User must be able to configure webAuthn in bit Boilerplate if passkey is no longer valid (#11947)

[ysmoradi]

closes #11947

Summary by CodeRabbit

• Bug Fixes
  • Enhanced error handling in the passwordless authentication disable flow to ensure proper configuration cleanup and reset occur regardless of credential verification outcome, allowing users to successfully retry the operation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Two files were modified to enhance WebAuthn passwordless credential management. A code comment was added for documentation clarity in the diagnostic modal utilities. The passwordless tab's DisablePasswordless method was restructured to ensure cleanup operations—removing stored WebAuthn user IDs and resetting configuration state—execute regardless of credential verification success or failure, enabling retry scenarios.

Changes

Cohort / File(s)	Summary
WebAuthn Diagnostics ...Client/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs	Added clarifying comment documenting that RemoveWebAuthnConfiguredUserId is cleared via StorageService.Clear() in subsequent cleanup logic.
Passwordless Configuration ...Client/Components/Pages/Settings/Account/PasswordlessTab.razor.cs	Restructured error handling in DisablePasswordless method to move credential cleanup and state reset into a finally-like block, ensuring removal of stored WebAuthn user ID and isConfigured reset occurs regardless of credential verification success or failure.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A passkey stumbled, oh what a plight,
But now the bunny fixed the retry's might!
In finally blocks, we ensure cleanup flows,
So users can reconfigure—that's how it goes! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The code changes in PasswordlessTab.razor.cs and AppDiagnosticModal.razor.Utils.cs implement a recovery mechanism for WebAuthn by ensuring cleanup and reconfiguration are possible even when passkey verification fails, directly addressing issue #11947's requirement.
Out of Scope Changes check	✅ Passed	All changes are directly related to WebAuthn reconfiguration logic and cleanup, with no unrelated modifications detected outside the scope of enabling users to reconfigure WebAuthn when passkeys become invalid.
Title check	✅ Passed	The title accurately describes the main objective: enabling users to reconfigure WebAuthn when passpkeys are no longer valid, which aligns with the code changes in PasswordlessTab.razor.cs that implement error recovery logic.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between a6d67cb and 46a5862.

📒 Files selected for processing (2)

• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Settings/Account/PasswordlessTab.razor.cs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL analysis (csharp)
• GitHub Check: build Bit.Templates

🔇 Additional comments (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs (1)

129-129: LGTM! Helpful documentation comment.

The comment clarifies the relationship between WebAuthn credential deletion and the subsequent storage clear operation, improving code maintainability.

[Copilot]

Pull request overview

This PR addresses issue #11947 by allowing users to reconfigure WebAuthn when their passkey is no longer valid. The changes move the cleanup logic for removing stored WebAuthn configuration to handle scenarios where passkey validation fails.

• Moved RemoveWebAuthnConfiguredUserId and isConfigured reset logic to a finally block in the disable passwordless flow
• Added explanatory comments about browser behavior when passkeys fail
• Added clarifying comment in diagnostic modal about storage cleanup

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
PasswordlessTab.razor.cs	Relocated WebAuthn cleanup logic to finally block to handle invalid passkey scenarios
AppDiagnosticModal.razor.Utils.cs	Added clarifying comment about WebAuthn credential cleanup during diagnostic clear operations