diff --git a/_example/storage.go b/_example/storage.go index 670f0ed..b8379ba 100644 --- a/_example/storage.go +++ b/_example/storage.go @@ -7,6 +7,8 @@ import ( "github.com/egregors/passkey" "github.com/go-webauthn/webauthn/webauthn" + + "github.com/mstarongithub/passkey" ) type Storage struct { @@ -53,6 +55,18 @@ func (s *Storage) SaveUser(user passkey.User) { s.users[user.WebAuthnName()] = user } +func (s *Storage) GetUserByWebAuthnId(id []byte) passkey.User { + s.uMu.Lock() + defer s.uMu.Unlock() + + // Storage implementation assumes that username == webauthn Id + if user, ok := s.users[string(id)]; ok { + return user + } else { + return nil + } +} + // -- Session storage methods -- func (s *Storage) GenSessionID() (string, error) { diff --git a/handlers.go b/handlers.go index 4b81c53..f15fadb 100644 --- a/handlers.go +++ b/handlers.go @@ -37,7 +37,11 @@ func (p *Passkey) beginRegistration(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } @@ -70,7 +74,7 @@ func (p *Passkey) finishRegistration(w http.ResponseWriter, r *http.Request) { } // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUser(string(session.UserID)) // Get the user + user := p.userStore.GetUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishRegistration(user, *session, r) if err != nil { @@ -120,7 +124,11 @@ func (p *Passkey) beginLogin(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } @@ -146,7 +154,7 @@ func (p *Passkey) finishLogin(w http.ResponseWriter, r *http.Request) { session, _ := p.sessionStore.GetSession(sid.Value) // FIXME: cover invalid session // TODO: username != user id? need to check - user := p.userStore.GetOrCreateUser(string(session.UserID)) // Get the user + user := p.userStore.GetUserByWebAuthnId(session.UserID) // Get the user credential, err := p.webAuthn.FinishLogin(user, *session, r) if err != nil { @@ -173,7 +181,11 @@ func (p *Passkey) finishLogin(w http.ResponseWriter, r *http.Request) { t, err := p.sessionStore.GenSessionID() if err != nil { p.l.Errorf("can't generate session id: %s", err.Error()) - JSONResponse(w, fmt.Sprintf("can't generate session id: %s", err.Error()), http.StatusInternalServerError) + JSONResponse( + w, + fmt.Sprintf("can't generate session id: %s", err.Error()), + http.StatusInternalServerError, + ) return } diff --git a/ifaces.go b/ifaces.go index debc14e..7800343 100644 --- a/ifaces.go +++ b/ifaces.go @@ -16,6 +16,7 @@ type User interface { type UserStore interface { GetOrCreateUser(userID string) User + GetUserByWebAuthnId(id []byte) User SaveUser(User) }