Skip to content

Enable GitHub credential logging by default for all deployments #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rainzhang05 merged 3 commits into from
Nov 25, 2025
Merged

Enable GitHub credential logging by default for all deployments #164

rainzhang05 merged 3 commits into from
Nov 25, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 25, 2025
edited
Loading

Local deployments (webauthndev.ftsafe.com) were not sending credential logs to GitHub because is_logging_enabled() only auto-enabled for Render and Google Cloud environments.

Changes

  • server/server/github_client.py: Modified is_logging_enabled() to return True by default instead of only for hosted platforms
  • server/server/device_logs.py: Added attestation check fields (signature_valid, root_valid, rp_id_hash_valid, aaguid_match) to the RegistrationEvent dataclass and log payload
  • server/server/routes/simple.py: Updated RegistrationEvent creation to include the attestation check values
  • tests/test_github_client.py: Added test coverage for the logging enabled behavior
  • tests/test_device_logs.py: Updated tests to verify attestation check fields are included in the log payload

Behavior

# Before: logging disabled unless on Render/GCP
is_logging_enabled()  # False on local deployments

# After: logging enabled by default, explicit opt-out available
is_logging_enabled()  # True everywhere
# Set ENABLE_GITHUB_LOGGING=false to disable

Logging still requires GITHUB_TOKEN to be configured—calls fail gracefully if missing.

Log Payload

Each credential log now includes the following attestation validation fields:

  • signature_valid - Whether the attestation signature is valid
  • root_valid - Whether the attestation root certificate is valid
  • rp_id_hash_valid - Whether the RP ID hash matches
  • aaguid_match - Whether the AAGUID matches the expected value
Original prompt

Currently the credentials that are registered through local deployed build on an Ubuntu server is not sending to the webauthn log GitHub repository. I want you to modify so that all of the logs that are not from render or google cloud deployment (webauthnlab.tech) will be recognized as from webauthndev.ftsafe.com, local deployment also count because I am actually deploying on local Ubuntu server.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Update webauthn log recognition for local deployments Enable GitHub credential logging by default for all deployments Nov 25, 2025
Copilot AI requested a review from rainzhang05 November 25, 2025 07:02
@rainzhang05
Copy link
Collaborator

rainzhang05 commented Nov 25, 2025

@copilot Also, for all logs that are sent, include the value for signatureValid, rootValid, rpIDhash valid, and aaguid match booleans

@rainzhang05
Add attestation check fields (signature_valid, root_valid, rp_id_hash…
64eb440 
…_valid, aaguid_match) to log payload

Co-authored-by: rainzhang05 <[email protected]>
Copy link
Contributor Author

Copilot AI commented Nov 25, 2025

@copilot Also, for all logs that are sent, include the value for signatureValid, rootValid, rpIDhash valid, and aaguid match booleans

Added the attestation check fields to the log payload in commit 64eb440. The logs now include:

  • signature_valid
  • root_valid
  • rp_id_hash_valid
  • aaguid_match

@rainzhang05 rainzhang05 marked this pull request as ready for review November 25, 2025 07:10
@rainzhang05 rainzhang05 merged commit fb88c1a into main Nov 25, 2025
2 checks passed
@rainzhang05 rainzhang05 deleted the copilot/update-webauthn-logs-recognition branch November 25, 2025 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rainzhang05 rainzhang05 Awaiting requested review from rainzhang05 rainzhang05 is a code owner

Assignees

@rainzhang05 rainzhang05

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rainzhang05