Add user parameter requirement to isConditionalPasskeysEnabled method

bobharper208 · bobharper208 · commit 3214b188de80 · 2025-07-24T13:02:52.000-07:00
This change modifies the method signature to require a UserModel parameter
for proper user context validation during conditional passkey checks.
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/UsernamePasswordForm.java
@@ -112,7 +112,7 @@ public void authenticate(AuthenticationFlowContext context) {
             }
         }
         // setup webauthn data when passkeys enabled
-        if (isConditionalPasskeysEnabled()) {
+        if (isConditionalPasskeysEnabled(context.getUser())) {
             webauthnAuth.fillContextForm(context);
         }
         Response challengeResponse = challenge(context, formData);
@@ -134,7 +134,7 @@ protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<S
 
     @Override
     protected Response challenge(AuthenticationFlowContext context, String error, String field) {
-        if (isConditionalPasskeysEnabled()) {
+        if (isConditionalPasskeysEnabled(context.getUser())) {
             // setup webauthn data when possible
             webauthnAuth.fillContextForm(context);
         }
@@ -157,8 +157,8 @@ public void close() {
 
     }
 
-    protected boolean isConditionalPasskeysEnabled() {
-        return webauthnAuth != null && webauthnAuth.isPasskeysEnabled();
+    protected boolean isConditionalPasskeysEnabled(UserModel user) {
+        return webauthnAuth != null && webauthnAuth.isPasskeysEnabled() && user != null;
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ public void authenticate(AuthenticationFlowContext context) {`
`112`	`112`	`}`
`113`	`113`	`}`
`114`	`114`	`// setup webauthn data when passkeys enabled`
`115`		`- if (isConditionalPasskeysEnabled()) {`
	`115`	`+ if (isConditionalPasskeysEnabled(context.getUser())) {`
`116`	`116`	`webauthnAuth.fillContextForm(context);`
`117`	`117`	`}`
`118`	`118`	`Response challengeResponse = challenge(context, formData);`
`@@ -134,7 +134,7 @@ protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<S`
`134`	`134`
`135`	`135`	`@Override`
`136`	`136`	`protected Response challenge(AuthenticationFlowContext context, String error, String field) {`
`137`		`- if (isConditionalPasskeysEnabled()) {`
	`137`	`+ if (isConditionalPasskeysEnabled(context.getUser())) {`
`138`	`138`	`// setup webauthn data when possible`
`139`	`139`	`webauthnAuth.fillContextForm(context);`
`140`	`140`	`}`
`@@ -157,8 +157,8 @@ public void close() {`
`157`	`157`
`158`	`158`	`}`
`159`	`159`
`160`		`- protected boolean isConditionalPasskeysEnabled() {`
`161`		`- return webauthnAuth != null && webauthnAuth.isPasskeysEnabled();`
	`160`	`+ protected boolean isConditionalPasskeysEnabled(UserModel user) {`
	`161`	`+ return webauthnAuth != null && webauthnAuth.isPasskeysEnabled() && user != null;`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`}`