remove fallbackPasskeyLabel

benbjurstrom · benbjurstrom · commit 36a2cc937ea5 · 2026-04-21T10:09:40.000-07:00
diff --git a/src/PasskeyAuthenticatable.php b/src/PasskeyAuthenticatable.php
@@ -55,35 +55,25 @@ public function getPasskeyUserHandle(): string
      *
      * Shown prominently in authenticator UIs (registration prompts,
      * account pickers, password manager entries). Falls back from
-     * `name` to `email` to an opaque label derived from the user
-     * handle when those columns are absent.
+     * `name` to `email` to the auth identifier when columns are absent.
      */
     public function getPasskeyDisplayName(): string
     {
         return $this->getAttribute('name')
             ?? $this->getAttribute('email')
-            ?? $this->fallbackPasskeyLabel();
+            ?? (string) $this->getAuthIdentifier();
     }
 
     /**
      * Get the username for WebAuthn registration.
      *
      * Used as the account identifier in authenticator UIs, typically
      * rendered as the subtitle beneath the display name. Falls back
-     * to an opaque label derived from the user handle when `email`
-     * is absent.
+     * from `email` to the auth identifier when the column is absent.
      */
     public function getPasskeyUsername(): string
     {
         return $this->getAttribute('email')
-            ?? $this->fallbackPasskeyLabel();
-    }
-
-    /**
-     * An opaque, stable label used when no name or email is available.
-     */
-    protected function fallbackPasskeyLabel(): string
-    {
-        return 'user-'.substr(bin2hex($this->getPasskeyUserHandle()), 0, 10);
+            ?? (string) $this->getAuthIdentifier();
     }
 }
diff --git a/tests/Feature/PasskeyAuthenticatableTest.php b/tests/Feature/PasskeyAuthenticatableTest.php
@@ -38,20 +38,16 @@
     expect($user->getPasskeyUsername())->toBe('only@example.com');
 });
 
-it('falls back to an opaque label when email is absent', function (): void {
-    config(['passkeys.user_handle_secret' => 'test-secret']);
-
+it('falls back to the auth identifier when email is absent', function (): void {
     Schema::create('bare_users', function (Blueprint $table): void {
         $table->id();
         $table->timestamps();
     });
 
     $user = BareUser::create();
-    $expected = 'user-'.substr(bin2hex($user->getPasskeyUserHandle()), 0, 10);
 
-    expect($user->getPasskeyDisplayName())->toBe($expected);
-    expect($user->getPasskeyUsername())->toBe($expected);
-    expect($expected)->not->toContain((string) $user->id);
+    expect($user->getPasskeyDisplayName())->toBe((string) $user->id);
+    expect($user->getPasskeyUsername())->toBe((string) $user->id);
 });
 
 it('returns the same handle across fresh model instances', function (): void {

Original file line number	Diff line number	Diff line change
`@@ -55,35 +55,25 @@ public function getPasskeyUserHandle(): string`
`55`	`55`	`*`
`56`	`56`	`* Shown prominently in authenticator UIs (registration prompts,`
`57`	`57`	`* account pickers, password manager entries). Falls back from`
`58`		- * `name` to `email` to an opaque label derived from the user
`59`		`- * handle when those columns are absent.`
	`58`	+ * `name` to `email` to the auth identifier when columns are absent.
`60`	`59`	`*/`
`61`	`60`	`public function getPasskeyDisplayName(): string`
`62`	`61`	`{`
`63`	`62`	`return $this->getAttribute('name')`
`64`	`63`	`?? $this->getAttribute('email')`
`65`		`- ?? $this->fallbackPasskeyLabel();`
	`64`	`+ ?? (string) $this->getAuthIdentifier();`
`66`	`65`	`}`
`67`	`66`
`68`	`67`	`/**`
`69`	`68`	`* Get the username for WebAuthn registration.`
`70`	`69`	`*`
`71`	`70`	`* Used as the account identifier in authenticator UIs, typically`
`72`	`71`	`* rendered as the subtitle beneath the display name. Falls back`
`73`		- * to an opaque label derived from the user handle when `email`
`74`		`- * is absent.`
	`72`	+ * from `email` to the auth identifier when the column is absent.
`75`	`73`	`*/`
`76`	`74`	`public function getPasskeyUsername(): string`
`77`	`75`	`{`
`78`	`76`	`return $this->getAttribute('email')`
`79`		`- ?? $this->fallbackPasskeyLabel();`
`80`		`- }`
`81`		`-`
`82`		`- /**`
`83`		`- * An opaque, stable label used when no name or email is available.`
`84`		`- */`
`85`		`- protected function fallbackPasskeyLabel(): string`
`86`		`- {`
`87`		`- return 'user-'.substr(bin2hex($this->getPasskeyUserHandle()), 0, 10);`
	`77`	`+ ?? (string) $this->getAuthIdentifier();`
`88`	`78`	`}`
`89`	`79`	`}`