Add comprehensive WebAuthn e2e/unit tests and virtual authenticator package

- Create @reviq/virtual-authenticator package with cryptographically valid WebAuthn credential generation for testing - Add e2e tests for WebAuthn registration, authentication, passkey management - Add unit tests for passkey-helpers and VirtualAuthenticator - Add security tests for counter replay and tampered responses - Configure test database environment in devenv.nix - Add turbo.json test tasks and workspace configuration Test results: 98 tests passing (54 virtual-authenticator, 25 e2e, 19 unit) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 16:46:02 +08:00
parent 30ee35b25c
commit bd9be3e441
20 changed files with 2694 additions and 21 deletions
--- a/apps/api-server/src/router.ts
+++ b/apps/api-server/src/router.ts
@@ -68,11 +68,20 @@ const createRegistrationOptions =
      const ctx = context as APIContext;
      const { email } = input;

-      // For signup flow, we don't have a user yet
-      // The user will be created when signup is called with the passkeyInfo
+      // Look up existing user by email to exclude their credentials
+      const existingUser = await ctx.db
+        .selectFrom("users")
+        .select(["id", "display_name"])
+        .where("email", "=", email)
+        .executeTakeFirst();
+
      const rpInfo = getRPInfo(ctx.origin, ctx.allowedOrigins, ctx.rpName);

-      const result = await createRegOptions(ctx.db, rpInfo, { email });
+      const result = await createRegOptions(ctx.db, rpInfo, {
+        id: existingUser?.id,
+        email,
+        displayName: existingUser?.display_name,
+      });
      return result;
    },
  );