passkey adjustments

2025-10-30 09:15:40 -04:00
parent d5ad29be34
commit d774557522
7 changed files with 42 additions and 30 deletions
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@@ -471,7 +471,7 @@ namespace Oqtane.Controllers
        [Authorize]
        public async Task<IEnumerable<UserPasskey>> GetPasskeys()
        {
-            return await _userManager.GetPasskeys(_userPermissions.GetUser(User).UserId);
+            return await _userManager.GetPasskeys(_userPermissions.GetUser(User).UserId, _tenantManager.GetAlias().SiteId);
        }

        // PUT api/<controller>/passkey
@@ -481,6 +481,8 @@ namespace Oqtane.Controllers
        {
            if (ModelState.IsValid)
            {
+                // passkey name is prefixed with SiteId for multi-tenancy
+                passkey.Name = $"{_tenantManager.GetAlias().SiteId}:" + passkey.Name;
                passkey.UserId = _userPermissions.GetUser(User).UserId;
                await _userManager.UpdatePasskey(passkey);
            }
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@@ -37,7 +37,7 @@ namespace Oqtane.Managers
        Task<UserValidateResult> ValidateUser(string username, string email, string password);
        Task<bool> ValidatePassword(string password);
        Task<Dictionary<string, string>> ImportUsers(int siteId, string filePath, bool notify);
-        Task<List<UserPasskey>> GetPasskeys(int userId);
+        Task<List<UserPasskey>> GetPasskeys(int userId, int siteId);
        Task UpdatePasskey(UserPasskey passkey);
        Task DeletePasskey(int userId, byte[] credentialId);
        Task<List<UserLogin>> GetLogins(int userId, int siteId);
@@ -826,7 +826,7 @@ namespace Oqtane.Managers
            return result;
        }

-        public async Task<List<UserPasskey>> GetPasskeys(int userId)
+        public async Task<List<UserPasskey>> GetPasskeys(int userId, int siteId)
        {
            var passkeys = new List<UserPasskey>();
            var user = _users.GetUser(userId);
@@ -838,7 +838,11 @@ namespace Oqtane.Managers
                    var userpasskeys = await _identityUserManager.GetPasskeysAsync(identityuser);
                    foreach (var userpasskey in userpasskeys)
                    {
-                        passkeys.Add(new UserPasskey { CredentialId = userpasskey.CredentialId, Name = userpasskey.Name, UserId = userId });
+                        // passkey name is prefixed with SiteId for multi-tenancy
+                        if (userpasskey.Name.StartsWith($"{siteId}:"))
+                        {
+                            passkeys.Add(new UserPasskey { CredentialId = userpasskey.CredentialId, Name = userpasskey.Name.Split(':')[1], UserId = userId });
+                        }
                    }
                }
            }
--- a/Oqtane.Server/Pages/Passkey.cshtml.cs
+++ b/Oqtane.Server/Pages/Passkey.cshtml.cs
@@ -49,7 +49,7 @@ namespace Oqtane.Pages
                                    Name = identityuser.UserName,
                                    DisplayName = identityuser.UserName
                                });
-                                returnurl += $"?options={WebUtility.UrlEncode(creationOptionsJson)}";
+                                returnurl += (!returnurl.Contains("?") ? "?" : "&") + $"options={WebUtility.UrlEncode(creationOptionsJson)}";
                            }
                            else
                            {
@@ -70,8 +70,18 @@ namespace Oqtane.Pages
                                var attestationResult = await _identitySignInManager.PerformPasskeyAttestationAsync(credential);
                                if (attestationResult.Succeeded)
                                {
-                                    attestationResult.Passkey.Name = identityuser.UserName + "'s Passkey";
-                                    var addPasskeyResult = await _identityUserManager.AddOrUpdatePasskeyAsync(identityuser, attestationResult.Passkey);
+                                    var user = _userManager.GetUser(User.Identity.Name, HttpContext.GetAlias().SiteId);
+                                    if (user != null && !user.IsDeleted && UserSecurity.ContainsRole(user.Roles, RoleNames.Registered))
+                                    {
+                                        // setting a default name and including a SiteId prefix for multi-tenancy
+                                        var name = (!string.IsNullOrEmpty(user.DisplayName)) ? user.DisplayName : user.Username;
+                                        attestationResult.Passkey.Name = HttpContext.GetAlias().SiteId + ":" + name + "'s Passkey";
+                                        var addPasskeyResult = await _identityUserManager.AddOrUpdatePasskeyAsync(identityuser, attestationResult.Passkey);
+                                    }
+                                    else
+                                    {
+                                        _logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Validation Failed - User {Username} Is Deleted Or Is Not A Registered User For The Site", User.Identity.Name);
+                                    }
                                }
                                else
                                {
@@ -113,7 +123,7 @@ namespace Oqtane.Pages
                                }
                                else
                                {
-                                    _logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Failed For User {Username}", User.Identity.Name);
+                                    _logger.Log(LogLevel.Information, this, LogFunction.Security, "Passkey Login Failed - User {Username} Is Deleted Or Is Not A Registered User For The Site", User.Identity.Name);
                                }
                            }
                            else