LycheeOrg · ildyria · Sep 3, 2023 · Sep 3, 2023
diff --git a/app/Http/Controllers/WebAuthn/WebAuthnLoginController.php b/app/Http/Controllers/WebAuthn/WebAuthnLoginController.php
@@ -27,7 +27,15 @@ class WebAuthnLoginController
 	 */
 	public function options(AssertionRequest $request): Responsable
 	{
-		return $request->toVerify($request->validate(['user_id' => 'sometimes|int'])['user_id'] ?? null);
+		$fields = $request->validate([
+			'user_id' => 'sometimes|int',
+			'username' => 'sometimes|string',
+		]);
+
+		$username = $fields['username'] ?? null;
+		$authenticatable = $fields['user_id'] ?? ($username !== null ? ['username' => $username] : null);
+
+		return $request->toVerify($authenticatable);
 	}
 
 	/**

diff --git a/tests/Feature/WebAuthTest.php b/tests/Feature/WebAuthTest.php
@@ -211,6 +211,34 @@ public function testWebAuthLoginOptions(): void
 		]);
 	}
 
+	/**
+	 * Testing the Login options.
+	 *
+	 * @return void
+	 */
+	public function testWebAuthLoginOptionsUsername(): void
+	{
+		$this->createCredentials();
+
+		// Generate a challenge for username = admin
+		$response = $this->postJson('/api/WebAuthn::login/options', ['username' => 'admin']);
+		$this->assertOk($response);
+
+		$challengeRetrieved = Session::get(config('webauthn.challenge.key'));
+		$clg = $challengeRetrieved->data->toBase64Url();
+
+		$response->assertJson([
+			'timeout' => 60000,
+			'challenge' => $clg,
+			'allowCredentials' => [
+				0 => [
+					'id' => '_Xlz-khgFhDdkvOWyy_YqC54ExkYyp1o6HAQiybqLST-9RGBndpgI06TQygIYI7ZL2dayCMYm6J1-bXyl72obA',
+					'type' => 'public-key',
+				],
+			],
+		]);
+	}
+
 	/**
 	 * Testing the Login interface.
 	 *