2 changed files with 14 additions and 25 deletions
--- a/flake.nix
+++ b/flake.nix
@ -142,8 +142,6 @@
                                Environment = [
                                    "RUST_LOG=info"
                                    "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-                                    "TAPO_USERNAME=mechemjack@gmail.com"
-                                    "TAPO_PASSWORD=Jackkcaj123$"
                                ];
                                AmbientCapabilities = [ "CAP_DAC_READ_SEARCH" ];
                                CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
--- a/src/auth.rs
+++ b/src/auth.rs
@ -244,8 +244,6 @@ pub async fn post_login(
        }
    };

-    println!("Authentication: {} credential(s) found for {}", stored.credentials.len(), username);
-
    let (rcr, auth_state) = match state
        .webauthn
        .start_securitykey_authentication(&stored.credentials)
@ -334,11 +332,19 @@ pub async fn post_register_start(
        return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response();
    }

-    let user_id = Uuid::new_v4();
+    let stored = load_credentials(&username);
+    let user_id = stored.as_ref().map(|s| s.user_id).unwrap_or_else(Uuid::new_v4);
+
+    let exclude: Option<Vec<CredentialID>> = stored.as_ref().map(|s| {
+        s.credentials
+            .iter()
+            .map(|c| c.cred_id().clone())
+            .collect()
+    });

    let (ccr, reg_state) = match state
        .webauthn
-        .start_securitykey_registration(user_id, &username, &username, None, None, None)
+        .start_securitykey_registration(user_id, &username, &username, exclude, None, None)
    {
        Ok(r) => r,
        Err(e) => {
@ -398,27 +404,12 @@ pub async fn post_register_finish(
        }
    };

-    let path = std::path::PathBuf::from(CREDENTIAL_DIR).join(format!("{}.json", username));
-    let mut stored = if path.exists() {
-        match load_credentials(&username) {
-            Some(s) => {
-                println!("Loaded {} existing credential(s) for {}", s.credentials.len(), username);
-                s
-            }
-            None => {
-                println!("ERROR: credential file exists for {} but could not be parsed — refusing to overwrite", username);
-                return (StatusCode::INTERNAL_SERVER_ERROR, "Failed to read existing credentials").into_response();
-            }
-        }
-    } else {
-        StoredCredentials {
-            user_id,
-            credentials: vec![],
-        }
-    };
+    let mut stored = load_credentials(&username).unwrap_or(StoredCredentials {
+        user_id,
+        credentials: vec![],
+    });

    stored.credentials.push(passkey);
-    println!("Saving {} credential(s) for {}", stored.credentials.len(), username);

    if let Err(e) = save_credentials(&username, &stored) {
        println!("Failed to save credentials: {}", e);