asbiin · asbiin · Nov 6, 2025 · Nov 5, 2025 · Nov 6, 2025 · Nov 6, 2025
diff --git a/src/Models/WebauthnKey.php b/src/Models/WebauthnKey.php
@@ -19,7 +19,7 @@ class WebauthnKey extends Model
     /**
      * The attributes that aren't mass assignable.
      *
-     * @var string[]|bool
+     * @var array<string>
      */
     protected $guarded = ['id'];
 

diff --git a/src/Services/Webauthn.php b/src/Services/Webauthn.php
@@ -180,10 +180,12 @@ public static function enabled(User $user): bool
 
     /**
      * Test if the user can register a new key.
+     *
+     * @psalm-suppress PossiblyUnusedParam
      */
     public static function canRegister(User $user): bool
     {
-        return static::webauthnEnabled() && (! static::enabled($user) || static::check());
+        return static::webauthnEnabled();
     }
 
     /**

diff --git a/src/Services/Webauthn/CreationOptionsFactory.php b/src/Services/Webauthn/CreationOptionsFactory.php
@@ -27,7 +27,8 @@ public function __construct(
         Config $config,
         protected PublicKeyCredentialRpEntity $publicKeyCredentialRpEntity,
         protected AuthenticatorSelectionCriteria $authenticatorSelectionCriteria,
-        protected CoseAlgorithmManager $algorithmManager
+        protected CoseAlgorithmManager $algorithmManager,
+        protected CredentialRepository $repository
     ) {
         parent::__construct($request, $cache, $config);
         $this->attestationConveyance = $config->get('webauthn.attestation_conveyance', 'none');
@@ -82,6 +83,6 @@ private function createCredentialParameters(): array
      */
     protected function getExcludedCredentials(User $user): array
     {
-        return CredentialRepository::getRegisteredKeys($user);
+        return $this->repository->getRegisteredKeys($user);
     }
 }
diff --git a/src/Services/Webauthn/CredentialRepository.php b/src/Services/Webauthn/CredentialRepository.php
@@ -15,7 +15,7 @@ class CredentialRepository
      *
      * @return Collection<array-key,PublicKeyCredentialSource>
      */
-    protected static function getAllRegisteredKeys(int|string $userId): Collection
+    protected function getAllRegisteredKeys(int|string $userId): Collection
     {
         return (Webauthn::model())::where('user_id', $userId)
             ->get()
@@ -28,9 +28,9 @@ protected static function getAllRegisteredKeys(int|string $userId): Collection
      *
      * @return array<array-key,PublicKeyCredentialDescriptor>
      */
-    public static function getRegisteredKeys(User $user): array
+    public function getRegisteredKeys(User $user): array
     {
-        return static::getAllRegisteredKeys($user->getAuthIdentifier())
+        return $this->getAllRegisteredKeys($user->getAuthIdentifier())
             ->map
             ->getPublicKeyCredentialDescriptor()
             ->toArray();

diff --git a/src/Services/Webauthn/RequestOptionsFactory.php b/src/Services/Webauthn/RequestOptionsFactory.php
@@ -21,7 +21,8 @@ public function __construct(
         Request $request,
         Cache $cache,
         Config $config,
-        protected PublicKeyCredentialRpEntity $publicKeyCredentialRpEntity
+        protected PublicKeyCredentialRpEntity $publicKeyCredentialRpEntity,
+        protected CredentialRepository $repository
     ) {
         parent::__construct($request, $cache, $config);
         $this->userVerification = self::getUserVerification($config);
@@ -60,7 +61,7 @@ private static function getUserVerification(Config $config): ?string
      */
     private function getAllowedCredentials(?User $user): array
     {
-        return $user !== null ? CredentialRepository::getRegisteredKeys($user) : [];
+        return $user !== null ? $this->repository->getRegisteredKeys($user) : [];
     }
 
     /**

diff --git a/tests/Unit/Services/Webauthn/CredentialRepositoryTest.php b/tests/Unit/Services/Webauthn/CredentialRepositoryTest.php
@@ -19,7 +19,7 @@ public function it_returns_an_empty_array_when_no_keys_are_registered()
 
         $this->assertEmpty(WebauthnKey::all());
 
-        $this->assertEquals([], CredentialRepository::getRegisteredKeys($user));
+        $this->assertEquals([], (new CredentialRepository)->getRegisteredKeys($user));
     }
 
     #[Test]
@@ -34,7 +34,7 @@ public function it_returns_an_array_with_the_keys()
             'credentialId' => '1',
         ]);
 
-        $keys = CredentialRepository::getRegisteredKeys($user);
+        $keys = (new CredentialRepository)->getRegisteredKeys($user);
         $this->assertCount(1, $keys);
         $this->assertEquals('{"type":"public-key","id":"1","transports":[]}', json_encode($keys[0], JSON_THROW_ON_ERROR));
     }