Enhance passkey registration process with detailed debug logging and validation checks
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Add comprehensive debug logging throughout the passkey registration flow, including request handling, option generation, and verification steps. Implement validation for incoming requests and responses to ensure required fields are present, improving error handling and clarity. This update aims to facilitate troubleshooting and enhance the overall robustness of the registration process.
This commit is contained in:
Torsten Schulz (local)
@@ -9,29 +9,61 @@ import { writeAuditLog } from '../../utils/audit-log.js'
|
||||
import { assertPasswordNotPwned } from '../../utils/hibp.js'
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const requestStart = Date.now()
|
||||
const requestOrigin = getHeader(event, 'origin')
|
||||
|
||||
console.log('[DEBUG] register-passkey request received', {
|
||||
origin: requestOrigin,
|
||||
timestamp: new Date().toISOString()
|
||||
})
|
||||
|
||||
const body = await readBody(event)
|
||||
const registrationId = String(body?.registrationId || '')
|
||||
const response = body?.credential
|
||||
const password = body?.password ? String(body.password) : ''
|
||||
|
||||
console.log('[DEBUG] Request body parsed', {
|
||||
hasRegistrationId: !!registrationId,
|
||||
registrationId: registrationId.substring(0, 10) + '...',
|
||||
hasCredential: !!response,
|
||||
credentialId: response?.id,
|
||||
hasPassword: !!password
|
||||
})
|
||||
|
||||
if (!registrationId || !response) {
|
||||
console.error('[DEBUG] Validation failed: missing registrationId or credential')
|
||||
throw createError({ statusCode: 400, statusMessage: 'Ungültige Anfrage' })
|
||||
}
|
||||
|
||||
const pre = consumePreRegistration(registrationId)
|
||||
if (!pre) {
|
||||
console.error('[DEBUG] Pre-registration not found or expired', { registrationId })
|
||||
throw createError({ statusCode: 400, statusMessage: 'Registrierungs-Session abgelaufen. Bitte erneut versuchen.' })
|
||||
}
|
||||
|
||||
const { challenge, userId, name, email, phone } = pre
|
||||
console.log('[DEBUG] Pre-registration found', {
|
||||
userId,
|
||||
email: email.substring(0, 10) + '...',
|
||||
hasChallenge: !!challenge
|
||||
})
|
||||
|
||||
const users = await readUsers()
|
||||
if (users.some(u => String(u.email || '').toLowerCase() === String(email).toLowerCase())) {
|
||||
console.error('[DEBUG] User already exists', { email })
|
||||
throw createError({ statusCode: 409, message: 'Ein Benutzer mit dieser E-Mail-Adresse existiert bereits' })
|
||||
}
|
||||
|
||||
const { origin, rpId, requireUV } = getWebAuthnConfig()
|
||||
console.log('[DEBUG] WebAuthn config for verification', {
|
||||
origin,
|
||||
rpId,
|
||||
requireUV
|
||||
})
|
||||
|
||||
console.log('[DEBUG] Verifying registration response...')
|
||||
const verifyStart = Date.now()
|
||||
|
||||
const verification = await verifyRegistrationResponse({
|
||||
response,
|
||||
expectedChallenge: challenge,
|
||||
@@ -40,8 +72,22 @@ export default defineEventHandler(async (event) => {
|
||||
requireUserVerification: requireUV
|
||||
})
|
||||
|
||||
const verifyDuration = Date.now() - verifyStart
|
||||
const { verified, registrationInfo } = verification
|
||||
|
||||
console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, {
|
||||
verified,
|
||||
hasRegistrationInfo: !!registrationInfo,
|
||||
credentialId: registrationInfo?.credentialID ? 'present' : 'missing',
|
||||
deviceType: registrationInfo?.credentialDeviceType,
|
||||
backedUp: registrationInfo?.credentialBackedUp
|
||||
})
|
||||
|
||||
if (!verified || !registrationInfo) {
|
||||
console.error('[DEBUG] Verification failed', {
|
||||
verified,
|
||||
hasRegistrationInfo: !!registrationInfo
|
||||
})
|
||||
await writeAuditLog('auth.passkey.prereg.failed', { email })
|
||||
throw createError({ statusCode: 400, statusMessage: 'Passkey-Registrierung fehlgeschlagen' })
|
||||
}
|
||||
@@ -98,6 +144,14 @@ export default defineEventHandler(async (event) => {
|
||||
|
||||
users.push(newUser)
|
||||
await writeUsers(users)
|
||||
|
||||
const totalDuration = Date.now() - requestStart
|
||||
console.log(`[DEBUG] User created successfully (total: ${totalDuration}ms)`, {
|
||||
userId: newUser.id,
|
||||
email: newUser.email.substring(0, 10) + '...',
|
||||
hasPasskey: newUser.passkeys?.length > 0,
|
||||
hasPassword: !!newUser.password
|
||||
})
|
||||
|
||||
await writeAuditLog('auth.passkey.prereg.success', { email, userId: newUser.id })
|
||||
|
||||
|
||||
Reference in New Issue
Block a user