From 4fd8b77a7055109ac3ef383b6a31a3e39878d365 Mon Sep 17 00:00:00 2001
From: Jakub Jedlicka <jjedlick@redhat.com>
Date: Wed, 18 Dec 2024 10:23:16 +0100
Subject: [PATCH] Refactor userName to usernachange and change POST to GET
 request on REGISTER_CHALLENGE_OPTIONS_URL endpoint

For more info about these changes see https://github.com/quarkusio/quarkus/pull/45132
---
 .../ts/security/webauthn/model/User.java      |  6 ++---
 .../webauthn/model/WebAuthnCredential.java    |  6 ++---
 .../webauthn/security/MyWebAuthnSetup.java    |  6 ++---
 .../resources/META-INF/resources/index.html   | 16 +++++------
 .../webauthn/AbstractWebAuthnTest.java        | 27 +++++++++----------
 5 files changed, 30 insertions(+), 31 deletions(-)

diff --git a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/User.java b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/User.java
index 84445e0ee..a8105c6ea 100644
--- a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/User.java
+++ b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/User.java
@@ -13,12 +13,12 @@
 public class User extends PanacheEntity {
 
     @Column(unique = true)
-    public String userName;
+    public String username;
 
     @OneToOne(mappedBy = "user")
     public WebAuthnCredential webAuthnCredential;
 
-    public static Uni<User> findByUserName(String userName) {
-        return find("userName", userName).firstResult();
+    public static Uni<User> findByUsername(String username) {
+        return find("username", username).firstResult();
     }
 }
diff --git a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/WebAuthnCredential.java b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/WebAuthnCredential.java
index 4e2361e2e..18636ad9a 100644
--- a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/WebAuthnCredential.java
+++ b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/model/WebAuthnCredential.java
@@ -55,11 +55,11 @@ public WebAuthnCredential(WebAuthnCredentialRecord credentialRecord, User user)
     public WebAuthnCredentialRecord toWebAuthnCredentialRecord() {
         return WebAuthnCredentialRecord
                 .fromRequiredPersistedData(
-                        new RequiredPersistedData(user.userName, credID, aaguid, publicKey, publicKeyAlgorithm, counter));
+                        new RequiredPersistedData(user.username, credID, aaguid, publicKey, publicKeyAlgorithm, counter));
     }
 
-    public static Uni<List<WebAuthnCredential>> findByUserName(String userName) {
-        return list("user.userName", userName);
+    public static Uni<List<WebAuthnCredential>> findByUsername(String username) {
+        return list("user.username", username);
     }
 
     public static Uni<WebAuthnCredential> findByCredentialId(String credID) {
diff --git a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/security/MyWebAuthnSetup.java b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/security/MyWebAuthnSetup.java
index d0ba6f07b..607c75df0 100644
--- a/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/security/MyWebAuthnSetup.java
+++ b/security/webauthn/src/main/java/io/quarkus/ts/security/webauthn/security/MyWebAuthnSetup.java
@@ -19,8 +19,8 @@ public class MyWebAuthnSetup implements WebAuthnUserProvider {
 
     @WithTransaction
     @Override
-    public Uni<List<WebAuthnCredentialRecord>> findByUserName(String userName) {
-        return WebAuthnCredential.findByUserName(userName)
+    public Uni<List<WebAuthnCredentialRecord>> findByUsername(String username) {
+        return WebAuthnCredential.findByUsername(username)
                 .map(list -> list.stream().map(WebAuthnCredential::toWebAuthnCredentialRecord).toList());
     }
 
@@ -36,7 +36,7 @@ public Uni<WebAuthnCredentialRecord> findByCredentialId(String credentialId) {
     @Override
     public Uni<Void> store(WebAuthnCredentialRecord credentialRecord) {
         User newUser = new User();
-        newUser.userName = credentialRecord.getUserName();
+        newUser.username = credentialRecord.getUsername();
         WebAuthnCredential credential = new WebAuthnCredential(credentialRecord, newUser);
         return credential.persist()
                 .flatMap(c -> newUser.persist())
diff --git a/security/webauthn/src/main/resources/META-INF/resources/index.html b/security/webauthn/src/main/resources/META-INF/resources/index.html
index d363898e6..ed4f0a17b 100644
--- a/security/webauthn/src/main/resources/META-INF/resources/index.html
+++ b/security/webauthn/src/main/resources/META-INF/resources/index.html
@@ -58,14 +58,14 @@ <h1>Status</h1>
   <div class="item">
     <h1>Login</h1>
     <p>
-      <input id="userNameLogin" placeholder="User name"/><br/>
+      <input id="usernameLogin" placeholder="User name"/><br/>
       <button id="login">Login</button>
     </p>
   </div>
   <div class="item">
     <h1>Register</h1>
     <p>
-      <input id="userNameRegister" placeholder="User name"/><br/>
+      <input id="usernameRegister" placeholder="User name"/><br/>
       <input id="firstName" placeholder="First name"/><br/>
       <input id="lastName" placeholder="Last name"/><br/>
       <button id="register">Register</button>
@@ -88,11 +88,11 @@ <h1>Register</h1>
       const loginButton = document.getElementById('login');
 
