Enhance passkey registration handling with error checks and CORS support
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Add validation for server response in the registration process, ensuring the presence of necessary options. Implement CORS headers for cross-device authentication and increase the timeout for registration to 5 minutes. Include debug logging for options structure to aid in troubleshooting.
This commit is contained in:
Torsten Schulz (local)
@@ -334,7 +334,19 @@ const handleRegisterWithPasskey = async () => {
|
||||
}
|
||||
})
|
||||
|
||||
if (!pre.success || !pre.options) {
|
||||
throw new Error('Ungültige Antwort vom Server')
|
||||
}
|
||||
|
||||
// Debug: Prüfe Options-Struktur
|
||||
if (!pre.options.challenge) {
|
||||
console.error('Options fehlen challenge:', pre.options)
|
||||
throw new Error('Ungültige WebAuthn-Options vom Server')
|
||||
}
|
||||
|
||||
const mod = await import('@simplewebauthn/browser')
|
||||
// startRegistration erwartet die Options direkt, nicht verschachtelt
|
||||
// @simplewebauthn/browser v13+ erwartet die Options direkt
|
||||
const credential = await mod.startRegistration(pre.options)
|
||||
|
||||
const response = await $fetch('/api/auth/register-passkey', {
|
||||
|
||||
@@ -42,7 +42,9 @@ export default defineEventHandler(async (event) => {
|
||||
authenticatorSelection: {
|
||||
residentKey: 'preferred',
|
||||
userVerification: 'preferred'
|
||||
}
|
||||
},
|
||||
// Timeout erhöhen für Cross-Device (Standard: 60s, hier: 5 Minuten)
|
||||
timeout: 300000
|
||||
})
|
||||
|
||||
setPreRegistration(registrationId, {
|
||||
@@ -55,6 +57,27 @@ export default defineEventHandler(async (event) => {
|
||||
|
||||
await writeAuditLog('auth.passkey.prereg.options', { email })
|
||||
|
||||
// CORS-Header für Cross-Device Authentication
|
||||
const requestOrigin = getHeader(event, 'origin')
|
||||
if (requestOrigin) {
|
||||
setHeader(event, 'Access-Control-Allow-Origin', requestOrigin)
|
||||
setHeader(event, 'Access-Control-Allow-Credentials', 'true')
|
||||
setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
|
||||
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')
|
||||
}
|
||||
|
||||
if (getMethod(event) === 'OPTIONS') {
|
||||
return { success: true }
|
||||
}
|
||||
|
||||
// Debug: Log Options-Struktur
|
||||
console.log('[WebAuthn Pre-Registration Options]', {
|
||||
hasChallenge: !!options.challenge,
|
||||
rpId: options.rp?.id,
|
||||
userId: options.user?.id ? 'present' : 'missing',
|
||||
timeout: options.timeout
|
||||
})
|
||||
|
||||
return { success: true, registrationId, options }
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user