Drop all passkeys if the dashboard domain changes

src/passkeys.js

@@ -91,6 +91,10 @@ async function updateCounter(id, counter) {
     await database.query('UPDATE passkeys SET counter = ?, lastUsedTime = NOW() WHERE id = ?', [ counter, id ]);
 }
 
+async function delAll() {
+    await database.query('DELETE FROM passkeys');
+}
+
 function storeChallenge(userId, challenge) {
     const key = `${userId}`;
     gChallenges.set(key, {
@@ -308,6 +312,9 @@ export default {
     del,
     updateCounter,
 
+    // this is only for dashboard origin changes
+    delAll,
+
     generateRegistrationOptions,
     verifyRegistration,
     generateAuthenticationOptions,

src/platform.js

@@ -15,6 +15,7 @@ import infra from './infra_version.js';
 import locks from './locks.js';
 import oidcServer from './oidcserver.js';
 import paths from './paths.js';
+import passkeys from './passkeys.js';
 import reverseProxy from './reverseproxy.js';
 import safe from 'safetydance';
 import services from './services.js';
@@ -200,6 +201,9 @@ async function onDashboardLocationSet(subdomain, domain) {
     await safe(reverseProxy.writeDashboardConfig(subdomain, domain), { debug }); // ok to fail if no disk space
     await oidcServer.stop();
     await oidcServer.start();
+
+    // passkeys are bound to the origin, so we have to invalidate all of them
+    await passkeys.delAll();
 }
 
 async function initialize() {