feat(core): update webauthn passkey name

wangsijie · wangsijie · commit 79837a8b55c0 · 2025-05-29T13:13:10.000+08:00
diff --git a/packages/core/src/routes/account/index.openapi.json b/packages/core/src/routes/account/index.openapi.json
@@ -286,11 +286,40 @@
                   },
                   "type": {
                     "description": "The type of the MFA verification."
+                  },
+                  "name": {
+                    "description": "The name of the MFA verification, if not provided, the name will be generated from user agent."
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/api/my-account/mfa-verifications/{id}/name": {
+      "patch": {
+        "tags": ["Dev feature"],
+        "operationId": "UpdateMfaVerificationName",
+        "summary": "Update a MFA verification name",
+        "description": "Update a MFA verification name, a logto-verification-id in header is required for checking sensitive permissions. Only WebAuthn is supported for now.",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "properties": {
+                  "name": {
+                    "description": "The name of the MFA verification."
                   }
                 }
               }
             }
           }
+        },
+        "responses": {
+          "200": {
+            "description": "The MFA verification name was updated successfully."
+          }
         }
       }
     }
diff --git a/packages/core/src/routes/account/mfa-verifications.ts b/packages/core/src/routes/account/mfa-verifications.ts
@@ -26,6 +26,7 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
       body: z.object({
         type: z.literal(MfaFactor.WebAuthn),
         newIdentifierVerificationRecordId: z.string(),
+        name: z.string().optional(),
       }),
       status: [204, 400, 401],
     }),
@@ -35,7 +36,7 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
         identityVerified,
         new RequestError({ code: 'verification_record.permission_denied', status: 401 })
       );
-      const { newIdentifierVerificationRecordId } = ctx.guard.body;
+      const { newIdentifierVerificationRecordId, name } = ctx.guard.body;
       const { fields } = ctx.accountCenter;
       assertThat(
         fields.mfa === AccountCenterControlValue.Edit,
@@ -71,6 +72,7 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
             ...bindMfa,
             id: generateStandardId(),
             createdAt: new Date().toISOString(),
+            name,
           },
         ],
       });
@@ -82,4 +84,54 @@ export default function mfaVerificationsRoutes<T extends UserRouter>(
       return next();
     }
   );
+
+  // Update mfa verification name, only support webauthn
+  router.patch(
+    `${accountApiPrefix}/mfa-verifications/:id/name`,
+    koaGuard({
+      params: z.object({
+        id: z.string(),
+      }),
+      body: z.object({
+        name: z.string(),
+      }),
+      status: [200, 400, 401],
+    }),
+    async (ctx, next) => {
+      const { id: userId, scopes, identityVerified } = ctx.auth;
+      assertThat(
+        identityVerified,
+        new RequestError({ code: 'verification_record.permission_denied', status: 401 })
+      );
+      const { name } = ctx.guard.body;
+      const { fields } = ctx.accountCenter;
+      assertThat(
+        fields.mfa === AccountCenterControlValue.Edit,
+        'account_center.filed_not_editable'
+      );
+
+      assertThat(scopes.has(UserScope.Identities), 'auth.unauthorized');
+
+      const user = await findUserById(userId);
+      const mfaVerification = user.mfaVerifications.find(
+        (mfaVerification) =>
+          mfaVerification.id === ctx.guard.params.id && mfaVerification.type === MfaFactor.WebAuthn
+      );
+      assertThat(mfaVerification, 'verification_record.not_found');
+
+      const updatedUser = await updateUserById(userId, {
+        mfaVerifications: user.mfaVerifications.map((mfaVerification) =>
+          mfaVerification.id === ctx.guard.params.id
+            ? { ...mfaVerification, name }
+            : mfaVerification
+        ),
+      });
+
+      ctx.appendDataHookContext('User.Data.Updated', { user: updatedUser });
+
+      ctx.status = 200;
+
+      return next();
+    }
+  );
 }

Original file line number	Diff line number	Diff line change
`@@ -286,11 +286,40 @@`
`286`	`286`	`},`
`287`	`287`	`"type": {`
`288`	`288`	`"description": "The type of the MFA verification."`
	`289`	`+ },`
	`290`	`+ "name": {`
	`291`	`+ "description": "The name of the MFA verification, if not provided, the name will be generated from user agent."`
	`292`	`+ }`
	`293`	`+ }`
	`294`	`+ }`
	`295`	`+ }`
	`296`	`+ }`
	`297`	`+ }`
	`298`	`+ }`
	`299`	`+ },`
	`300`	`+ "/api/my-account/mfa-verifications/{id}/name": {`
	`301`	`+ "patch": {`
	`302`	`+ "tags": ["Dev feature"],`
	`303`	`+ "operationId": "UpdateMfaVerificationName",`
	`304`	`+ "summary": "Update a MFA verification name",`
	`305`	`+ "description": "Update a MFA verification name, a logto-verification-id in header is required for checking sensitive permissions. Only WebAuthn is supported for now.",`
	`306`	`+ "requestBody": {`
	`307`	`+ "content": {`
	`308`	`+ "application/json": {`
	`309`	`+ "schema": {`
	`310`	`+ "properties": {`
	`311`	`+ "name": {`
	`312`	`+ "description": "The name of the MFA verification."`
`289`	`313`	`}`
`290`	`314`	`}`
`291`	`315`	`}`
`292`	`316`	`}`
`293`	`317`	`}`
	`318`	`+ },`
	`319`	`+ "responses": {`
	`320`	`+ "200": {`
	`321`	`+ "description": "The MFA verification name was updated successfully."`
	`322`	`+ }`
`294`	`323`	`}`
`295`	`324`	`}`
`296`	`325`	`}`