search

justinmayer / kagi

WebAuthn security keys and TOTP multi-factor authentication for Django
BSD 2-Clause "Simplified" License
91 stars 10 forks source link

Silent failure if WebAuthn key name is omitted #43

Open justinmayer opened 3 years ago

justinmayer commented 3 years ago

Steps to Reproduce

  1. Log in and choose “Manage WebAuthn keys”
  2. Tap the appropriate link to add a key
  3. Without entering a key name, tap the “Add WebAuthn Key” button.

Expected Result

Using the same browser-based validation that occurs in other parts of Kagi’s form validation, the browser would indicate that a key name must be provided.

Observed Result

Nothing visible happens. In the browser console, the following output is displayed:

**XHR** POST http://localhost:8000/kagi/api/begin-activate/ [HTTP/1.1 400 Bad Request 42ms]

Uncaught (in promise) TypeError: credentialCreateOptionsFromServer.user is undefined
    transformCredentialCreateOptions http://localhost:8000/static/kagi/webauthn.js:155
    didClickRegister http://localhost:8000/static/kagi/webauthn.js:68
    async* http://localhost:8000/static/kagi/webauthn.js:312
    EventListener.handleEvent* http://localhost:8000/static/kagi/webauthn.js:309

Environment