feat: save the security key during login (#1629)

teamhanko · Oct 22, 2024 · 344e35d · 344e35d
1 parent aa3160e
commit 344e35d
Showing 1 changed file with 28 additions and 3 deletions.
diff --git a/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go b/backend/flow_api/flow/credential_onboarding/action_webauthn_verify_attestation_response.go
@@ -4,9 +4,12 @@ import (
 	"errors"
 	"fmt"
 	"github.com/gofrs/uuid"
+	auditlog "github.com/teamhanko/hanko/backend/audit_log"
+	"github.com/teamhanko/hanko/backend/dto/intern"
 	"github.com/teamhanko/hanko/backend/flow_api/flow/shared"
 	"github.com/teamhanko/hanko/backend/flow_api/services"
 	"github.com/teamhanko/hanko/backend/flowpilot"
+	"github.com/teamhanko/hanko/backend/persistence/models"
 )
 
 type WebauthnVerifyAttestationResponse struct {
@@ -71,10 +74,32 @@ func (a WebauthnVerifyAttestationResponse) Execute(c flowpilot.ExecutionContext)
 		return fmt.Errorf("failed to verify attestation response: %w", err)
 	}
 
-	if c.Stash().Get(shared.StashPathMFAMethod).String() == "security_key" {
-		err = c.Stash().Set(shared.StashPathSecurityKey, credential)
+	if c.GetFlowName() == shared.FlowLogin {
+		credentialModel := intern.WebauthnCredentialToModel(credential, userID, false, false, true, deps.AuthenticatorMetadata)
+		err = deps.Persister.GetWebauthnCredentialPersisterWithConnection(deps.Tx).Create(*credentialModel)
+		if err != nil {
+			return fmt.Errorf("failed to persist the webauthn credential: %w", err)
+		}
+
+		userModel, err := deps.Persister.GetUserPersisterWithConnection(deps.Tx).Get(userID)
+		if err != nil {
+			return fmt.Errorf("failed to user from db: %w", err)
+		}
+
+		err = deps.AuditLogger.CreateWithConnection(deps.Tx, deps.HttpContext, models.AuditLogSecurityKeyCreated,
+			userModel,
+			nil,
+			auditlog.Detail("security_key", credential.ID),
+		)
+		if err != nil {
+			return fmt.Errorf("failed to persist audit log entry: %w", err)
+		}
 	} else {
-		err = c.Stash().Set(shared.StashPathWebauthnCredential, credential)
+		if c.Stash().Get(shared.StashPathMFAMethod).String() == "security_key" {
+			err = c.Stash().Set(shared.StashPathSecurityKey, credential)
+		} else {
+			err = c.Stash().Set(shared.StashPathWebauthnCredential, credential)
+		}
 	}
 
 	if err != nil {