       loginButton.onclick = () => {
-        var userName = document.getElementById('userNameLogin').value;
+        var username = document.getElementById('usernameLogin').value;
         result.replaceChildren();
-        webAuthn.login({ name: userName })
+        webAuthn.login({ name: username })
           .then(body => {
-            result.append("User: "+userName);
+            result.append("User: "+username);
           })
           .catch(err => {
             result.append("Login failed: "+err);
@@ -103,13 +103,13 @@ <h1>Register</h1>
       const registerButton = document.getElementById('register');
 
       registerButton.onclick = () => {
-        var userName = document.getElementById('userNameRegister').value;
+        var username = document.getElementById('usernameRegister').value;
         var firstName = document.getElementById('firstName').value;
         var lastName = document.getElementById('lastName').value;
         result.replaceChildren();
-        webAuthn.register({ name: userName, displayName: firstName + " " + lastName })
+        webAuthn.register({ name: username, displayName: firstName + " " + lastName })
           .then(body => {
-            result.append("User: "+userName);
+            result.append("User: "+username);
           })
           .catch(err => {
             result.append("Registration failed: "+err);
diff --git a/security/webauthn/src/test/java/io/quarkus/ts/security/webauthn/AbstractWebAuthnTest.java b/security/webauthn/src/test/java/io/quarkus/ts/security/webauthn/AbstractWebAuthnTest.java
index ec794eeca..304224826 100644
--- a/security/webauthn/src/test/java/io/quarkus/ts/security/webauthn/AbstractWebAuthnTest.java
+++ b/security/webauthn/src/test/java/io/quarkus/ts/security/webauthn/AbstractWebAuthnTest.java
@@ -111,13 +111,13 @@ public void testRegisterWebAuthnUser() {
 
     @Test
     @Order(6)
-    public void testRegisterSameUserName() {
+    public void testRegisterSameUsername() {
         MyWebAuthnHardware myWebAuthnHardware = new MyWebAuthnHardware(url);
         String challenge = getRegistrationChallenge(USERNAME, cookieFilter);
         JsonObject registrationJson = myWebAuthnHardware.makeRegistrationJson(challenge);
         ExtractableResponse<Response> response = RestAssured
                 .given()
-                .queryParam("userName", USERNAME)
+                .queryParam("username", USERNAME)
                 .body(registrationJson.encode())
                 .filter(cookieFilter)
                 .contentType(ContentType.JSON)
@@ -136,11 +136,11 @@ public void testRegisterSameUserName() {
     @Test
     @Order(7)
     public void testFailLoginWithFakeRegisterUser() {
-        String newUserName = "Kipchoge";
+        String newUsername = "Kipchoge";
         ExtractableResponse<Response> response = given().filter(cookieFilter)
                 .contentType(ContentType.JSON)
-                .body("{\"name\": \"" + newUserName + "\"}")
-                .post(REGISTER_CHALLENGE_OPTIONS_URL)
+                .queryParam("username", newUsername)
+                .get(REGISTER_CHALLENGE_OPTIONS_URL)
                 .then()
                 .statusCode(is(200)).extract();
 
@@ -157,10 +157,10 @@ public void testFailLoginWithFakeRegisterUser() {
                 .statusCode(404);
     }
 
-    public static void invokeRegisteration(String userName, JsonObject registration, Filter cookieFilter) {
+    public static void invokeRegisteration(String username, JsonObject registration, Filter cookieFilter) {
         RestAssured
                 .given()
-                .queryParam("userName", userName)
+                .queryParam("username", username)
                 .body(registration.encode())
                 .filter(cookieFilter)
                 .contentType(ContentType.JSON)
@@ -174,13 +174,12 @@ public static void invokeRegisteration(String userName, JsonObject registration,
 
     }
 
-    public static String getRegistrationChallenge(String userName, Filter cookieFilter) {
-        JsonObject registerJson = new JsonObject().put("name", userName);
+    public static String getRegistrationChallenge(String username, Filter cookieFilter) {
         ExtractableResponse<Response> response = given()
-                .body(registerJson.encode())
                 .contentType(ContentType.JSON)
                 .filter(cookieFilter)
-                .post(REGISTER_CHALLENGE_OPTIONS_URL)
+                .queryParam("username", username)
+                .get(REGISTER_CHALLENGE_OPTIONS_URL)
                 .then()
                 .statusCode(200)
                 .cookie("_quarkus_webauthn_challenge", Matchers.notNullValue()).extract();
@@ -190,7 +189,7 @@ public static String getRegistrationChallenge(String userName, Filter cookieFilt
         return challenge;
     }
 
-    private void verifyLoggedIn(Filter cookieFilter, String userName, User user) {
+    private void verifyLoggedIn(Filter cookieFilter, String username, User user) {
 
         // public API still good
         given().filter(cookieFilter)
@@ -203,14 +202,14 @@ private void verifyLoggedIn(Filter cookieFilter, String userName, User user) {
                 .get(PUBLIC_ME_API_URL)
                 .then()
                 .statusCode(200)
-                .body(Matchers.is(userName));
+                .body(Matchers.is(username));
 
         // user API accessible
         given().filter(cookieFilter)
                 .get(USER_API_URL)
                 .then()
                 .statusCode(200)
-                .body(Matchers.is(userName));
+                .body(Matchers.is(username));
 
         //admin API
         if (user == User.ADMIN) {