From 8604794d9193b3468d19ecbbebd26e95bdcb128e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20=C3=89pardaud?= <stef@epardaud.fr>
Date: Mon, 25 Nov 2024 14:51:21 +0100
Subject: [PATCH] WebAuthn: removed username cookie

---
 .../main/java/org/acme/security/webauthn/LoginResource.java    | 2 +-
 .../org/acme/security/webauthn/test/WebAuthnResourceTest.java  | 3 +--
 .../main/java/org/acme/security/webauthn/LoginResource.java    | 2 +-
 .../org/acme/security/webauthn/test/WebAuthnResourceTest.java  | 3 +--
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/security-webauthn-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java b/security-webauthn-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
index 082d3ffc41..eb41e73573 100644
--- a/security-webauthn-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
+++ b/security-webauthn-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
@@ -67,7 +67,7 @@ public Response register(@RestForm String userName,
         }
         try {
             // store the user
-        	WebAuthnCredentialRecord credentialRecord = this.webAuthnSecurity.register(webAuthnResponse, ctx).await().indefinitely();
+            WebAuthnCredentialRecord credentialRecord = this.webAuthnSecurity.register(userName, webAuthnResponse, ctx).await().indefinitely();
             User newUser = new User();
             newUser.userName = credentialRecord.getUserName();
             WebAuthnCredential credential = new WebAuthnCredential(credentialRecord, newUser);
diff --git a/security-webauthn-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java b/security-webauthn-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
index c4cca6079e..d77fef6ca3 100644
--- a/security-webauthn-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
+++ b/security-webauthn-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
@@ -51,7 +51,7 @@ private void testWebAuthn(String userName, User user, Endpoint endpoint) {
         String challenge = WebAuthnEndpointHelper.obtainRegistrationChallenge(userName, cookieFilter);
         JsonObject registrationJson = token.makeRegistrationJson(challenge);
         if(endpoint == Endpoint.DEFAULT)
-            WebAuthnEndpointHelper.invokeRegistration(registrationJson, cookieFilter);
+            WebAuthnEndpointHelper.invokeRegistration(userName, registrationJson, cookieFilter);
         else {
             invokeCustomEndpoint("/register", cookieFilter, request -> {
                 WebAuthnEndpointHelper.addWebAuthnRegistrationFormParameters(request, registrationJson);
@@ -100,7 +100,6 @@ private void invokeCustomEndpoint(String uri, Filter cookieFilter, Consumer<Requ
         .statusCode(200)
         .log().ifValidationFails()
         .cookie(WebAuthnEndpointHelper.getChallengeCookie(), Matchers.is(""))
-        .cookie(WebAuthnEndpointHelper.getChallengeUsernameCookie(), Matchers.is(""))
         .cookie(WebAuthnEndpointHelper.getMainCookie(), Matchers.notNullValue());
     }
 
diff --git a/security-webauthn-reactive-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java b/security-webauthn-reactive-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
index a4371ee695..6bbfb0e33d 100644
--- a/security-webauthn-reactive-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
+++ b/security-webauthn-reactive-quickstart/src/main/java/org/acme/security/webauthn/LoginResource.java
@@ -74,7 +74,7 @@ public Uni<Response> register(@RestForm String userName,
                 // Duplicate user
                 return Uni.createFrom().item(Response.status(Status.BAD_REQUEST).build());
             }
-            Uni<WebAuthnCredentialRecord> credentialRecord = this.webAuthnSecurity.register(webAuthnResponse, ctx);
+            Uni<WebAuthnCredentialRecord> credentialRecord = this.webAuthnSecurity.register(userName, webAuthnResponse, ctx);
 
             return credentialRecord
                     // store the user
diff --git a/security-webauthn-reactive-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java b/security-webauthn-reactive-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
index c4cca6079e..d77fef6ca3 100644
--- a/security-webauthn-reactive-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
+++ b/security-webauthn-reactive-quickstart/src/test/java/org/acme/security/webauthn/test/WebAuthnResourceTest.java
@@ -51,7 +51,7 @@ private void testWebAuthn(String userName, User user, Endpoint endpoint) {
         String challenge = WebAuthnEndpointHelper.obtainRegistrationChallenge(userName, cookieFilter);
         JsonObject registrationJson = token.makeRegistrationJson(challenge);
         if(endpoint == Endpoint.DEFAULT)
-            WebAuthnEndpointHelper.invokeRegistration(registrationJson, cookieFilter);
+            WebAuthnEndpointHelper.invokeRegistration(userName, registrationJson, cookieFilter);
         else {
             invokeCustomEndpoint("/register", cookieFilter, request -> {
                 WebAuthnEndpointHelper.addWebAuthnRegistrationFormParameters(request, registrationJson);
@@ -100,7 +100,6 @@ private void invokeCustomEndpoint(String uri, Filter cookieFilter, Consumer<Requ
         .statusCode(200)
         .log().ifValidationFails()
         .cookie(WebAuthnEndpointHelper.getChallengeCookie(), Matchers.is(""))
-        .cookie(WebAuthnEndpointHelper.getChallengeUsernameCookie(), Matchers.is(""))
         .cookie(WebAuthnEndpointHelper.getMainCookie(), Matchers.notNullValue());
     }