From 25a71d913f8309e3a7bc36cb2e806d348e610ee9 Mon Sep 17 00:00:00 2001
From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com>
Date: Sun, 18 Jan 2026 15:23:21 +0100
Subject: [PATCH] use email instead of empty name for webauhn (#6733)

* if empty use email instead of name for webauhn

* use email as display name if name is empty
---
 src/api/core/organizations.rs       | 2 +-
 src/api/core/two_factor/webauthn.rs | 2 +-
 src/api/identity.rs                 | 4 ++--
 src/db/models/user.rs               | 9 +++++++++
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 285945eb..356d7786 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -3207,7 +3207,7 @@ async fn put_reset_password(
 
     // Sending email before resetting password to ensure working email configuration and the resulting
     // user notification. Also this might add some protection against security flaws and misuse
-    if let Err(e) = mail::send_admin_reset_password(&user.email, &user.name, &org.name).await {
+    if let Err(e) = mail::send_admin_reset_password(&user.email, user.display_name(), &org.name).await {
         err!(format!("Error sending user reset password email: {e:#?}"));
     }
 
diff --git a/src/api/core/two_factor/webauthn.rs b/src/api/core/two_factor/webauthn.rs
index 3b88302c..b10a5ded 100644
--- a/src/api/core/two_factor/webauthn.rs
+++ b/src/api/core/two_factor/webauthn.rs
@@ -144,7 +144,7 @@ async fn generate_webauthn_challenge(data: Json<PasswordOrOtpData>, headers: Hea
     let (mut challenge, state) = WEBAUTHN.start_passkey_registration(
         Uuid::from_str(&user.uuid).expect("Failed to parse UUID"), // Should never fail
         &user.email,
-        &user.name,
+        user.display_name(),
         Some(registrations),
     )?;
 
diff --git a/src/api/identity.rs b/src/api/identity.rs
index 722b3eab..9eaa6b36 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -266,7 +266,7 @@ async fn _sso_login(
         Some((user, _)) if !user.enabled => {
             err!(
                 "This user has been disabled",
-                format!("IP: {}. Username: {}.", ip.ip, user.name),
+                format!("IP: {}. Username: {}.", ip.ip, user.display_name()),
                 ErrorEvent {
                     event: EventType::UserFailedLogIn
                 }
@@ -521,7 +521,7 @@ async fn authenticated_response(
         result["TwoFactorToken"] = Value::String(token);
     }
 
-    info!("User {} logged in successfully. IP: {}", &user.name, ip.ip);
+    info!("User {} logged in successfully. IP: {}", user.display_name(), ip.ip);
     Ok(Json(result))
 }
 
diff --git a/src/db/models/user.rs b/src/db/models/user.rs
index c96e0fe7..e88c7296 100644
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@@ -231,6 +231,15 @@ impl User {
     pub fn reset_stamp_exception(&mut self) {
         self.stamp_exception = None;
     }
+
+    pub fn display_name(&self) -> &str {
+        // default to email if name is empty
+        if !&self.name.is_empty() {
+            &self.name
+        } else {
+            &self.email
+        }
+    }
 }
 
 /// Database methods