Skip to content

feat(passkeys): Add passkey manager functions#20135

Open
vpomerleau wants to merge 1 commit intomainfrom
FXA-13064
Open

feat(passkeys): Add passkey manager functions#20135
vpomerleau wants to merge 1 commit intomainfrom
FXA-13064

Conversation

@vpomerleau
Copy link
Contributor

@vpomerleau vpomerleau commented Mar 3, 2026

Because

  • The passkey routes need a service layer to enforce business rules before touching the database

This pull request

  • Implements PasskeyManager with the full passkey lifecycle: register, post-auth update, list, rename, delete, and bulk delete
  • Adds name validation (empty/whitespace/too long) with PasskeyInvalidNameError (errno 229)
  • Tightens updatePasskeyName to match on both uid and credentialId, preventing cross-user renames
  • Adds lockAccountForPasskeyOperation and isMysqlDupEntry helpers to the repository layer
  • Guards maxPasskeysPerUser config with @min(1) to prevent accidentally disabling registration
  • Adds unit and integration tests for the manager

Issue that this pull request solves

Closes: FXA-13064

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Any other information that is important to this pull request.

@vpomerleau vpomerleau requested a review from a team as a code owner March 3, 2026 23:38
@vpomerleau vpomerleau marked this pull request as draft March 4, 2026 17:29
@vpomerleau vpomerleau force-pushed the FXA-13064 branch 3 times, most recently from 64adc6c to e4f2a6c Compare March 4, 2026 21:05
@vpomerleau vpomerleau marked this pull request as ready for review March 4, 2026 21:53
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom reviewed Mar 4, 2026
View reviewed changes
dschom
dschom approved these changes Mar 4, 2026
View reviewed changes
Copy link
Contributor

@dschom dschom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

R+WC. Looks good overall. I do have a couple concerns around the replay attack implementation and what I think might end up being a race condition. Feel free to turn those into fast follows, if you want to unblock the jira ticket.

@vpomerleau
feat(passkeys): Add passkey manager functions
4e106e4 
Because:
- The passkey routes needs to enforce business rules before touching the database

This commit:
- Implements PasskeyManager with the full passkey lifecycle: register, post-auth update, list, rename, delete, and bulk delete
- Guards maxPasskeysPerUser config with @min(1) to prevent accidentally disabling registration
- Adds unit and integration tests for the manager

Closes #FXA-13064
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dschom dschom dschom approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vpomerleau @dschom