fix: resolve WebAuthn passkey compatibility with py_webauthn 2.7.0

- Fix aaguid type (str not bytes) in registration verification - Fix missing credential_backup_eligible field (use credential_device_type) - Remove invalid credential_id param from verify_authentication_response - Fix origin detection to use browser Origin header for WebAuthn verification - Add async database engine support (aiosqlite) for passkey operations - Convert UserDatabase to async-compatible with sync/async session detection - Update Database class to support both sync and async context managers Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-23 18:11:37 +08:00 · 2026-01-23 15:07:18 +01:00
parent d2cfd9b150
commit 027222a24d
7 changed files with 119 additions and 71 deletions
--- a/backend/src/module/api/auth.py
+++ b/backend/src/module/api/auth.py
@@ -22,7 +22,7 @@ router = APIRouter(prefix="/auth", tags=["auth"])
@router.post("/login", response_model=dict)
 async def login(response: Response, form_data=Depends(OAuth2PasswordRequestForm)):
    user = User(username=form_data.username, password=form_data.password)
-    resp = auth_user(user)
+    resp = await auth_user(user)
    if resp.status:
        token = create_access_token(
            data={"sub": user.username}, expires_delta=timedelta(days=1)
@@ -58,7 +58,7 @@ async def logout(response: Response):
@router.post("/update", response_model=dict, dependencies=[Depends(get_current_user)])
 async def update_user(user_data: UserUpdate, response: Response):
    old_user = active_user[0]
-    if update_user_info(user_data, old_user):
+    if await update_user_info(user_data, old_user):
        token = create_access_token(
            data={"sub": old_user}, expires_delta=timedelta(days=1)
        )