Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(WebAuthn): allow multiple credentials per user #29

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat(WebAuthn): allow multiple credentials per user #29

wants to merge 3 commits into from

Conversation

nsatragno
Copy link
Contributor

This change allows users to associate multiple credentials to their
account. When performing assertions, all the credentials are sent on the
allowList. When registering a new credential, existing credentials are
sent on the excludeList.

Updated the example to show all the credentials associated to a user.

This change is not backwards compatible.

Depends on #24

Fixes #12

EternalDeiwos
EternalDeiwos reviewed Jan 27, 2020
View reviewed changes
src/Webauthn.js
return res.status(403).json({
'status': 'failed',
'message': `${usernameField} ${username} already exists`,
let user = await this.store.get(username)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC I think level will throw if something doesn't exist in the DB

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like that's being caught by the adapter

@EternalDeiwos
Copy link
Contributor

I think this is conflicting due to me merging #24; otherwise the way you're storing the many credentials is straight forward and looks good to me.

@nsatragno
feat(WebAuthn): allow multiple credentials per user
98c0782 
This change allows users to associate multiple credentials to their
account. When performing assertions, all the credentials are sent on the
`allowList`. When registering a new credential, existing credentials are
sent on the `excludeList`.

Updated the example to show all the credentials associated to a user.

This change is not backwards compatible.
@codecov
Copy link

codecov bot commented Jan 27, 2020
edited
Loading

Codecov Report

Merging #29 into master will increase coverage by 12.2%.
The diff coverage is 44.82%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #29      +/-   ##
==========================================
+ Coverage   12.66%   24.87%   +12.2%     
==========================================
  Files           5        5              
  Lines         387      386       -1     
==========================================
+ Hits           49       96      +47     
+ Misses        338      290      -48
Impacted Files Coverage Δ
src/Webauthn.js 13.12% <0%> (-0.11%) ⬇️
src/AttestationChallengeBuilder.js 67.53% <100%> (+61.28%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d8d63d2...fdeb3ef. Read the comment docs.

nsatragno
nsatragno commented Jan 27, 2020
View reviewed changes
Copy link
Contributor Author

@nsatragno nsatragno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rebased this patch, PTAL.

@nsatragno nsatragno mentioned this pull request Jan 30, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EternalDeiwos EternalDeiwos Awaiting requested review from EternalDeiwos

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: Allowing more than one authenticator
2 participants
@nsatragno @EternalDeiwos