Merge pull request #20239 from mozilla/FXA-13063

feat(passkeys): Add passkey list, delete, rename service functions

Author: nshirley

libs/accounts/errors/src/app-error.ts

@@ -1791,6 +1791,33 @@ export class AppError extends Error {
     });
   }
 
+  static passkeyInvalidName() {
+    return new AppError({
+      code: 400,
+      error: 'Bad Request',
+      errno: ERRNO.PASSKEY_INVALID_NAME,
+      message: 'Invalid passkey name',
+    });
+  }
+
+  static passkeyDeleteFailed() {
+    return new AppError({
+      code: 500,
+      error: 'Internal Server Error',
+      errno: ERRNO.PASSKEY_DELETE_FAILED,
+      message: 'Failed to delete passkey',
+    });
+  }
+
+  static passkeyRenameFailed() {
+    return new AppError({
+      code: 500,
+      error: 'Internal Server Error',
+      errno: ERRNO.PASSKEY_RENAME_FAILED,
+      message: 'Failed to rename passkey',
+    });
+  }
+
   private static decorateErrorWithRequest(error: AppError, request?: Request) {
     if (request) {
       error.output.payload.request = {

libs/accounts/errors/src/constants.ts

@@ -135,6 +135,9 @@ export const ERRNO = {
   PASSKEY_AUTHENTICATION_FAILED: 227,
   PASSKEY_REGISTRATION_FAILED: 228,
   PASSKEY_CHALLENGE_NOT_FOUND: 229,
+  PASSKEY_INVALID_NAME: 230,
+  PASSKEY_DELETE_FAILED: 231,
+  PASSKEY_RENAME_FAILED: 232,
   // Jump to 238 to leave room for future passkey errors
   PASSKEY_CHALLENGE_EXPIRED: 238,
   INTERNAL_VALIDATION_ERROR: 998,

libs/accounts/errors/src/index.spec.ts

@@ -449,5 +449,53 @@ describe('AppErrors', () => {
         },
       });
     });
+
+    it('creates passkeyInvalidName', () => {
+      const result = AppError.passkeyInvalidName();
+      expect(result).toBeInstanceOf(AppError);
+      expect(result).toMatchObject({
+        errno: 230,
+        message: 'Invalid passkey name',
+        output: {
+          statusCode: 400,
+          payload: {
+            error: 'Bad Request',
+            errno: 230,
+          },
+        },
+      });
+    });
+
+    it('creates passkeyDeleteFailed', () => {
+      const result = AppError.passkeyDeleteFailed();
+      expect(result).toBeInstanceOf(AppError);
+      expect(result).toMatchObject({
+        errno: 231,
+        message: 'Failed to delete passkey',
+        output: {
+          statusCode: 500,
+          payload: {
+            error: 'Internal Server Error',
+            errno: 231,
+          },
+        },
+      });
+    });
+
+    it('creates passkeyRenameFailed', () => {
+      const result = AppError.passkeyRenameFailed();
+      expect(result).toBeInstanceOf(AppError);
+      expect(result).toMatchObject({
+        errno: 232,
+        message: 'Failed to rename passkey',
+        output: {
+          statusCode: 500,
+          payload: {
+            error: 'Internal Server Error',
+            errno: 232,
+          },
+        },
+      });
+    });
   });
 });

libs/accounts/passkey/src/lib/passkey.config.ts

@@ -18,6 +18,12 @@ import type {
   UserVerificationRequirement,
 } from '@simplewebauthn/server';
 
+/**
+ * Maximum length for a passkey's user-facing name.
+ * Derived from the DB schema constraint: `name varchar(255)`.
+ */
+export const MAX_PASSKEY_NAME_LENGTH = 255;
+
 /**
  * Configuration for passkey (WebAuthn) functionality.
  *

libs/accounts/passkey/src/lib/passkey.manager.in.spec.ts

@@ -13,7 +13,7 @@ import { AccountManager } from '@fxa/shared/account/account';
 import { LOGGER_PROVIDER } from '@fxa/shared/log';
 import { Test } from '@nestjs/testing';
 import { PasskeyManager } from './passkey.manager';
-import { PasskeyConfig } from './passkey.config';
+import { PasskeyConfig, MAX_PASSKEY_NAME_LENGTH } from './passkey.config';
 import { findPasskeyByCredentialId, insertPasskey } from './passkey.repository';
 import { StatsDService } from '@fxa/shared/metrics/statsd';
 import { AppError } from '../../../errors/src';
@@ -338,12 +338,12 @@ describe('PasskeyManager (Integration)', () => {
       expect(found?.name).toBe(passkey.name);
     });
 
-    it('accepts a name at exactly 255 characters', async () => {
+    it(`accepts a name at exactly ${MAX_PASSKEY_NAME_LENGTH} characters`, async () => {
       const uid = await createTestAccount();
       const passkey = PasskeyFactory({ uid });
       await manager.registerPasskey(passkey);
 
-      const exactName = 'x'.repeat(255);
+      const exactName = 'x'.repeat(MAX_PASSKEY_NAME_LENGTH);
       const renamed = await manager.renamePasskey(
         uid,
         passkey.credentialId,

libs/accounts/passkey/src/lib/passkey.manager.spec.ts

@@ -11,7 +11,7 @@ import {
 import { LOGGER_PROVIDER } from '@fxa/shared/log';
 import { StatsDService } from '@fxa/shared/metrics/statsd';
 import { PasskeyManager } from './passkey.manager';
-import { PasskeyConfig } from './passkey.config';
+import { PasskeyConfig, MAX_PASSKEY_NAME_LENGTH } from './passkey.config';
 import * as PasskeyRepository from './passkey.repository';
 import { AppError } from '../../../errors/src';
 
@@ -208,11 +208,11 @@ describe('PasskeyManager', () => {
   });
 
   describe('renamePasskey', () => {
-    it('returns false without calling repository when name exceeds 255 characters', async () => {
+    it(`returns false without calling repository when name exceeds ${MAX_PASSKEY_NAME_LENGTH} characters`, async () => {
       const result = await manager.renamePasskey(
         Buffer.alloc(16, 1),
         Buffer.alloc(32, 2),
-        'x'.repeat(256)
+        'x'.repeat(MAX_PASSKEY_NAME_LENGTH + 1)
       );
 
       expect(result).toBe(false);

libs/accounts/passkey/src/lib/passkey.manager.ts

@@ -22,7 +22,7 @@ import {
   updatePasskeyCounterAndLastUsed,
   updatePasskeyName,
 } from './passkey.repository';
-import { PasskeyConfig } from './passkey.config';
+import { PasskeyConfig, MAX_PASSKEY_NAME_LENGTH } from './passkey.config';
 import { AppError } from '@fxa/accounts/errors';
 
 /**
@@ -148,14 +148,14 @@ export class PasskeyManager {
    * Both uid and credentialId must match to prevent one user from renaming
    * another user's passkey.
    *
-   * @returns true if the passkey was found and renamed, false if not found, wrong user, or name exceeds 255 characters
+   * @returns true if the passkey was found and renamed, false if not found, wrong user, or name exceeds MAX_PASSKEY_NAME_LENGTH characters
    */
   async renamePasskey(
     uid: Buffer,
     credentialId: Buffer,
     newName: string
   ): Promise<boolean> {
-    if (newName.length > 255) {
+    if (newName.length > MAX_PASSKEY_NAME_LENGTH) {
       return false;
     }
     const rowsUpdated = await updatePasskeyName(