@micha.bigler/ui-core-micha 1.4.34 → 1.4.35

package/dist/pages/LoginPage.js

@@ -80,7 +80,7 @@ export function LoginPage() {
         setSubmitting(true);
         try {
             // Service handles browser interaction + API calls
-            const { user } = await loginWithPasskey();
+            const user = await loginWithPasskey();
             handleLoginSuccess(user);
         }
         catch (err) {

package/dist/utils/authService.js

@@ -2,8 +2,14 @@ import { getPasskeyRegistrationOptions, completePasskeyRegistration, getPasskeyL
 import { ensureWebAuthnSupport, serializeCredential } from '../utils/webauthn';
 import { normaliseApiError } from '../utils/auth-errors';
 import apiClient from '../auth/apiClient';
-// Falls du die Konstanten importieren möchtest, um Hardcoding zu vermeiden:
 import { HEADLESS_BASE } from '../auth/authConfig';
+// HILFSFUNKTION: Entpackt die Optionen, falls sie in 'publicKey' stecken
+function resolveWebAuthnOptions(options) {
+    if (options && options.publicKey) {
+        return options.publicKey;
+    }
+    return options;
+}
 export async function registerPasskey(name = 'Passkey') {
     ensureWebAuthnSupport();
     // 1. Get Options from Server
@@ -11,8 +17,10 @@ export async function registerPasskey(name = 'Passkey') {
     // 2. Call Browser API
     let credential;
     try {
+        // FIX: Erst entpacken (JSON -> JSON ohne publicKey Wrapper)
+        const optionsJson = resolveWebAuthnOptions(creationOptions);
+        // Dann parsen (JSON -> ArrayBuffer)
         const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
-        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
         credential = await navigator.credentials.create({ publicKey: publicKeyOptions });
     }
     catch (err) {
@@ -32,8 +40,10 @@ export async function loginWithPasskey() {
     // 2. Browser Sign
     let assertion;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        // FIX: Erst entpacken
+        const optionsJson = resolveWebAuthnOptions(requestOptions);
+        // Dann parsen
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
         assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     }
     catch (err) {
@@ -56,11 +66,11 @@ export async function authenticateMfaWithPasskey() {
     ensureWebAuthnSupport();
     let requestOptions;
     try {
-        // Nutze HEADLESS_BASE falls verfügbar, sonst den Pfad
         const url = typeof HEADLESS_BASE !== 'undefined'
             ? `${HEADLESS_BASE}/auth/2fa/authenticate`
             : '/api/auth/browser/v1/auth/2fa/authenticate';
         const res = await apiClient.get(url);
+        // Allauth liefert oft: { data: { request_options: { publicKey: ... } } }
         const data = ((_a = res.data) === null || _a === void 0 ? void 0 : _a.data) || res.data;
         requestOptions = data.request_options || data;
     }
@@ -73,8 +83,11 @@ export async function authenticateMfaWithPasskey() {
     // 2. Browser Sign
     let assertion;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        // FIX: Erst entpacken
+        const optionsJson = resolveWebAuthnOptions(requestOptions);
+        // Dann parsen
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+        // Dann wrappen
         assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     }
     catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@micha.bigler/ui-core-micha",
-  "version": "1.4.34",
+  "version": "1.4.35",
   "main": "dist/index.js",
   "module": "dist/index.js",
   "private": false,

package/src/pages/LoginPage.jsx

@@ -92,7 +92,7 @@ export function LoginPage() {
     setSubmitting(true);
     try {
       // Service handles browser interaction + API calls
-      const { user } = await loginWithPasskey();
+      const user = await loginWithPasskey();
       handleLoginSuccess(user);
     } catch (err) {
       // 'Auth.PASSKEY_CANCELLED' is generic, maybe ignore visually or show specific hint

package/src/utils/authService.js

@@ -13,9 +13,16 @@ import {
 } from '../utils/webauthn';
 import { normaliseApiError } from '../utils/auth-errors';
 import apiClient from '../auth/apiClient';
-// Falls du die Konstanten importieren möchtest, um Hardcoding zu vermeiden:
 import { HEADLESS_BASE } from '../auth/authConfig'; 
 
+// HILFSFUNKTION: Entpackt die Optionen, falls sie in 'publicKey' stecken
+function resolveWebAuthnOptions(options) {
+    if (options && options.publicKey) {
+        return options.publicKey;
+    }
+    return options;
+}
+
 export async function registerPasskey(name = 'Passkey') {
   ensureWebAuthnSupport();
   
@@ -25,8 +32,12 @@ export async function registerPasskey(name = 'Passkey') {
   // 2. Call Browser API
   let credential;
   try {
-      const publicKeyOptions = window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
-      // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+      // FIX: Erst entpacken (JSON -> JSON ohne publicKey Wrapper)
+      const optionsJson = resolveWebAuthnOptions(creationOptions);
+      
+      // Dann parsen (JSON -> ArrayBuffer)
+      const publicKeyOptions =
+        window.PublicKeyCredential.parseCreationOptionsFromJSON(creationOptions);
       credential = await navigator.credentials.create({ publicKey: publicKeyOptions });
   } catch (err) {
       if (err.name === 'NotAllowedError') {
@@ -49,8 +60,12 @@ export async function loginWithPasskey() {
     // 2. Browser Sign
     let assertion;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        // FIX: Erst entpacken
+        const optionsJson = resolveWebAuthnOptions(requestOptions);
+        
+        // Dann parsen
+        const publicKeyOptions =
+          window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
         assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     } catch (err) {
          if (err.name === 'NotAllowedError') {
@@ -75,12 +90,12 @@ export async function authenticateMfaWithPasskey() {
 
     let requestOptions;
     try {
-        // Nutze HEADLESS_BASE falls verfügbar, sonst den Pfad
         const url = typeof HEADLESS_BASE !== 'undefined' 
             ? `${HEADLESS_BASE}/auth/2fa/authenticate`
             : '/api/auth/browser/v1/auth/2fa/authenticate';
 
         const res = await apiClient.get(url);
+        // Allauth liefert oft: { data: { request_options: { publicKey: ... } } }
         const data = res.data?.data || res.data;
         requestOptions = data.request_options || data;
     } catch (err) {
@@ -94,8 +109,13 @@ export async function authenticateMfaWithPasskey() {
     // 2. Browser Sign
     let assertion;
     try {
-        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(requestOptions);
-        // KORREKTUR: Wir MÜSSEN { publicKey: ... } wrappen!
+        // FIX: Erst entpacken
+        const optionsJson = resolveWebAuthnOptions(requestOptions);
+        
+        // Dann parsen
+        const publicKeyOptions = window.PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+        
+        // Dann wrappen
         assertion = await navigator.credentials.get({ publicKey: publicKeyOptions });
     } catch (err) {
          if (err.name === 'NotAllowedError') {