Enhance debug logging and validation in passkey registration process
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 50s
Add detailed debug logging to track the verification parameters and errors during the passkey registration flow. Implement validation to ensure the expected origin does not include port 3100, improving error handling and providing clear guidance for configuration issues. This update aims to enhance troubleshooting and the overall robustness of the registration process.
This commit is contained in:
Torsten Schulz (local)
@@ -64,6 +64,11 @@ export default defineEventHandler(async (event) => {
|
||||
const decoded = Buffer.from(clientData, 'base64').toString('utf-8')
|
||||
const parsed = JSON.parse(decoded)
|
||||
actualOrigin = parsed.origin
|
||||
console.log('[DEBUG] Parsed clientDataJSON', {
|
||||
origin: parsed.origin,
|
||||
type: parsed.type,
|
||||
challenge: parsed.challenge ? 'present' : 'missing'
|
||||
})
|
||||
} catch (e) {
|
||||
console.warn('[DEBUG] Could not parse clientDataJSON:', e)
|
||||
}
|
||||
@@ -71,42 +76,79 @@ export default defineEventHandler(async (event) => {
|
||||
|
||||
console.log('[DEBUG] WebAuthn config for verification', {
|
||||
expectedOrigin: origin,
|
||||
expectedOriginType: typeof origin,
|
||||
expectedOriginLength: origin?.length,
|
||||
actualOriginFromResponse: actualOrigin,
|
||||
rpId,
|
||||
requireUV,
|
||||
originMatch: origin === actualOrigin
|
||||
originMatch: origin === actualOrigin,
|
||||
webauthnOriginEnv: process.env.WEBAUTHN_ORIGIN,
|
||||
baseUrlEnv: process.env.NUXT_PUBLIC_BASE_URL
|
||||
})
|
||||
|
||||
// WICHTIG: Sicherstellen, dass die Origin KEINEN Port hat
|
||||
if (origin && origin.includes(':3100')) {
|
||||
console.error('[DEBUG] ERROR: expectedOrigin contains port 3100! This will cause verification to fail.')
|
||||
console.error('[DEBUG] Fix: Set WEBAUTHN_ORIGIN=https://harheimertc.tsschulz.de (without port) in .env')
|
||||
throw createError({
|
||||
statusCode: 500,
|
||||
statusMessage: 'WebAuthn-Konfiguration fehlerhaft: Origin enthält Port 3100. Bitte WEBAUTHN_ORIGIN in .env korrigieren.'
|
||||
})
|
||||
}
|
||||
|
||||
console.log('[DEBUG] Verifying registration response...')
|
||||
const verifyStart = Date.now()
|
||||
|
||||
const verification = await verifyRegistrationResponse({
|
||||
response,
|
||||
expectedChallenge: challenge,
|
||||
console.log('[DEBUG] Verification parameters', {
|
||||
expectedOrigin: origin,
|
||||
expectedRPID: rpId,
|
||||
requireUserVerification: requireUV
|
||||
hasChallenge: !!challenge,
|
||||
challengeLength: challenge?.length,
|
||||
hasResponse: !!response,
|
||||
responseId: response?.id
|
||||
})
|
||||
|
||||
const verifyStart = Date.now()
|
||||
|
||||
let verification
|
||||
try {
|
||||
verification = await verifyRegistrationResponse({
|
||||
response,
|
||||
expectedChallenge: challenge,
|
||||
expectedOrigin: origin,
|
||||
expectedRPID: rpId,
|
||||
requireUserVerification: requireUV
|
||||
})
|
||||
} catch (verifyError) {
|
||||
const verifyDuration = Date.now() - verifyStart
|
||||
console.error(`[DEBUG] Verification error (${verifyDuration}ms):`, {
|
||||
error: verifyError,
|
||||
message: verifyError?.message,
|
||||
cause: verifyError?.cause?.message,
|
||||
expectedOrigin: origin,
|
||||
actualOriginFromResponse: actualOrigin,
|
||||
stack: verifyError?.stack
|
||||
})
|
||||
throw verifyError
|
||||
}
|
||||
|
||||
const verifyDuration = Date.now() - verifyStart
|
||||
const { verified, registrationInfo } = verification
|
||||
|
||||
console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, {
|
||||
verified,
|
||||
hasRegistrationInfo: !!registrationInfo,
|
||||
credentialId: registrationInfo?.credentialID ? 'present' : 'missing',
|
||||
deviceType: registrationInfo?.credentialDeviceType,
|
||||
backedUp: registrationInfo?.credentialBackedUp
|
||||
})
|
||||
|
||||
if (!verified || !registrationInfo) {
|
||||
console.error('[DEBUG] Verification failed', {
|
||||
|
||||
console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, {
|
||||
verified,
|
||||
hasRegistrationInfo: !!registrationInfo
|
||||
hasRegistrationInfo: !!registrationInfo,
|
||||
credentialId: registrationInfo?.credentialID ? 'present' : 'missing',
|
||||
deviceType: registrationInfo?.credentialDeviceType,
|
||||
backedUp: registrationInfo?.credentialBackedUp
|
||||
})
|
||||
await writeAuditLog('auth.passkey.prereg.failed', { email })
|
||||
throw createError({ statusCode: 400, statusMessage: 'Passkey-Registrierung fehlgeschlagen' })
|
||||
}
|
||||
|
||||
if (!verified || !registrationInfo) {
|
||||
console.error('[DEBUG] Verification failed', {
|
||||
verified,
|
||||
hasRegistrationInfo: !!registrationInfo
|
||||
})
|
||||
await writeAuditLog('auth.passkey.prereg.failed', { email })
|
||||
throw createError({ statusCode: 400, statusMessage: 'Passkey-Registrierung fehlgeschlagen' })
|
||||
}
|
||||
|
||||
const {
|
||||
credentialID,
|
||||
|
||||
Reference in New Issue
Block a user