fix(encryptid): remove all remaining authenticatorAttachment: 'platform' hardcodes

Three client-side registration flows still had authenticatorAttachment: 'platform' hardcoded, blocking Samsung Passkey and Linux users: - lib/rspace-header.ts (main site header registration) - shared/components/rstack-identity.ts (2 occurrences) Also added server-side validation for missing userId in register/complete to return 400 instead of crashing with TypeError. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 22:27:16 -04:00 · 2026-04-08 22:27:16 -04:00 · a711af055a
parent b2d443421e
commit a711af055a
3 changed files with 11 additions and 8 deletions
--- a/lib/rspace-header.ts
+++ b/lib/rspace-header.ts
@ -688,7 +688,6 @@ export function showAuthModal(callbacks?: Partial<AuthModalCallbacks>): void {
            { alg: -257, type: 'public-key' as const },
          ],
          authenticatorSelection: {
            authenticatorAttachment: 'platform',
            residentKey: 'required',
            requireResidentKey: true,
            userVerification: 'required',
@ -717,9 +716,9 @@ export function showAuthModal(callbacks?: Partial<AuthModalCallbacks>): void {
          username,
        }),
      });
-      const data = await completeRes.json();
+      const data = await completeRes.json().catch(() => null);
-      if (!completeRes.ok || !data.success) {
+      if (!data || !completeRes.ok || !data.success) {
-        throw new Error(data.error || 'Registration failed');
+        throw new Error(data?.error || 'Registration failed');
      }
      // 4. Store server-signed token with username
--- a/shared/components/rstack-identity.ts
+++ b/shared/components/rstack-identity.ts
@ -934,7 +934,7 @@ export class RStackIdentity extends HTMLElement {
 							{ alg: -7, type: "public-key" as const },
 							{ alg: -257, type: "public-key" as const },
 						],
-						authenticatorSelection: { authenticatorAttachment: "platform", residentKey: "required", requireResidentKey: true, userVerification: "required" },
+						authenticatorSelection: { residentKey: "required", requireResidentKey: true, userVerification: "required" },
 						attestation: "none",
 						timeout: 60000,
 					},
@ -958,8 +958,8 @@ export class RStackIdentity extends HTMLElement {
 						username,
 					}),
 				});
-				const data = await completeRes.json();
+				const data = await completeRes.json().catch(() => null);
-				if (!completeRes.ok || !data.success) throw new Error(data.error || "Registration failed");
+				if (!data || !completeRes.ok || !data.success) throw new Error(data?.error || "Registration failed");
 				storeSession(data.token, username, data.did || "");
 				close();
@ -1751,7 +1751,7 @@ export class RStackIdentity extends HTMLElement {
 								{ alg: -7, type: "public-key" as const },
 								{ alg: -257, type: "public-key" as const },
 							],
-							authenticatorSelection: { authenticatorAttachment: "platform", residentKey: "required", requireResidentKey: true, userVerification: "required" },
+							authenticatorSelection: { residentKey: "required", requireResidentKey: true, userVerification: "required" },
 							attestation: "none",
 							timeout: 60000,
 						},
--- a/src/encryptid/server.ts
+++ b/src/encryptid/server.ts
@ -593,6 +593,10 @@ app.post('/api/register/start', async (c) => {
 app.post('/api/register/complete', async (c) => {
  const { challenge, credential, userId, username, email, clientDid, eoaAddress } = await c.req.json();
  if (!userId || !credential || !username) {
    return c.json({ error: 'Missing required fields: userId, credential, username' }, 400);
  }
  // Verify challenge
  const challengeRecord = await getChallenge(challenge);
  if (!challengeRecord || challengeRecord.type !== 'registration') {