web/flows: fix error when webauthn operations failed and user retries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts

@@ -40,6 +40,8 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     @property({ type: Boolean })
     showBackButton = false;
 
+    transformedCredentialRequestOptions?: PublicKeyCredentialRequestOptions;
+
     static get styles(): CSSResult[] {
         return [
             PFBase,
@@ -55,19 +57,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     }
 
     async authenticate(): Promise<void> {
-        // convert certain members of the PublicKeyCredentialRequestOptions into
-        // byte arrays as expected by the spec.
-        const credentialRequestOptions = this.deviceChallenge
-            ?.challenge as PublicKeyCredentialRequestOptions;
-        const transformedCredentialRequestOptions =
-            transformCredentialRequestOptions(credentialRequestOptions);
-
         // request the authenticator to create an assertion signature using the
         // credential private key
         let assertion;
         try {
             assertion = await navigator.credentials.get({
-                publicKey: transformedCredentialRequestOptions,
+                publicKey: this.transformedCredentialRequestOptions,
             });
             if (!assertion) {
                 throw new Error(t`Assertions is empty`);
@@ -93,6 +88,12 @@ export class AuthenticatorValidateStageWebAuthn extends BaseStage<
     }
 
     firstUpdated(): void {
+        // convert certain members of the PublicKeyCredentialRequestOptions into
+        // byte arrays as expected by the spec.
+        const credentialRequestOptions = this.deviceChallenge
+            ?.challenge as PublicKeyCredentialRequestOptions;
+        this.transformedCredentialRequestOptions =
+            transformCredentialRequestOptions(credentialRequestOptions);
         this.authenticateWrapper();
     }
 

web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts

@@ -39,6 +39,8 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
     @property()
     registerMessage = "";
 
+    publicKeyCredentialCreateOptions?: PublicKeyCredentialCreationOptions;
+
     static get styles(): CSSResult[] {
         return [PFBase, PFLogin, PFFormControl, PFForm, PFTitle, PFButton, AKGlobal];
     }
@@ -47,18 +49,11 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
         if (!this.challenge) {
             return;
         }
-        // convert certain members of the PublicKeyCredentialCreateOptions into
-        // byte arrays as expected by the spec.
-        const publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
-            this.challenge?.registration as PublicKeyCredentialCreationOptions,
-            this.challenge?.registration.user.id,
-        );
-
         // request the authenticator(s) to create a new credential keypair.
         let credential;
         try {
             credential = (await navigator.credentials.create({
-                publicKey: publicKeyCredentialCreateOptions,
+                publicKey: this.publicKeyCredentialCreateOptions,
             })) as PublicKeyCredential;
             if (!credential) {
                 throw new Error("Credential is empty");
@@ -98,6 +93,12 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage<
     }
 
     firstUpdated(): void {
+        // convert certain members of the PublicKeyCredentialCreateOptions into
+        // byte arrays as expected by the spec.
+        this.publicKeyCredentialCreateOptions = transformCredentialCreateOptions(
+            this.challenge?.registration as PublicKeyCredentialCreationOptions,
+            this.challenge?.registration.user.id,
+        );
         this.registerWrapper();
     }