Change challange expiration based on purpose

This commit is contained in:
Stanko K.R.
2026-03-25 17:31:42 +01:00
parent 6ba1814f26
commit 01d66a9463
3 changed files with 60 additions and 6 deletions
@@ -18,7 +18,9 @@
class ActionPack::Passkey::ChallengesController < ActionController::Base
include ActionPack::Passkey::Request
# Generates a fresh challenge and returns it as JSON.
# Generates a fresh challenge and returns it as JSON. Accepts an optional
# +purpose+ parameter ("registration" or "authentication") to select the
# appropriate challenge expiration. Defaults to "authentication".
def create
render json: { challenge: create_passkey_challenge }
end
@@ -26,7 +28,17 @@ class ActionPack::Passkey::ChallengesController < ActionController::Base
private
def create_passkey_challenge
ActionPack::WebAuthn::PublicKeyCredential::Options.new(
challenge_expiration: Rails.configuration.action_pack.web_authn.request_challenge_expiration
challenge_expiration: challenge_expiration
).challenge
end
def challenge_expiration
config = Rails.configuration.action_pack.web_authn
if params[:purpose] == "registration"
config.creation_challenge_expiration
else
config.request_challenge_expiration
end
end
end