removed email support for sign in

supertokens · Jan 21, 2025 · fd87984 · fd87984
1 parent eafcf8e
commit fd87984
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 22 deletions.
diff --git a/lib/ts/recipe/webauthn/api/implementation.ts b/lib/ts/recipe/webauthn/api/implementation.ts
@@ -127,12 +127,10 @@ export default function getAPIImplementation(): APIInterface {
         },
 
         signInOptionsPOST: async function ({
-            email,
             tenantId,
             options,
             userContext,
         }: {
-            email: string;
             tenantId: string;
             options: APIOptions;
             userContext: UserContext;
@@ -166,7 +164,6 @@ export default function getAPIImplementation(): APIInterface {
             const userVerification = DEFAULT_SIGNIN_OPTIONS_USER_VERIFICATION;
 
             let response = await options.recipeImplementation.signInOptions({
-                email,
                 userVerification,
                 origin,
                 relyingPartyId,
@@ -427,7 +424,6 @@ export default function getAPIImplementation(): APIInterface {
                     status: "INVALID_CREDENTIALS_ERROR",
                 };
             }
-            let email = generatedOptions.email;
 
             const checkCredentialsOnTenant = async () => {
                 return true;
@@ -442,8 +438,10 @@ export default function getAPIImplementation(): APIInterface {
             //             lm.hasSamePhoneNumberAs(accountInfo.phoneNumber) ||
             //             lm.hasSameThirdPartyInfoAs(accountInfo.thirdParty))
             // );
+
+            const accountInfo = { webauthn: { credentialId: credential.id } };
             const authenticatingUser = await AuthUtils.getAuthenticatingUserAndAddToCurrentTenantIfRequired({
-                accountInfo: { email },
+                accountInfo,
                 userContext,
                 recipeId,
                 session,
@@ -461,6 +459,15 @@ export default function getAPIImplementation(): APIInterface {
                     status: "INVALID_CREDENTIALS_ERROR",
                 };
             }
+
+            // we find the email of the user that has the same credentialId as the one we are verifying
+            const email = authenticatingUser.user.loginMethods.find(
+                (lm) => lm.recipeId === "webauthn" && lm.webauthn?.credentialIds.includes(credential.id)
+            )?.email;
+            if (email === undefined) {
+                throw new Error("This should never happen: webauthn user has no email");
+            }
+
             const preAuthChecks = await AuthUtils.preAuthChecks({
                 authenticatingAccountInfo: {
                     recipeId,

diff --git a/lib/ts/recipe/webauthn/api/signInOptions.ts b/lib/ts/recipe/webauthn/api/signInOptions.ts
@@ -16,7 +16,6 @@
 import { send200Response } from "../../../utils";
 import { APIInterface, APIOptions } from "..";
 import { UserContext } from "../../../types";
-import STError from "../error";
 
 export default async function signInOptions(
     apiImplementation: APIInterface,
@@ -27,19 +26,8 @@ export default async function signInOptions(
     if (apiImplementation.signInOptionsPOST === undefined) {
         return false;
     }
-    const requestBody = await options.req.getJSONBody();
-
-    let email = requestBody.email?.trim();
-
-    if (email === undefined || typeof email !== "string") {
-        throw new STError({
-            type: STError.BAD_INPUT_ERROR,
-            message: "Please provide the email",
-        });
-    }
 
     let result = await apiImplementation.signInOptionsPOST({
-        email,
         tenantId,
         options,
         userContext,

diff --git a/lib/ts/recipe/webauthn/core-mock.ts b/lib/ts/recipe/webauthn/core-mock.ts
@@ -89,7 +89,6 @@ export const getMockQuerier = (recipeId: string) => {
                 id,
                 origin: body.origin,
                 tenantId: body.tenantId,
-                email: body.email,
                 createdAt,
                 expiresAt,
             });

diff --git a/lib/ts/recipe/webauthn/recipeImplementation.ts b/lib/ts/recipe/webauthn/recipeImplementation.ts
@@ -98,14 +98,13 @@ export default function getRecipeInterface(
             );
         },
 
-        signInOptions: async function ({ relyingPartyId, origin, timeout, tenantId, userContext, email }) {
+        signInOptions: async function ({ relyingPartyId, origin, timeout, tenantId, userContext }) {
             // the input user ID can be a recipe or a primary user ID.
             return await querier.sendPostRequest(
                 new NormalisedURLPath(
                     `/${tenantId === undefined ? DEFAULT_TENANT_ID : tenantId}/recipe/webauthn/options/signin`
                 ),
                 {
-                    email,
                     relyingPartyId,
                     origin,
                     timeout,

diff --git a/lib/ts/recipe/webauthn/types.ts b/lib/ts/recipe/webauthn/types.ts
@@ -218,7 +218,6 @@ export type RecipeInterface = {
     >;
 
     signInOptions(input: {
-        email: string;
         relyingPartyId: string;
         origin: string;
         userVerification: UserVerification | undefined; // see register options
@@ -630,7 +629,6 @@ export type APIInterface = {
     signInOptionsPOST:
         | undefined
         | ((input: {
-              email: string;
               tenantId: string;
               options: APIOptions;
               userContext: UserContext;