From 477a090aa04c16bc8d5b806df7956390f6998ae0 Mon Sep 17 00:00:00 2001
From: aiden <allaher@icloud.com>
Date: Wed, 1 Nov 2023 05:40:05 -0500
Subject: [PATCH] feat: when logging in with OAuth2 and authenticating via
 WebAuthn, retrieve the application from the clientId (#2469)

* fix: #2304

* fix: when logging in with OAuth2 and authenticating via WebAuthn, retrieve the application from the clientId.

---------

Co-authored-by: aidenlu <aiden_lu@wochacha.com>
---
 controllers/webauthn.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/controllers/webauthn.go b/controllers/webauthn.go
index 76f1c25f..52de2013 100644
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -154,6 +154,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
+	clientId := c.Input().Get("clientId")
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -182,7 +183,13 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	c.SetSessionUsername(userId)
 	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
 
-	application, err := object.GetApplicationByUser(user)
+	var application *object.Application
+
+	if clientId != "" && (responseType == ResponseTypeCode) {
+		application, err = object.GetApplicationByClientId(clientId)
+	} else {
+		application, err = object.GetApplicationByUser(user)
+	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return