fix: multiple small fixes

lib/new-admin/graphql/modules/authentication/FIDOPasswordlessStrategy.js

@@ -15,11 +15,11 @@ const REMEMBER_ME_AGE = 90 * T.day
 const rpID = devMode ? `localhost` : domain
 const expectedOrigin = `https://${rpID}:3001`
 
-const generateAttestationOptions = (userID, session) => {
-  return users.getUserById(userID).then(user => {
-    return Promise.all([credentials.getHardwareCredentialsOfUser(user.id), user])
+const generateAttestationOptions = (session, options) => {
+  return users.getUserById(options.userId).then(user => {
+    return Promise.all([credentials.getHardwareCredentialsByUserId(user.id), user])
   }).then(([userDevices, user]) => {
-    const options = simpleWebauthn.generateAttestationOptions({
+    const opts = simpleWebauthn.generateAttestationOptions({
       rpName: 'Lamassu',
       rpID,
       userName: user.username,
@@ -39,18 +39,18 @@ const generateAttestationOptions = (userID, session) => {
 
     session.webauthn = {
       attestation: {
-        challenge: options.challenge
+        challenge: opts.challenge
       }
     }
 
-    return options
+    return opts
   })
 }
 
-const generateAssertionOptions = (username, context) => {
-  return users.getUserByUsername(username).then(user => {
-    return credentials.getHardwareCredentialsOfUser(user.id).then(devices => {
-      const options = simpleWebauthn.generateAssertionOptions({
+const generateAssertionOptions = (session, options) => {
+  return users.getUserByUsername(options.username).then(user => {
+    return credentials.getHardwareCredentialsByUserId(user.id).then(devices => {
+      const opts = simpleWebauthn.generateAssertionOptions({
         timeout: 60000,
         allowCredentials: devices.map(dev => ({
           id: dev.data.credentialID,
@@ -61,25 +61,25 @@ const generateAssertionOptions = (username, context) => {
         rpID
       })
 
-      context.req.session.webauthn = {
+      session.webauthn = {
         assertion: {
-          challenge: options.challenge
+          challenge: opts.challenge
         }
       }
 
-      return options
+      return opts
     })
   })
 }
 
-const validateAttestation = (userID, attestationResponse, context) => {
-  const webauthnData = context.req.session.webauthn.attestation
+const validateAttestation = (session, options) => {
+  const webauthnData = session.webauthn.attestation
   const expectedChallenge = webauthnData.challenge
 
   return Promise.all([
-    users.getUserById(userID),
+    users.getUserById(options.userId),
     simpleWebauthn.verifyAttestationResponse({
-      credential: attestationResponse,
+      credential: options.attestationResponse,
       expectedChallenge: `${expectedChallenge}`,
       expectedOrigin,
       expectedRPID: rpID
@@ -89,7 +89,7 @@ const validateAttestation = (userID, attestationResponse, context) => {
       const { verified, attestationInfo } = verification
 
       if (!(verified || attestationInfo)) {
-        context.req.session.webauthn = null
+        session.webauthn = null
         return false
       }
 
@@ -99,7 +99,7 @@ const validateAttestation = (userID, attestationResponse, context) => {
         credentialID
       } = attestationInfo
 
-      return credentials.getHardwareCredentialsOfUser(user.id)
+      return credentials.getHardwareCredentialsByUserId(user.id)
         .then(userDevices => {
           const existingDevice = userDevices.find(device => device.data.credentialID === credentialID)
 
@@ -112,23 +112,23 @@ const validateAttestation = (userID, attestationResponse, context) => {
             credentials.createHardwareCredential(user.id, newDevice)
           }
 
-          context.req.session.webauthn = null
+          session.webauthn = null
           return verified
         })
     })
 }
 
-const validateAssertion = (username, rememberMe, assertionResponse, context) => {
-  return users.getUserByUsername(username).then(user => {
-    const expectedChallenge = context.req.session.webauthn.assertion.challenge
+const validateAssertion = (session, options) => {
+  return users.getUserByUsername(options.username).then(user => {
+    const expectedChallenge = session.webauthn.assertion.challenge
 
-    return credentials.getHardwareCredentialsOfUser(user.id).then(devices => {
+    return credentials.getHardwareCredentialsByUserId(user.id).then(devices => {
       const dbAuthenticator = _.find(dev => {
-        return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(assertionResponse.rawId)) === 0
+        return Buffer.from(dev.data.credentialID).compare(base64url.toBuffer(options.assertionResponse.rawId)) === 0
       }, devices)
 
       if (!dbAuthenticator.data) {
-        throw new Error(`Could not find authenticator matching ${assertionResponse.id}`)
+        throw new Error(`Could not find authenticator matching ${options.assertionResponse.id}`)
       }
 
       const convertedAuthenticator = _.merge(
@@ -139,7 +139,7 @@ const validateAssertion = (username, rememberMe, assertionResponse, context) =>
       let verification
       try {
         verification = simpleWebauthn.verifyAssertionResponse({
-          credential: assertionResponse,
+          credential: options.assertionResponse,
           expectedChallenge: `${expectedChallenge}`,
           expectedOrigin,
           expectedRPID: rpID,
@@ -161,10 +161,10 @@ const validateAssertion = (username, rememberMe, assertionResponse, context) =>
       return credentials.updateHardwareCredential(dbAuthenticator)
         .then(() => {
           const finalUser = { id: user.id, username: user.username, role: user.role }
-          context.req.session.user = finalUser
-          if (rememberMe) context.req.session.cookie.maxAge = REMEMBER_ME_AGE
+          session.user = finalUser
+          if (options.rememberMe) session.cookie.maxAge = REMEMBER_ME_AGE
 
-          context.req.session.webauthn = null
+          session.webauthn = null
           return verified
         })
     })