Left over changes

src/auth.rs

@@ -244,6 +244,8 @@ pub async fn post_login(
         }
     };
 
+    println!("Authentication: {} credential(s) found for {}", stored.credentials.len(), username);
+
     let (rcr, auth_state) = match state
         .webauthn
         .start_securitykey_authentication(&stored.credentials)
@@ -332,19 +334,11 @@ pub async fn post_register_start(
         return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response();
     }
 
-    let stored = load_credentials(&username);
+    let user_id = Uuid::new_v4();
-    let user_id = stored.as_ref().map(|s| s.user_id).unwrap_or_else(Uuid::new_v4);
-
-    let exclude: Option<Vec<CredentialID>> = stored.as_ref().map(|s| {
-        s.credentials
-            .iter()
-            .map(|c| c.cred_id().clone())
-            .collect()
-    });
 
     let (ccr, reg_state) = match state
         .webauthn
-        .start_securitykey_registration(user_id, &username, &username, exclude, None, None)
+        .start_securitykey_registration(user_id, &username, &username, None, None, None)
     {
         Ok(r) => r,
         Err(e) => {
@@ -404,12 +398,27 @@ pub async fn post_register_finish(
         }
     };
 
-    let mut stored = load_credentials(&username).unwrap_or(StoredCredentials {
+    let path = std::path::PathBuf::from(CREDENTIAL_DIR).join(format!("{}.json", username));
-        user_id,
+    let mut stored = if path.exists() {
-        credentials: vec![],
+        match load_credentials(&username) {
-    });
+            Some(s) => {
+                println!("Loaded {} existing credential(s) for {}", s.credentials.len(), username);
+                s
+            }
+            None => {
+                println!("ERROR: credential file exists for {} but could not be parsed — refusing to overwrite", username);
+                return (StatusCode::INTERNAL_SERVER_ERROR, "Failed to read existing credentials").into_response();
+            }
+        }
+    } else {
+        StoredCredentials {
+            user_id,
+            credentials: vec![],
+        }
+    };
 
     stored.credentials.push(passkey);
+    println!("Saving {} credential(s) for {}", stored.credentials.len(), username);
 
     if let Err(e) = save_credentials(&username, &stored) {
         println!("Failed to save credentials: {}", e);