Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: migrate signin/webauthn to go and add possibility to login with userHandle #587

Merged
merged 3 commits into from
Nov 25, 2024
Merged

feat: migrate signin/webauthn to go and add possibility to login with userHandle #587

merged 3 commits into from
Nov 25, 2024

Conversation

dbarrosop
Copy link
Member

@dbarrosop dbarrosop commented Nov 25, 2024
edited by github-actions bot
Loading

PR Type

Enhancement, Tests

Description

  • Added new WebAuthn sign-in and verification endpoints.
  • Defined new request and response types for WebAuthn.
  • Implemented handlers for WebAuthn sign-in and verification.
  • Added tests for new WebAuthn handlers.
  • Updated OpenAPI documentation to include new WebAuthn endpoints.

Changes walkthrough 📝

Relevant files
Enhancement
9 files
server.gen.go
Add WebAuthn sign-in and verification endpoints                   

go/api/server.gen.go

  • Added new endpoints for WebAuthn sign-in and verification.
  • Implemented middleware for new WebAuthn endpoints.
  • Registered new WebAuthn routes in the router.
    		•  +207/-64
    types.gen.go
    Define WebAuthn request and response types                             

    go/api/types.gen.go

  • Defined new request and response types for WebAuthn sign-in and
    verification.
  • Added JSON handling for new WebAuthn types.
    		•  +228/-0 
    controller.go
    Extend DBClient interface with GetSecurityKeys method       

    go/controller/controller.go

    • Added GetSecurityKeys method to DBClient interface.
    		 +2/-1     
    post_signin_webauthn.go
    Implement PostSigninWebauthn handler                                         

    go/controller/post_signin_webauthn.go

  • Implemented PostSigninWebauthn handler.
  • Added helper function to convert security keys to WebAuthn
    credentials.
    		•  +89/-0   
    post_signin_webauthn_verify.go
    Implement PostSigninWebauthnVerify handler                             

    go/controller/post_signin_webauthn_verify.go

    • Implemented PostSigninWebauthnVerify handler.
    		 +46/-0   
    post_#_webauthn.go
    Update Post#Webauthn handler to include credentials 

    go/controller/post_#_webauthn.go

  • Updated Post#Webauthn handler to include credentials in
    WebauthnUser.
    		•  +4/-3     
    webauthn.go
    Implement BeginLogin and FinishLogin for WebAuthn               

    go/controller/webauthn.go

  • Implemented BeginLogin and FinishLogin methods for WebAuthn.
  • Updated WebauthnUser to include credentials.
    		•  +85/-4   
    workflows.go
    Add GetUserSecurityKeys workflow method                                   

    go/controller/workflows.go

    • Added GetUserSecurityKeys workflow method.
    		 +18/-0   
    query.sql.go
    Add GetSecurityKeys SQL query and method                                 

    go/sql/query.sql.go

    • Added GetSecurityKeys SQL query and method.
    		 +34/-0   
    Error handling
    1 files
    errors.go
    Add error handling for WebAuthn endpoints                               

    go/controller/errors.go

  • Added new error type ErrSecurityKeyNotFound.
  • Added error response visitors for new WebAuthn endpoints.
    		•  +9/-0     
    Tests
    4 files
    controller.go
    Add mock methods for GetSecurityKeys                                         

    go/controller/mock/controller.go

    • Added mock methods for GetSecurityKeys.
    		 +15/-0   
    post_signin_webauthn_test.go
    Add tests for PostSigninWebauthn handler                                 

    go/controller/post_signin_webauthn_test.go

    • Added tests for PostSigninWebauthn handler.
    		 +387/-0 
    post_signin_webauthn_verify_test.go
    Add tests for PostSigninWebauthnVerify handler                     

    go/controller/post_signin_webauthn_verify_test.go

    • Added tests for PostSigninWebauthnVerify handler.
    		 +310/-0 
    post_#_webauthn_test.go
    Update tests for Post#Webauthn handler                           

    go/controller/post_#_webauthn_test.go

  • Updated tests for Post#Webauthn handler to include credentials.
    		•  +12/-9   
    Documentation
    1 files
    openapi.yaml
    Add OpenAPI definitions for WebAuthn endpoints                     

    go/api/openapi.yaml

  • Added OpenAPI definitions for WebAuthn sign-in and verification
    endpoints.
    		•  +94/-0   

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪
    🧪 PR contains tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Possible Bug
    The function webauthnCredentials does not handle the case where base64.RawURLEncoding.Decode fails. This could lead to incomplete or incorrect credential data being processed.

    Code Smell
    The function PostSigninWebauthn has a switch statement that checks for request.Body.UserHandle and request.Body.Email. Consider refactoring this to make it more readable and maintainable.

    Possible Bug
    The function PostSigninWebauthnVerify does not handle the case where ctrl.Webauthn.FinishLogin returns an error. This could lead to unhandled errors and unexpected behavior.

    Code Smell
    The function FinishLogin has a complex logic for handling userHandle and flags. Consider refactoring this to make it more readable and maintainable.

    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Code Suggestions ✨

    @dbarrosop dbarrosop mentioned this pull request Nov 25, 2024
    Closed
    @dbarrosop dbarrosop mentioned this pull request Nov 25, 2024
    Closed
    @dbarrosop dbarrosop merged commit 664df61 into main Nov 25, 2024
    6 checks passed
    @dbarrosop dbarrosop deleted the phone-optional branch November 25, 2024 14:05
    @github-actions github-actions bot mentioned this pull request Dec 30, 2024
    Merged
    # for free to join this conversation on GitHub. Already have an account? # to comment
    Reviewers

    @onehassan onehassan onehassan approved these changes

    Assignees
    No one assigned
    Labels
    Review effort [1-5]: 4
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @dbarrosop @onehassan