Add multi-device WebAuthN support#120
Merged
Merged
Conversation
- Backend: add getAuthnDevices, removeDevice, renameDevice methods - API routes: GET/DELETE/PATCH /2factor/authn/device endpoints - Registration: prompt for device name, store in Redis hash - Login: device selection dropdown when multiple devices exist - Settings: device list with rename/remove buttons - Templates: login-authn device selection, 2factor device container - Translations: 8 new keys across all 8 language directories Assisted-by: unsloth/Qwen3.6-35B-A3B-GGUF
Upgrade fido2-lib from ^2.8.1 to ^3.5.8, which removes the vulnerable elliptic dependency chain (fido2-lib → jwk-to-pem → elliptic). The public API is unchanged so no code modifications needed. Assisted-by: unsloth/Qwen3.6-35B-A3B-GGUF
- Pass devices array from renderSettings to template - Add device list partial for server-side and client-side rendering - Replace JS-built HTML string in renderDevicesList with app.parseAndTranslate - Device list markup now lives in templates, not client-side JS
db.getObjectKeys was called on the sorted set key 2factor:webauthn:counters instead of the hash key — Redis throws WRONGTYPE. db.sortedSetRemove is idempotent so the check is unnecessary.
- Remove mute condition on the enable button when a key already exists - Add 'authn.add' translation key for 'Add key' label shown when hasAuthn is true - Users can now register additional hardware keys alongside existing ones
This was referenced May 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Assisted-by: unsloth/Qwen3.6-35B-A3B-GGUF
AI Summary
All changes are complete. Here's a summary of what was implemented:Summary of Multi-Device WebAuthN Support
Backend Changes (
library.js)getAuthnDevices(uid): Returns array of{id, name}objects by merging key IDs with device names from RedissaveAuthn(uid, authnrData, deviceName): Now accepts optionaldeviceNameparameter, stored in2factor:webauthn:${uid}:nameshashremoveDevice(uid, id): Removes single device from both credentials and names storagerenameDevice(uid, id, newName): Updates device name in the names hashdisassociate(uid): Now also clears the names hashGET /2factor/authn/devices- list all devicesPATCH /2factor/authn/device- rename device (body:{id, name})DELETE /2factor/authn/device/:id- remove single devicePOST /2factor/authn/registerto accept optionaldeviceNamein request bodyController Changes (
lib/controllers.js)renderAuthnChallengenow fetches full device list and passes it to the templateFrontend Changes
static/lib/settings.js: Device management UI with rename/remove buttons, prompts for device name during registration, renders device list on page loadstatic/lib/authn.js: Handles device selection during login - when multiple devices exist, shows dropdown; otherwise proceeds directlystatic/templates/login-authn.tpl: Device selection dropdown for multiple devices, auto-assertion for single devicestatic/templates/account/2factor.tpl: Added device list containerTranslations (
languages/*/2factor.json)Added 8 new keys:
authn.register.prompt,authn.login.select,authn.rename,authn.rename.promptauthn.renamed,authn.remove,authn.remove.confirm,authn.removedUpdated in all 8 language directories (en-GB, fa-IR, fr, it, ko, pl, ru, zh-CN).