mirror of
https://github.com/ysoftdevs/oauth-playground-server.git
synced 2026-03-29 05:22:02 +02:00
for demo purposes, just allow adding credentials to existing users
This commit is contained in:
Dusan Jakub
@@ -59,7 +59,7 @@ public class MyWebAuthnSetup implements WebAuthnUserProvider {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Uni<Void> updateOrStoreWebAuthnCredentials(Authenticator authenticator) {
|
public Uni<Void> updateOrStoreWebAuthnCredentials(Authenticator authenticator) {
|
||||||
WebAuthnCredential credential1 = new WebAuthnCredential(authenticator);
|
WebAuthnCredential credential = new WebAuthnCredential(authenticator);
|
||||||
|
|
||||||
var existingUser = usersRepo.getUser(authenticator.getUserName());
|
var existingUser = usersRepo.getUser(authenticator.getUserName());
|
||||||
var existingCredential = existingUser.stream().flatMap(u -> u.credentials().stream())
|
var existingCredential = existingUser.stream().flatMap(u -> u.credentials().stream())
|
||||||
@@ -67,19 +67,21 @@ public class MyWebAuthnSetup implements WebAuthnUserProvider {
|
|||||||
|
|
||||||
if (existingUser.isPresent() && existingCredential.isPresent()) {
|
if (existingUser.isPresent() && existingCredential.isPresent()) {
|
||||||
// returning user and credential -> update counter
|
// returning user and credential -> update counter
|
||||||
usersRepo.register(existingUser.get().withAddedCredential(existingCredential.get()));
|
usersRepo.register(existingUser.get().withAddedCredential(credential));
|
||||||
return Uni.createFrom().nullItem();
|
return Uni.createFrom().nullItem();
|
||||||
} else if (existingUser.isEmpty()) {
|
} else if (existingUser.isEmpty()) {
|
||||||
// new user -> register
|
// new user -> register
|
||||||
usersRepo.register(new User(authenticator.getUserName(), null, List.of(credential1)));
|
usersRepo.register(new User(authenticator.getUserName(), null, List.of(credential)));
|
||||||
return Uni.createFrom().nullItem();
|
return Uni.createFrom().nullItem();
|
||||||
} else {
|
} else {
|
||||||
if (routingContext.get(AUTHORIZED_USER) != null) {
|
// in production, we should not add a new credentials to an existing user
|
||||||
return Uni.createFrom().nullItem();
|
// unless we have another means of verifying their identity
|
||||||
}
|
// return Uni.createFrom().failure(new Throwable("Duplicate user: " + authenticator.getUserName()));
|
||||||
// returning (or duplicate) user with new credential -> reject,
|
|
||||||
// as we do not provide a means to register additional credentials yet
|
// But, for this demo, this is exactly what we are doing.
|
||||||
return Uni.createFrom().failure(new Throwable("Duplicate user: " + authenticator.getUserName()));
|
// Just let anyone register a credential in anyone's name
|
||||||
|
usersRepo.register(existingUser.get().withAddedCredential(credential));
|
||||||
|
return Uni.createFrom().nullItem();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user