From 2780f21a8b3f2c0f45e08bfe20ef10f96cf996a0 Mon Sep 17 00:00:00 2001
From: NicolasCantu <nicolas.cantu@pm.me>
Date: Sun, 26 Oct 2025 02:32:30 +0100
Subject: [PATCH] fix: improve WebAuthn error handling and logging for
 proton-pass mode

---
 src/services/credentials/webauthn.service.ts | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/services/credentials/webauthn.service.ts b/src/services/credentials/webauthn.service.ts
index f24a1d0..2dfafbd 100644
--- a/src/services/credentials/webauthn.service.ts
+++ b/src/services/credentials/webauthn.service.ts
@@ -300,9 +300,12 @@ export class WebAuthnService {
       }
 
       // Récupérer le credentialId dynamiquement via WebAuthn
+      // IMPORTANT: Cela nécessite une interaction utilisateur (authentification biométrique)
+      console.log('🔐 Requesting WebAuthn authentication to retrieve credential...');
       const credentialId = await this.getCurrentCredentialId();
       if (!credentialId) {
-        console.log('🔍 No WebAuthn credential available');
+        console.log('🔍 WebAuthn authentication required but not available');
+        console.log('ℹ️ For proton-pass or os mode, user interaction is required to decrypt the key');
         return null;
       }
 
@@ -372,21 +375,28 @@ export class WebAuthnService {
   private async getCurrentCredentialId(): Promise<string | null> {
     try {
       // Utiliser WebAuthn pour récupérer l'ID de la credential
+      // NOTE: Cette opération peut nécessiter une interaction utilisateur
+      // (authentification biométrique, etc.)
       const credential = await navigator.credentials.get({
         publicKey: {
           challenge: new Uint8Array(32),
           allowCredentials: [],
-          userVerification: 'preferred'
+          userVerification: 'required', // Force l'authentification
+          timeout: 60000 // Donner le temps pour l'authentification
         }
       });
 
       if (credential && credential.id) {
+        console.log('🔐 WebAuthn credential ID retrieved:', credential.id);
         return credential.id;
       }
 
       return null;
     } catch (error) {
-      console.log('🔍 No WebAuthn credential available:', error);
+      // Si erreur de permission ou timeout, c'est normal
+      // L'utilisateur n'a peut-être pas interagi
+      console.log('🔍 WebAuthn credential retrieval failed:', error);
+      console.log('ℹ️ User interaction may be required for authentication');
       return null;
     }
   }