a8b7eace48
Enable users to sign up and sign in using passkeys (biometrics/security keys) without needing a manually-created Authentik account. The existing SSO login remains as an alternative. Backend: - Add WebAuthn registration/authentication endpoints via py-webauthn - Issue HS256 JWTs for passkey users, with Redis-backed challenge storage - Dual JWT verification in auth middleware (issuer-based routing: passkey HS256 vs Authentik RS256) - PasskeyCredential model + migration making user.password nullable - UserRepository with full CRUD for users and credentials Frontend: - AuthUser type abstraction unifying OIDC and passkey users - Passkey service using @simplewebauthn/browser for WebAuthn ceremonies - LoginModal redesigned with Sign In / Sign Up tabs - Type migration from oidc-client-ts User to AuthUser across all services and components
66 lines
2.3 KiB
Python
66 lines
2.3 KiB
Python
"""add passkey auth
|
|
|
|
Revision ID: b4c7d8e9f0a1
|
|
Revises: a1b2c3d4e5f6
|
|
Create Date: 2025-07-15 10:00:00.000000
|
|
|
|
"""
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
import sqlmodel
|
|
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision: str = 'b4c7d8e9f0a1'
|
|
down_revision: Union[str, None] = 'a1b2c3d4e5f6'
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
"""Upgrade schema."""
|
|
# Make user.password nullable
|
|
op.alter_column('user', 'password',
|
|
existing_type=sqlmodel.sql.sqltypes.AutoString(),
|
|
nullable=True)
|
|
|
|
# Add created_at to user table
|
|
op.add_column('user',
|
|
sa.Column('created_at', sa.DateTime(),
|
|
nullable=True,
|
|
server_default=sa.func.now()))
|
|
|
|
# Create passkeycredential table
|
|
op.create_table('passkeycredential',
|
|
sa.Column('id', sa.Integer(), nullable=False),
|
|
sa.Column('credential_id', sqlmodel.sql.sqltypes.AutoString(), nullable=False),
|
|
sa.Column('public_key', sqlmodel.sql.sqltypes.AutoString(), nullable=False),
|
|
sa.Column('sign_count', sa.Integer(), nullable=False),
|
|
sa.Column('transports', sqlmodel.sql.sqltypes.AutoString(), nullable=True),
|
|
sa.Column('user_id', sa.Integer(), nullable=False),
|
|
sa.Column('created_at', sa.DateTime(), nullable=True,
|
|
server_default=sa.func.now()),
|
|
sa.ForeignKeyConstraint(['user_id'], ['user.id']),
|
|
sa.PrimaryKeyConstraint('id'),
|
|
)
|
|
op.create_index(op.f('ix_passkeycredential_credential_id'),
|
|
'passkeycredential', ['credential_id'], unique=True)
|
|
op.create_index(op.f('ix_passkeycredential_user_id'),
|
|
'passkeycredential', ['user_id'], unique=False)
|
|
|
|
|
|
def downgrade() -> None:
|
|
"""Downgrade schema."""
|
|
op.drop_index(op.f('ix_passkeycredential_user_id'),
|
|
table_name='passkeycredential')
|
|
op.drop_index(op.f('ix_passkeycredential_credential_id'),
|
|
table_name='passkeycredential')
|
|
op.drop_table('passkeycredential')
|
|
|
|
op.drop_column('user', 'created_at')
|
|
|
|
op.alter_column('user', 'password',
|
|
existing_type=sqlmodel.sql.sqltypes.AutoString(),
|
|
nullable=False)
|