Better handle registration/authentication errors

cedarcode / webauthn-rails-demo-app

Rails app demonstrating a WebAuthn password-less login

https://webauthn.cedarcode.com

Apache License 2.0

101 stars 41 forks source link

Better handle registration/authentication errors #57

Closed grzuy closed 5 years ago

grzuy commented 5 years ago

Handle gracefully exception and error conditions in registration/authentication flow and inform the user with clear message so that it can take action to recover from the error and proceed successfully.

Scenarios:

[x] Registration―Username is taken
[x] Registration―Missing credential nickname
[ ] ~Registration―Invalid WebAuthn attestation~ (Moved to #62)
[x] Sign in―Username is not registered
[ ] ~Sign in―Invalid WebAuthn assertion~ (Moved to #62)

sandergroen commented 5 years ago

@grzuy I addition to the list above. In the current registration flow a user is persisted in the create method of the registrations controller. Is it not a good idea to persist the user when the registration succeeds? The challenge could be stored in a session.

grzuy commented 5 years ago

@grzuy I addition to the list above. In the current registration flow a user is persisted in the create method of the registrations controller. Is it not a good idea to persist the user when the registration succeeds? The challenge could be stored in a session.

Agree.

Created new issue for that https://github.com/cedarcode/webauthn-rails-demo-app/issues/59.

Thanks for bringing that to our attention.