jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rspace-online/backlog/tasks/task-79 - Fix-guardian-invi...

46 lines
2.5 KiB
Markdown
Raw Blame History

---
id: TASK-79
title: Fix guardian invitation acceptance — server-initiated WebAuthn flow
status: Done
assignee: []
created_date: '2026-03-03 00:56'
labels:
- bugfix
- encryptid
- webauthn
dependencies: []
priority: high
---
## Description
<!-- SECTION:DESCRIPTION:BEGIN -->
Guardian invitation acceptance and auth.rspace.online login were broken. The guardian page and main login page used the client-side SDK's `authenticatePasskey()`/`registerPasskey()` which generate their own challenge, then tried to send `result.challenge` and `result.credential` to the server — but `AuthenticationResult` doesn't have those properties (both undefined). The postgres driver threw `UNDEFINED_VALUE` on `getChallenge(undefined)`, resulting in a raw 500 "Internal Server Error" that the client couldn't parse as JSON.
Fixed by replacing with the proper server-initiated flow (matching rstack-identity.ts): `/api/auth/start` → WebAuthn → `/api/auth/complete`, and same for registration. Also fixed Dockerfile.encryptid to include `shared/local-first/` in the build context (needed by login-button.ts importing encryptid-bridge).
<!-- SECTION:DESCRIPTION:END -->
## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 Guardian invitation acceptance completes without JSON parse error
- [ ] #2 auth.rspace.online login/register works with server-initiated WebAuthn
- [ ] #3 Dockerfile.encryptid builds successfully with shared/local-first context
<!-- AC:END -->
## Final Summary
<!-- SECTION:FINAL_SUMMARY:BEGIN -->
Fixed 500 error on guardian invitation acceptance caused by client sending `undefined` challenge/credential to server.
**Root cause:** Guardian page and auth.rspace.online login used client-side SDK functions (`authenticatePasskey()`/`registerPasskey()`) which return `AuthenticationResult` — but code referenced `.challenge` and `.credential` properties that don't exist on that type. Both were `undefined`, causing postgres `UNDEFINED_VALUE` error → 500 plain text → client JSON parse failure.
**Fix:** Replaced with server-initiated WebAuthn flow matching `rstack-identity.ts`:
1. `POST /api/auth/start` → get server challenge
2. `navigator.credentials.get()` with that challenge
3. `POST /api/auth/complete` with `{ challenge, credential: { credentialId } }`
Also fixed `Dockerfile.encryptid` to COPY `shared/local-first/` (needed by `login-button.ts``encryptid-bridge.ts`).
Commits: 88118cd (WebAuthn flow), 4dd212e (Dockerfile fix). Both rspace-online and encryptid containers rebuilt and deployed.
<!-- SECTION:FINAL_SUMMARY:END -->
Reference in New Issue View Git Blame Copy Permalink