jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(encryptid): remove all remaining authenticatorAttachment: 'platform' hardcodes 

Three client-side registration flows still had authenticatorAttachment: 'platform'
hardcoded, blocking Samsung Passkey and Linux users:
- lib/rspace-header.ts (main site header registration)
- shared/components/rstack-identity.ts (2 occurrences)

Also added server-side validation for missing userId in register/complete
to return 400 instead of crashing with TypeError.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jeff Emmett 2026-04-08 22:27:16 -04:00
parent b2d443421e
commit a711af055a
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/rspace-header.ts
View File

@ -688,7 +688,6 @@ export function showAuthModal(callbacks?: Partial<AuthModalCallbacks>): void {
{ alg: -257, type: 'public-key' as const },
],
authenticatorSelection: {
authenticatorAttachment: 'platform',
residentKey: 'required',
requireResidentKey: true,
userVerification: 'required',
@ -717,9 +716,9 @@ export function showAuthModal(callbacks?: Partial<AuthModalCallbacks>): void {
username,
}),
});
const data = await completeRes.json();
if (!completeRes.ok || !data.success) {
throw new Error(data.error || 'Registration failed');
const data = await completeRes.json().catch(() => null);
if (!data || !completeRes.ok || !data.success) {
throw new Error(data?.error || 'Registration failed');
}
// 4. Store server-signed token with username

8
shared/components/rstack-identity.ts
View File

@ -934,7 +934,7 @@ export class RStackIdentity extends HTMLElement {
{ alg: -7, type: "public-key" as const },
{ alg: -257, type: "public-key" as const },
],
authenticatorSelection: { authenticatorAttachment: "platform", residentKey: "required", requireResidentKey: true, userVerification: "required" },
authenticatorSelection: { residentKey: "required", requireResidentKey: true, userVerification: "required" },
attestation: "none",
timeout: 60000,
},
@ -958,8 +958,8 @@ export class RStackIdentity extends HTMLElement {
username,
}),
});
const data = await completeRes.json();
if (!completeRes.ok || !data.success) throw new Error(data.error || "Registration failed");
const data = await completeRes.json().catch(() => null);
if (!data || !completeRes.ok || !data.success) throw new Error(data?.error || "Registration failed");
storeSession(data.token, username, data.did || "");
close();
@ -1751,7 +1751,7 @@ export class RStackIdentity extends HTMLElement {
{ alg: -7, type: "public-key" as const },
{ alg: -257, type: "public-key" as const },
],
authenticatorSelection: { authenticatorAttachment: "platform", residentKey: "required", requireResidentKey: true, userVerification: "required" },
authenticatorSelection: { residentKey: "required", requireResidentKey: true, userVerification: "required" },
attestation: "none",
timeout: 60000,
},

4
src/encryptid/server.ts
View File

@ -593,6 +593,10 @@ app.post('/api/register/start', async (c) => {
app.post('/api/register/complete', async (c) => {
const { challenge, credential, userId, username, email, clientDid, eoaAddress } = await c.req.json();
if (!userId || !credential || !username) {
return c.json({ error: 'Missing required fields: userId, credential, username' }, 400);
}
// Verify challenge
const challengeRecord = await getChallenge(challenge);
if (!challengeRecord || challengeRecord.type !== 'registration') {