WebAuthn credentials for alternative authenticatorType e.g. payment, #4…

…, #15, #19
opennetwork · Jun 25, 2023 · 1df5f81 · 1df5f81
1 parent 2f6bae5
commit 1df5f81
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/src/data/user-credential/types.ts b/src/data/user-credential/types.ts
@@ -10,7 +10,7 @@ export interface UserCredentialData extends Expiring, Record<string, unknown> {
   name?: string;
   verifiedAt?: string;
   authenticatorUserId?: string;
-  authenticatorType?: string;
+  authenticatorType?: "credential" | "payment" | string;
   authenticatorTransports?: AuthenticatorTransportFuture[];
 }
 

diff --git a/src/listen/auth/webauthn.ts b/src/listen/auth/webauthn.ts
@@ -30,6 +30,7 @@ import base64 from "@hexagon/base64";
 import fromArrayBuffer = base64.fromArrayBuffer;
 import toArrayBuffer = base64.toArrayBuffer;
 import {getOrigin} from "../config";
+import {v4} from "uuid";
 
 const INVALID_MESSAGE = "Authentication state invalid or expired";
 
@@ -165,16 +166,21 @@ export async function getWebAuthnAuthenticationOptions(body: WebAuthnAuthenticat
     } = process.env;
 
     const { email, authenticatorType, registration, authentication, redirectUrl } = body;
+
+    const existingUser = getMaybeUser();
+    const existingUserCredentials = existingUser ? await listUserCredentials(existingUser?.userId) : undefined;
+
     const externalId = createUserId();
     const reference = await getExternalReference("credential", externalId);
-    const existingUser = getMaybeUser();
 
     if (reference && existingUser && reference.userId !== existingUser.userId) {
         throw new Error("Expected user to be logged in");
     }
 
     const userId: string | undefined = existingUser?.userId || reference?.userId;
-    const credentials = userId ? await listUserCredentials(userId) : []
+    const credentials = userId ? (
+        existingUserCredentials ?? await listUserCredentials(userId)
+    ) : []
 
     const registrationPromise = createRegistration();
     const authenticationPromise = createAuthentication();
@@ -241,7 +247,8 @@ export async function getWebAuthnAuthenticationOptions(body: WebAuthnAuthenticat
             rpName: WEBAUTHN_RP_NAME || hostname,
             rpID: WEBAUTHN_RP_ID || hostname,
             userID: userId,
-            userName: email,
+            userName: email || userId,
+            userDisplayName: email || authenticatorType
         });
 
         const { stateKey: state } = await setAuthenticationState({
@@ -260,10 +267,17 @@ export async function getWebAuthnAuthenticationOptions(body: WebAuthnAuthenticat
 
     function createUserId() {
         const { hostname } = new URL(getOrigin());
-        console.log({ hostname });
         const hash = createHash("sha256");
         hash.update(WEBAUTHN_RP_ID || hostname);
-        hash.update(email);
+        if (existingUser) {
+            hash.update(existingUser.userId);
+            hash.update(authenticatorType);
+        } else if (email) {
+            hash.update(email);
+        } else {
+            hash.update(v4());
+            hash.update(authenticatorType);
+        }
         return hash.digest().toString("hex");
     }
 }