From b2e084db33eaaaf393667faabf8c69f252b8b23c Mon Sep 17 00:00:00 2001
From: Cory Hawklvelt <cory@hawkvelt.id.au>
Date: Fri, 16 Jan 2026 11:34:40 +1030
Subject: [PATCH] fix(webauthn): ensure provider_data JSON changes are detected
 by SQLAlchemy

Add flag_modified() calls after modifying provider_data dictionary to
explicitly mark the field as changed. SQLAlchemy does not automatically
track mutations to JSON fields, which could result in changes not being
persisted to the database.
---
 gatehouse_app/services/webauthn_service.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gatehouse_app/services/webauthn_service.py b/gatehouse_app/services/webauthn_service.py
index db16612..79ea50a 100644
--- a/gatehouse_app/services/webauthn_service.py
+++ b/gatehouse_app/services/webauthn_service.py
@@ -7,6 +7,7 @@ import json
 from datetime import datetime, timedelta, timezone
 from typing import Optional, Dict, Any, List
 from flask import current_app
+from sqlalchemy.orm.attributes import flag_modified
 
 from gatehouse_app.extensions import db, redis_client
 from gatehouse_app.models.user import User
@@ -557,6 +558,9 @@ class WebAuthnService:
             auth_method.provider_data["last_used_at"] = datetime.now(timezone.utc).isoformat()
             auth_method.last_used_at = datetime.now(timezone.utc)
             
+            # Flag provider_data as modified so SQLAlchemy detects the JSON change
+            flag_modified(auth_method, "provider_data")
+            
             db.session.commit()
             
             # Log audit event
@@ -665,6 +669,10 @@ class WebAuthnService:
         
         # Update name
         auth_method.provider_data["name"] = name
+        
+        # Flag provider_data as modified so SQLAlchemy detects the JSON change
+        flag_modified(auth_method, "provider_data")
+        
         db.session.commit()
         
         # Log audit event