateDeleted