Add passkey (WebAuthn) authentication support

Enable passwordless login via passkeys as an alternative to password auth.
Users register passkeys from Settings; the login page offers both options.
WebAuthn is optional — only active when WEBAUTHN_RP_ID and WEBAUTHN_ORIGIN
env vars are set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/internal/auth/handlers_test.go b/internal/auth/handlers_test.go
index 128ae80..aed0e90 100644
--- a/internal/auth/handlers_test.go
+++ b/internal/auth/handlers_test.go
@@ -26,7 +26,7 @@ func TestHandleLogin(t *testing.T) {
 	sessionManager := scs.New()
 	templates := template.Must(template.New("login.html").Parse("{{.Error}}"))
 
-	handlers := NewHandlers(service, sessionManager, templates)
+	handlers := NewHandlers(service, sessionManager, templates, nil)
 
 	// Setup mock user
 	password := "password"
@@ -74,7 +74,7 @@ func TestHandleLogin_InvalidCredentials(t *testing.T) {
 	sessionManager := scs.New()
 	templates := template.Must(template.New("login.html").Parse("{{.Error}}"))
 
-	handlers := NewHandlers(service, sessionManager, templates)
+	handlers := NewHandlers(service, sessionManager, templates, nil)
 
 	mock.ExpectQuery("SELECT id, username, password_hash, created_at FROM users WHERE username = ?").
 		WithArgs("testuser").