Add method getUsernameForUserHandle to UsernameRepository

emlun · emlun · commit 515900a3a6ce · 2023-11-08T16:51:31.000+01:00
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepositoryV1ToV2Adapter.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepositoryV1ToV2Adapter.java
@@ -35,4 +35,9 @@ public boolean credentialIdExists(ByteArray credentialId) {
   public Optional<ByteArray> getUserHandleForUsername(String username) {
     return inner.getUserHandleForUsername(username);
   }
+
+  @Override
+  public Optional<String> getUsernameForUserHandle(ByteArray userHandle) {
+    return inner.getUsernameForUserHandle(userHandle);
+  }
 }
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
@@ -60,7 +60,6 @@ final class FinishAssertionSteps<C extends CredentialRecord> {
   private final Optional<ByteArray> callerTokenBindingId;
   private final Set<String> origins;
   private final String rpId;
-  private final Optional<CredentialRepository> credentialRepository;
   private final CredentialRepositoryV2<C> credentialRepositoryV2;
   private final Optional<UsernameRepository> usernameRepository;
   private final boolean allowOriginPort;
@@ -79,7 +78,6 @@ static FinishAssertionSteps<RegisteredCredential> fromV1(
         options.getCallerTokenBindingId(),
         rp.getOrigins(),
         rp.getIdentity().getId(),
-        Optional.of(credRepo),
         credRepoV2,
         Optional.of(credRepoV2),
         rp.isAllowOriginPort(),
@@ -95,7 +93,6 @@ static FinishAssertionSteps<RegisteredCredential> fromV1(
         options.getCallerTokenBindingId(),
         rp.getOrigins(),
         rp.getIdentity().getId(),
-        Optional.empty(),
         rp.getCredentialRepository(),
         Optional.ofNullable(rp.getUsernameRepository()),
         rp.isAllowOriginPort(),
@@ -105,7 +102,7 @@ static FinishAssertionSteps<RegisteredCredential> fromV1(
   }
 
   private Optional<String> getUsernameForUserHandle(final ByteArray userHandle) {
-    return credentialRepository.flatMap(credRepo -> credRepo.getUsernameForUserHandle(userHandle));
+    return usernameRepository.flatMap(unameRepo -> unameRepo.getUsernameForUserHandle(userHandle));
   }
 
   public Step5 begin() {
@@ -262,7 +259,7 @@ public void validate() {
           finalUserHandle.get(),
           response.getId());
 
-      if (credentialRepository.isPresent()) {
+      if (usernameRepository.isPresent()) {
         assertTrue(
             finalUsername.isPresent(),
             "Unknown username for user handle: %s",
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/UsernameRepository.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/UsernameRepository.java
@@ -35,10 +35,20 @@
 public interface UsernameRepository {
 
   /**
-   * Get the user handle corresponding to the given username.
+   * Get the user handle corresponding to the given username - the inverse of {@link
+   * #getUsernameForUserHandle(ByteArray)}.
    *
    * <p>Used to look up the user handle based on the username, for authentication ceremonies where
    * the username is already given.
    */
   Optional<ByteArray> getUserHandleForUsername(String username);
+
+  /**
+   * Get the username corresponding to the given user handle - the inverse of {@link
+   * #getUserHandleForUsername(String)}.
+   *
+   * <p>Used to look up the username based on the user handle, for username-less authentication
+   * ceremonies.
+   */
+  Optional<String> getUsernameForUserHandle(ByteArray userHandle);
 }
diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java b/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java
@@ -105,16 +105,17 @@ public Optional<ByteArray> getUserHandleForUsername(String username) {
         .map(reg -> reg.getUserIdentity().getId());
   }
 
-  ////////////////////////////////////////////////////////////////////////////////
-  // The following methods are specific to this demo application.
-  ////////////////////////////////////////////////////////////////////////////////
-
+  @Override
   public Optional<String> getUsernameForUserHandle(ByteArray userHandle) {
     return getRegistrationsByUserHandle(userHandle).stream()
         .findAny()
         .map(CredentialRegistration::getUsername);
   }
 
+  ////////////////////////////////////////////////////////////////////////////////
+  // The following methods are specific to this demo application.
+  ////////////////////////////////////////////////////////////////////////////////
+
   public boolean addRegistrationByUsername(String username, CredentialRegistration reg) {
     try {
       return storage.get(username, HashSet::new).add(reg);

Original file line number	Diff line number	Diff line change
`@@ -35,4 +35,9 @@ public boolean credentialIdExists(ByteArray credentialId) {`
`35`	`35`	`public Optional<ByteArray> getUserHandleForUsername(String username) {`
`36`	`36`	`return inner.getUserHandleForUsername(username);`
`37`	`37`	`}`
	`38`	`+`
	`39`	`+ @Override`
	`40`	`+ public Optional<String> getUsernameForUserHandle(ByteArray userHandle) {`
	`41`	`+ return inner.getUsernameForUserHandle(userHandle);`
	`42`	`+ }`
`38`	`43`	`}`