Merge pull request #1032 from supertokens/fix/fix-webauthn-register-credential

fix: Use correct recipeUserId when registering a WebAuthn credential

Author: porcellus

lib/build/recipe/webauthn/api/implementation.js

@@ -1078,29 +1078,28 @@ export default function getAPIImplementation(): APIInterface {
                 return generatedOptions;
             }
 
-            const email = generatedOptions.email;
-            if (email !== loginMethod.email) {
-                return {
-                    status: "GENERAL_ERROR",
-                    message: "Email mismatch",
-                };
-            }
-
             // NOTE: Following checks will likely never throw an error as the
             // check for type is done in a parent function but they are kept
             // here to be on the safe side.
-            if (!email) {
+            if (!generatedOptions.email) {
                 throw new Error(
                     "Should never come here since we already check that the email value is a string in validateEmailAddress"
                 );
             }
 
+            if (generatedOptions.email !== loginMethod.email) {
+                return {
+                    status: "GENERAL_ERROR",
+                    message: "Email mismatch",
+                };
+            }
+
             // we are using the email from the register options
             const registerCredentialResponse = await options.recipeImplementation.registerCredential({
                 webauthnGeneratedOptionsId,
                 credential,
                 userContext,
-                recipeUserId: session.getRecipeUserId().getAsString(),
+                recipeUserId,
             });
 
             if (registerCredentialResponse.status !== "OK") {