From caf0b05438f777a75679b5de453c6ff9e0f51e22 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sat, 20 Dec 2025 03:09:53 +0100
Subject: [PATCH 1/5] Fix webauthn error checking

Fixes: https://github.com/go-gitea/gitea/issues/36217
---
 web_src/js/features/user-auth-webauthn.ts | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/web_src/js/features/user-auth-webauthn.ts b/web_src/js/features/user-auth-webauthn.ts
index 6de84e94e0d66..bd82078bb1fb3 100644
--- a/web_src/js/features/user-auth-webauthn.ts
+++ b/web_src/js/features/user-auth-webauthn.ts
@@ -11,7 +11,8 @@ export async function initUserAuthWebAuthn() {
     return;
   }
 
-  if (!detectWebAuthnSupport()) {
+  const errorType = detectWebAuthnSupport();
+  if (errorType) {
     if (elSignInPasskeyBtn) hideElem(elSignInPasskeyBtn);
     return;
   }
@@ -194,25 +195,25 @@ function webAuthnError(errorType: string, message:string = '') {
   showElem('#webauthn-error');
 }
 
-function detectWebAuthnSupport() {
+function detectWebAuthnSupport(): string {
   if (!window.isSecureContext) {
-    webAuthnError('insecure');
-    return false;
+    return 'insecure';
   }
 
   if (typeof window.PublicKeyCredential !== 'function') {
-    webAuthnError('browser');
-    return false;
+    return 'browser';
   }
 
-  return true;
+  return '';
 }
 
 export function initUserAuthWebAuthnRegister() {
   const elRegister = document.querySelector<HTMLInputElement>('#register-webauthn');
   if (!elRegister) return;
 
-  if (!detectWebAuthnSupport()) {
+  const errorType = detectWebAuthnSupport();
+  if (errorType) {
+    webAuthnError(errorType);
     elRegister.disabled = true;
     return;
   }

From 6d58db58ae521fc3509f54489a0fe2f346525e23 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sat, 20 Dec 2025 03:24:56 +0100
Subject: [PATCH 2/5] add doc

---
 web_src/js/features/user-auth-webauthn.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web_src/js/features/user-auth-webauthn.ts b/web_src/js/features/user-auth-webauthn.ts
index bd82078bb1fb3..085d0f0a9de4d 100644
--- a/web_src/js/features/user-auth-webauthn.ts
+++ b/web_src/js/features/user-auth-webauthn.ts
@@ -195,6 +195,7 @@ function webAuthnError(errorType: string, message:string = '') {
   showElem('#webauthn-error');
 }
 
+/** Returns the error type or the empty string when there was no error. */
 function detectWebAuthnSupport(): string {
   if (!window.isSecureContext) {
     return 'insecure';

From 67a5b9238737cad7969e59ae001d9d4d306e376e Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sat, 20 Dec 2025 03:50:54 +0100
Subject: [PATCH 3/5] add ErrorType

---
 web_src/js/features/user-auth-webauthn.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/web_src/js/features/user-auth-webauthn.ts b/web_src/js/features/user-auth-webauthn.ts
index 085d0f0a9de4d..a3a4cd4b3faf0 100644
--- a/web_src/js/features/user-auth-webauthn.ts
+++ b/web_src/js/features/user-auth-webauthn.ts
@@ -4,6 +4,10 @@ import {GET, POST} from '../modules/fetch.ts';
 
 const {appSubUrl} = window.config;
 
+/* One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element.
+   The empty string means there is no error. */
+type ErrorType = 'general' | 'insecure' | 'browser' | 'unable-to-process' | 'duplicated' | 'unknown' | '';
+
 export async function initUserAuthWebAuthn() {
   const elPrompt = document.querySelector('.user.signin.webauthn-prompt');
   const elSignInPasskeyBtn = document.querySelector('.signin-passkey');
@@ -178,7 +182,7 @@ async function webauthnRegistered(newCredential: any) { // TODO: Credential type
   window.location.reload();
 }
 
-function webAuthnError(errorType: string, message:string = '') {
+function webAuthnError(errorType: ErrorType, message:string = '') {
   const elErrorMsg = document.querySelector(`#webauthn-error-msg`)!;
 
   if (errorType === 'general') {
@@ -196,7 +200,7 @@ function webAuthnError(errorType: string, message:string = '') {
 }
 
 /** Returns the error type or the empty string when there was no error. */
-function detectWebAuthnSupport(): string {
+function detectWebAuthnSupport(): ErrorType {
   if (!window.isSecureContext) {
     return 'insecure';
   }

From 764ab4cbec9635c462771e0e2a0832cfe5bba449 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sat, 20 Dec 2025 03:54:05 +0100
Subject: [PATCH 4/5] docstring

---
 web_src/js/features/user-auth-webauthn.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web_src/js/features/user-auth-webauthn.ts b/web_src/js/features/user-auth-webauthn.ts
index a3a4cd4b3faf0..9582e8908ea45 100644
--- a/web_src/js/features/user-auth-webauthn.ts
+++ b/web_src/js/features/user-auth-webauthn.ts
@@ -4,8 +4,8 @@ import {GET, POST} from '../modules/fetch.ts';
 
 const {appSubUrl} = window.config;
 
-/* One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element.
-   The empty string means there is no error. */
+/** One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element.
+    The empty string means there is no error. */
 type ErrorType = 'general' | 'insecure' | 'browser' | 'unable-to-process' | 'duplicated' | 'unknown' | '';
 
 export async function initUserAuthWebAuthn() {

From 5abbd8209ba98e829fea37216ad486ea77e9e144 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Sat, 20 Dec 2025 03:56:12 +0100
Subject: [PATCH 5/5] use null

---
 web_src/js/features/user-auth-webauthn.ts | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/web_src/js/features/user-auth-webauthn.ts b/web_src/js/features/user-auth-webauthn.ts
index 9582e8908ea45..774d41dce0f42 100644
--- a/web_src/js/features/user-auth-webauthn.ts
+++ b/web_src/js/features/user-auth-webauthn.ts
@@ -4,9 +4,8 @@ import {GET, POST} from '../modules/fetch.ts';
 
 const {appSubUrl} = window.config;
 
-/** One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element.
-    The empty string means there is no error. */
-type ErrorType = 'general' | 'insecure' | 'browser' | 'unable-to-process' | 'duplicated' | 'unknown' | '';
+/** One of the possible values for the `data-webauthn-error-msg` attribute on the webauthn error message element */
+type ErrorType = 'general' | 'insecure' | 'browser' | 'unable-to-process' | 'duplicated' | 'unknown';
 
 export async function initUserAuthWebAuthn() {
   const elPrompt = document.querySelector('.user.signin.webauthn-prompt');
@@ -199,8 +198,8 @@ function webAuthnError(errorType: ErrorType, message:string = '') {
   showElem('#webauthn-error');
 }
 
-/** Returns the error type or the empty string when there was no error. */
-function detectWebAuthnSupport(): ErrorType {
+/** Returns the error type or `null` when there was no error. */
+function detectWebAuthnSupport(): ErrorType | null {
   if (!window.isSecureContext) {
     return 'insecure';
   }
@@ -209,7 +208,7 @@ function detectWebAuthnSupport(): ErrorType {
     return 'browser';
   }
 
-  return '';
+  return null;
 }
 
 export function initUserAuthWebAuthnRegister() {