Add WebAuthn error

packages/api/src/errors.ts

@@ -79,6 +79,8 @@ export const UserWebAuthnCredentialsNotFoundError = createError(
   'User WebAuth Credentials not found',
 );
 
+export const WebAuthnDisabledError = createError('WebAuthnDisabledError', 'WebAuthn disabled');
+
 export const UserWeb3AddressNotFoundError = createError(
   'UserWeb3AddressNotFoundError',
   'Web3 Account not found for User',

packages/api/src/resolvers/mutations/accounts/addWebAuthnCredentials.ts

@@ -1,5 +1,6 @@
 import { log } from '@unchainedshop/logger';
 import { Context } from '../../../context.js';
+import { WebAuthnDisabledError } from '../../../errors.js';
 
 export default async function addWebAuthnCredentials(
   root: never,
@@ -15,6 +16,8 @@ export default async function addWebAuthnCredentials(
     credentials,
   );
 
+  if (!webAuthnService) throw new WebAuthnDisabledError();
+
   return modules.users.updateUser(
     { _id: userId },
     {

packages/api/src/resolvers/mutations/accounts/createWebAuthnCredentialRequestOptions.ts

@@ -16,7 +16,7 @@ export default async function createWebAuthnCredentialRequestOptions(
     extensionOptions,
   );
 
-  if (username) {
+  if (username && options) {
     const user = await modules.users.findUserByUsername(username);
     options.allowCredentials = user?.services?.webAuthn?.map(({ id, type }) => ({
       id,

packages/api/src/resolvers/mutations/accounts/loginWithWebAuthn.ts

@@ -1,5 +1,6 @@
 import { log } from '@unchainedshop/logger';
 import { Context } from '../../../context.js';
+import { WebAuthnDisabledError } from '../../../errors.js';
 
 export default async function loginWithWebAuthn(
   root: never,
@@ -16,12 +17,14 @@ export default async function loginWithWebAuthn(
   let user = await context.modules.users.findUserByUsername(username);
   if (!user) throw new Error('User not found');
 
-  await context.modules.users.webAuthn.verifyCredentialRequest(
+  const verification = await context.modules.users.webAuthn.verifyCredentialRequest(
     user.services?.webAuthn,
     user.username,
     params.webAuthnPublicKeyCredentials,
   );
 
+  if (!verification) throw new WebAuthnDisabledError();
+
   user = await context.modules.users.updateHeartbeat(user._id, {
     remoteAddress: context.remoteAddress,
     remotePort: context.remotePort,

packages/api/src/schema/mutation.ts

@@ -75,7 +75,7 @@ export default [
       """
       Create WebAuthn PublicKeyCredentialCreationOptions to use for Registering a new WebAuthn Device
       """
-      createWebAuthnCredentialCreationOptions(username: String!, extensionOptions: JSON): JSON!
+      createWebAuthnCredentialCreationOptions(username: String!, extensionOptions: JSON): JSON
 
       """
       Register WebAuthn Credentials for current user
@@ -90,7 +90,7 @@ export default [
       """
       Create WebAuthn PublicKeyCredentialRequestrOptions to use for WebAuthn Login Flow
       """
-      createWebAuthnCredentialRequestOptions(username: String, extensionOptions: JSON): JSON!
+      createWebAuthnCredentialRequestOptions(username: String, extensionOptions: JSON): JSON
 
       """
       Creates an alternative cart. If you use this feature, you should use explicit orderId's when using the

packages/core-users/src/module/configureUsersWebAuthnModule.ts

@@ -1,6 +1,7 @@
 import { ModuleInput } from '@unchainedshop/mongodb';
 import { createLogger } from '@unchainedshop/logger';
 import { WebAuthnCredentialsCreationRequestsCollection } from '../db/WebAuthnCredentialsCreationRequestsCollection.js';
+
 import type { PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions } from 'fido2-lib';
 export interface UsersWebAuthnModule {
   findMDSMetadataForAAGUID: (aaguid: string) => Promise<any>;
@@ -97,6 +98,8 @@ export const configureUsersWebAuthnModule = async ({
     },
 
     createCredentialCreationOptions: async (origin, username, extensionOptions) => {
+      if (!f2l) return null;
+
       const registrationOptions = await f2l.attestationOptions(extensionOptions);
       const challenge = Buffer.from(registrationOptions.challenge).toString('base64');
       const { insertedId } = await WebAuthnCredentialsCreationRequests.insertOne({
@@ -115,6 +118,8 @@ export const configureUsersWebAuthnModule = async ({
     },
 
     createCredentialRequestOptions: async (origin, username, extensionOptions) => {
+      if (!f2l) return null;
+
       const loginOptions = await f2l.assertionOptions(extensionOptions);
       const challenge = Buffer.from(loginOptions.challenge).toString('base64');
       const { insertedId } = await WebAuthnCredentialsCreationRequests.insertOne({
@@ -133,6 +138,8 @@ export const configureUsersWebAuthnModule = async ({
     },
 
     verifyCredentialCreation: async (username, credentials) => {
+      if (!f2l) return null;
+
       const request = await WebAuthnCredentialsCreationRequests.findOne(
         {
           username,
@@ -180,6 +187,8 @@ export const configureUsersWebAuthnModule = async ({
     },
 
     verifyCredentialRequest: async (userPublicKeys, username, credentials) => {
+      if (!f2l) return null;
+
       const request = await WebAuthnCredentialsCreationRequests.findOne(
         {
           _id: credentials.requestId,
@@ -198,7 +207,7 @@ export const configureUsersWebAuthnModule = async ({
           return credentials.id === publicCredentials.id;
         }) || {};
 
-      if (!publicKey) throw new Error('WebAuthn not setup');
+      if (!publicKey) return null;
 
       const assertionExpectations = {
         challenge: request.challenge,