d2114523a5
* fix: passkeys behind TLS reverse proxy Add passkeyPublicOrigin and wire it through passkey routes so origin/rpId match the browser when dev runs behind nginx. Expose dev-only /_emdash/api/dev/passkey-url, add admin messaging for insecure WebAuthn contexts, nginx repro under demos/simple, and direct kysely dependency for the simple demo Node adapter bundle. Made-with: Cursor * docs: add passkeyPublicOrigin to configuration reference Adds the new passkeyPublicOrigin option and reverse proxy guidance to the public-facing configuration docs as requested in PR review. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * update tests and more docs * fix: add missing refresh-server-pat fixture and restore docs heading --------- Co-authored-by: Joseph Eftekhari <jdeftekhari@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
55 lines
1.7 KiB
TypeScript
55 lines
1.7 KiB
TypeScript
import { describe, it, expect, afterEach } from "vitest";
|
|
|
|
import {
|
|
isPasskeyEnvironmentUsable,
|
|
isPublicKeyCredentialConstructorAvailable,
|
|
isWebAuthnSecureContext,
|
|
} from "../../src/lib/webauthn-environment";
|
|
|
|
describe("webauthn-environment", () => {
|
|
const origPk = globalThis.window.PublicKeyCredential;
|
|
const desc = Object.getOwnPropertyDescriptor(globalThis.window, "isSecureContext");
|
|
|
|
afterEach(() => {
|
|
if (origPk === undefined) {
|
|
delete (globalThis.window as { PublicKeyCredential?: unknown }).PublicKeyCredential;
|
|
} else {
|
|
Object.defineProperty(globalThis.window, "PublicKeyCredential", {
|
|
value: origPk,
|
|
configurable: true,
|
|
writable: true,
|
|
});
|
|
}
|
|
if (desc) Object.defineProperty(globalThis.window, "isSecureContext", desc);
|
|
});
|
|
|
|
it("is usable only when secure context and PublicKeyCredential constructor exist", () => {
|
|
Object.defineProperty(globalThis.window, "isSecureContext", {
|
|
value: true,
|
|
configurable: true,
|
|
});
|
|
Object.defineProperty(globalThis.window, "PublicKeyCredential", {
|
|
value: function PublicKeyCredential() {},
|
|
configurable: true,
|
|
writable: true,
|
|
});
|
|
expect(isWebAuthnSecureContext()).toBe(true);
|
|
expect(isPublicKeyCredentialConstructorAvailable()).toBe(true);
|
|
expect(isPasskeyEnvironmentUsable()).toBe(true);
|
|
});
|
|
|
|
it("is not usable in an insecure context even if PublicKeyCredential is defined", () => {
|
|
Object.defineProperty(globalThis.window, "isSecureContext", {
|
|
value: false,
|
|
configurable: true,
|
|
});
|
|
Object.defineProperty(globalThis.window, "PublicKeyCredential", {
|
|
value: function PublicKeyCredential() {},
|
|
configurable: true,
|
|
writable: true,
|
|
});
|
|
expect(isWebAuthnSecureContext()).toBe(false);
|
|
expect(isPasskeyEnvironmentUsable()).toBe(false);
|
|
});
|
|
});
|