Enhance debug logging and validation for Passkey Registration

Add comprehensive debug statements in the registrieren.vue component to validate the options structure and ensure the challenge format is correct before initiating registration. Update the register-passkey API to log additional request details, including client IP and user-agent analysis, to improve troubleshooting and provide better insights during the registration process.
2026-01-08 12:12:15 +01:00
parent 750c05eac1
commit a763c959ef
2 changed files with 32 additions and 2 deletions
--- a/server/api/auth/register-passkey.post.js
+++ b/server/api/auth/register-passkey.post.js
@@ -7,6 +7,7 @@ import { consumePreRegistration } from '../../utils/webauthn-challenges.js'
 import { toBase64Url } from '../../utils/webauthn-encoding.js'
 import { writeAuditLog } from '../../utils/audit-log.js'
 import { assertPasswordNotPwned } from '../../utils/hibp.js'
+import { getClientIp } from '../../utils/rate-limit.js'

 export default defineEventHandler(async (event) => {
  const requestStart = Date.now()
@@ -14,14 +15,23 @@ export default defineEventHandler(async (event) => {
  const userAgent = getHeader(event, 'user-agent')
  const { origin: webauthnOrigin } = getWebAuthnConfig()
  
-  console.log('[DEBUG] register-passkey request received', {
+  console.log('[DEBUG] ===== register-passkey request received =====')
+  console.log('[DEBUG] Request Details:', {
    origin: requestOrigin,
    webauthnOrigin,
-    userAgent: userAgent?.substring(0, 100),
+    userAgent: userAgent?.substring(0, 150),
    timestamp: new Date().toISOString(),
    method: getMethod(event),
+    ip: getClientIp(event),
    note: 'Dieser Request sollte vom Smartphone kommen, wenn der QR-Code gescannt wurde'
  })
+  console.log('[DEBUG] User-Agent Analysis:', {
+    isMobile: /Mobile|Android|iPhone|iPad/i.test(userAgent || ''),
+    isChrome: /Chrome/i.test(userAgent || ''),
+    isSafari: /Safari/i.test(userAgent || '') && !/Chrome/i.test(userAgent || ''),
+    isFirefox: /Firefox/i.test(userAgent || ''),
+    fullUserAgent: userAgent
+  })

  // CORS-Header für Cross-Device Authentication
  // OPTIONS-Requests werden von .options.js behandelt