- Add setupTokens database table with proper schema
- Implement setup token generation on first server startup
- Add token validation endpoint and modify admin creation
- Update initial setup page to require setup token
- Add migration scripts for both SQLite and PostgreSQL
- Add internationalization support for setup token fields
- Implement proper error handling and logging
- Add CLI command for resetting user security keys
This prevents unauthorized access during initial server setup by requiring
a token that is generated and displayed in the server console.
- Fix login to verify password before showing security key prompt
- Add proper 2FA verification flow when deleting security keys
Previously, users with security keys would see the security key prompt
even if they entered an incorrect password. Now the password is verified
first. Additionally, security key deletion now properly handles 2FA
verification when enabled.
- Add password verification requirement when registering passkeys
- Add password verification requirement when deleting passkeys
- Add support for 2FA verification if enabled
- Add new delete confirmation dialog with password field
- Add recommendation message when only one passkey is registered
- Improve dialog styling and user experience
- Fix type issues with WebAuthn credential descriptors
Security: This change ensures that sensitive passkey operations require
password verification, similar to 2FA management, preventing unauthorized
modifications to authentication methods.
- Renamed table for consistency with webauthnCredentials
- Created migration script 1.8.1.ts for table rename
- Updated schema definitions in SQLite and PostgreSQL
- Maintains WebAuthn standard naming convention
