torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement Android refresh token handling and session management
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 5m7s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details

Browse Source 
- Added support for generating Android access tokens and managing refresh sessions in the auth endpoints.
- Implemented new tests for login, logout, and refresh functionalities specific to Android clients.
- Enhanced password reset logging with normalization and masking of email addresses.
- Created a new diagnostics endpoint for password reset attempts, including filtering and summarizing logs.
- Introduced a new utility for managing password reset logs with retention policies.
- Added tests for password reset log utilities to ensure proper functionality and privacy compliance.
- Updated WebAuthn configuration tests to validate origin handling for production and allowed origins.
This commit is contained in:
Torsten Schulz (local)
2026-05-27 19:34:32 +02:00
parent 755442fb70
commit 58fd7fa5c6
32 changed files with 1477 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
server/api/auth/passkeys/login.post.js
View File

@@ -65,7 +65,7 @@ export default defineEventHandler(async (event) => {
})
}
const { origin, rpId, requireUV } = getWebAuthnConfig()
const { origins, rpId, requireUV } = getWebAuthnConfig()
const authenticator = {
credentialID: fromBase64Url(passkey.credentialId),
@@ -74,14 +74,20 @@ export default defineEventHandler(async (event) => {
transports: passkey.transports || undefined
}
const verification = await verifyAuthenticationResponse({
response,
expectedChallenge: challenge,
expectedOrigin: origin,
expectedRPID: rpId,
authenticator,
requireUserVerification: requireUV
})
let verification
try {
verification = await verifyAuthenticationResponse({
response,
expectedChallenge: challenge,
expectedOrigin: origins,
expectedRPID: rpId,
authenticator,
requireUserVerification: requireUV
})
} catch {
await writeAuditLog('auth.passkey.login.failed', { ip, userId: user.id, reason: 'verification_error' })
throw createError({ statusCode: 401, statusMessage: 'Passkey-Login fehlgeschlagen' })
}
if (!verification.verified) {
await writeAuditLog('auth.passkey.login.failed', { ip, userId: user.id, reason: 'verification_failed' })
@@ -118,4 +124,3 @@ export default defineEventHandler(async (event) => {
}
})