Fixed header detection for disabling all credentials on recovery.

Tidied up confirmation and recovery scripts.
Added failure recovery line.

resources/lang/en/recovery.php

@@ -19,4 +19,6 @@
     'user'      => 'We can\'t find a user with that email address.',
     'token'     => 'The token is invalid or has expired.',
     'throttled' => 'Please wait before retrying.',
+
+    'failed'    => 'The recovery failed. Try again.',
 ];

resources/views/confirm.blade.php

@@ -17,16 +17,20 @@
 @push('scripts')
     <script src="{{ asset('vendor/larapass/js/larapass.js') }}"></script>
     <script>
+        const larapass = new Larapass({
+            login: '/webauthn/confirm',
+            loginOptions: '/webauthn/confirm/options'
+        });
+
         document.getElementById('form').addEventListener('submit', function (event) {
             event.preventDefault()
 
-            const larapass = new Larapass({
-                login: '/webauthn/confirm',
-                loginOptions: '/webauthn/confirm/options'
-            })
-
             larapass.login()
-                .then(response => window.location.replace = response.json().redirectTo)
+                .then(response => window.location.replace(response.redirectTo))
+                .catch(response => {
+                    alert('{{ __('Confirmation unsuccessful, try again!') }}')
+                    console.error('Confirmation unsuccessful', response);
+                })
         })
     </script>
 @endpush

resources/views/recover.blade.php

@@ -35,21 +35,26 @@
 @push('scripts')
     <script src="{{ asset('vendor/larapass/js/larapass.js') }}"></script>
     <script>
+        const larapass = new Larapass({
+            register: '/webauthn/recover/register',
+            registerOptions: '/webauthn/recover/options'
+        })
+
         document.getElementById('form').addEventListener('submit', function (event) {
             event.preventDefault()
 
-            const larapass = new Larapass({
-                register: '/webauthn/recover/register',
-                registerOptions: '/webauthn/recover/options'
-            })
-
             let entries = Object.fromEntries(new FormData(this).entries())
 
             larapass.register(entries, {
                 token: entries.token,
                 email: entries.email,
                 'WebAuthn-Unique': entries.unique ? true : false,
-            }).then(response => window.location.replace = response.json().redirectTo)
+            })
+                .then(response => window.location.replace(response.redirectTo))
+                .catch(response => {
+                    alert('{{ trans('larapass::recovery.failed') }}')
+                    console.error('Recovery failed', response)
+                })
         })
     </script>
 @endpush

src/Http/RecoversWebAuthn.php

@@ -99,7 +99,7 @@ protected function register(Request $request, WebAuthnAuthenticatable $user)
         );
 
         if ($validCredential) {
-            if ($request->filled('unique') || $request->header('WebAuthn-Unique')) {
+            if ($this->shouldDisableAllCredentials($request)) {
                 $user->disableAllCredentials();
             }
 
@@ -111,6 +111,18 @@ protected function register(Request $request, WebAuthnAuthenticatable $user)
         }
     }
 
+    /**
+     * Check if the user has set to disable all others credentials.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return bool|mixed
+     */
+    protected function shouldDisableAllCredentials(Request $request)
+    {
+        return filter_var($request->header('WebAuthn-Unique'), FILTER_VALIDATE_BOOLEAN)
+            ?? $request->filled('unique');
+    }
+
     /**
      * Get the response for a successful account recovery.
      *