Enhance passkey registration handling with error checks and CORS support
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 49s
Add validation for server response in the registration process, ensuring the presence of necessary options. Implement CORS headers for cross-device authentication and increase the timeout for registration to 5 minutes. Include debug logging for options structure to aid in troubleshooting.
This commit is contained in:
Torsten Schulz (local)
@@ -334,7 +334,19 @@ const handleRegisterWithPasskey = async () => {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
if (!pre.success || !pre.options) {
|
||||||
|
throw new Error('Ungültige Antwort vom Server')
|
||||||
|
}
|
||||||
|
|
||||||
|
// Debug: Prüfe Options-Struktur
|
||||||
|
if (!pre.options.challenge) {
|
||||||
|
console.error('Options fehlen challenge:', pre.options)
|
||||||
|
throw new Error('Ungültige WebAuthn-Options vom Server')
|
||||||
|
}
|
||||||
|
|
||||||
const mod = await import('@simplewebauthn/browser')
|
const mod = await import('@simplewebauthn/browser')
|
||||||
|
// startRegistration erwartet die Options direkt, nicht verschachtelt
|
||||||
|
// @simplewebauthn/browser v13+ erwartet die Options direkt
|
||||||
const credential = await mod.startRegistration(pre.options)
|
const credential = await mod.startRegistration(pre.options)
|
||||||
|
|
||||||
const response = await $fetch('/api/auth/register-passkey', {
|
const response = await $fetch('/api/auth/register-passkey', {
|
||||||
|
|||||||
@@ -42,7 +42,9 @@ export default defineEventHandler(async (event) => {
|
|||||||
authenticatorSelection: {
|
authenticatorSelection: {
|
||||||
residentKey: 'preferred',
|
residentKey: 'preferred',
|
||||||
userVerification: 'preferred'
|
userVerification: 'preferred'
|
||||||
}
|
},
|
||||||
|
// Timeout erhöhen für Cross-Device (Standard: 60s, hier: 5 Minuten)
|
||||||
|
timeout: 300000
|
||||||
})
|
})
|
||||||
|
|
||||||
setPreRegistration(registrationId, {
|
setPreRegistration(registrationId, {
|
||||||
@@ -55,6 +57,27 @@ export default defineEventHandler(async (event) => {
|
|||||||
|
|
||||||
await writeAuditLog('auth.passkey.prereg.options', { email })
|
await writeAuditLog('auth.passkey.prereg.options', { email })
|
||||||
|
|
||||||
|
// CORS-Header für Cross-Device Authentication
|
||||||
|
const requestOrigin = getHeader(event, 'origin')
|
||||||
|
if (requestOrigin) {
|
||||||
|
setHeader(event, 'Access-Control-Allow-Origin', requestOrigin)
|
||||||
|
setHeader(event, 'Access-Control-Allow-Credentials', 'true')
|
||||||
|
setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
|
||||||
|
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')
|
||||||
|
}
|
||||||
|
|
||||||
|
if (getMethod(event) === 'OPTIONS') {
|
||||||
|
return { success: true }
|
||||||
|
}
|
||||||
|
|
||||||
|
// Debug: Log Options-Struktur
|
||||||
|
console.log('[WebAuthn Pre-Registration Options]', {
|
||||||
|
hasChallenge: !!options.challenge,
|
||||||
|
rpId: options.rp?.id,
|
||||||
|
userId: options.user?.id ? 'present' : 'missing',
|
||||||
|
timeout: options.timeout
|
||||||
|
})
|
||||||
|
|
||||||
return { success: true, registrationId, options }
|
return { success: true, registrationId, options }
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user