diff --git a/app/controllers/sessions/passkeys_controller.rb b/app/controllers/sessions/passkeys_controller.rb index 4dc087986..f6a24ceff 100644 --- a/app/controllers/sessions/passkeys_controller.rb +++ b/app/controllers/sessions/passkeys_controller.rb @@ -6,7 +6,7 @@ class Sessions::PasskeysController < ApplicationController rate_limit to: 10, within: 3.minutes, only: :create, with: :rate_limit_exceeded def create - if credential = ActionPack::Passkey.authenticate(passkey_request_params) + if credential = ActionPack::Passkey.authenticate(passkey_authentication_params) start_new_session_for credential.holder respond_to do |format| diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index cfbb778f2..0db617d04 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -8,7 +8,7 @@ class SessionsController < ApplicationController layout "public" def new - @request_options = passkey_request_options + @authentication_options = passkey_authentication_options end def create diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb index 566706f4e..c44980e54 100644 --- a/app/views/sessions/new.html.erb +++ b/app/views/sessions/new.html.erb @@ -22,7 +22,7 @@ <% end %> - <%= passkey_sign_in_button "Sign in with a passkey", session_passkey_path, options: @request_options, mediation: "conditional", class: "btn btn--link center txt-medium", hidden: true %> + <%= passkey_sign_in_button "Sign in with a passkey", session_passkey_path, options: @authentication_options, mediation: "conditional", class: "btn btn--link center txt-medium", hidden: true %> diff --git a/lib/action_pack/passkey.rb b/lib/action_pack/passkey.rb index 81fa67190..7b81075af 100644 --- a/lib/action_pack/passkey.rb +++ b/lib/action_pack/passkey.rb @@ -18,7 +18,7 @@ # Generate options for the browser's +navigator.credentials.get()+ call, then authenticate the # response: # -# options = ActionPack::Passkey.request_options +# options = ActionPack::Passkey.authentication_options # # Pass options to the browser # # passkey = ActionPack::Passkey.authenticate(params[:passkey]) @@ -62,10 +62,10 @@ class ActionPack::Passkey < Rails.configuration.action_pack.passkey.parent_class # +navigator.credentials.get()+ call. When a +holder+ is provided, their existing credentials # are included so the browser can offer them for selection. Merges global defaults, holder # options, and any additional +options+ overrides. - def request_options(holder: nil, **options) + def authentication_options(holder: nil, **options) ActionPack::WebAuthn::PublicKeyCredential.request_options( **Rails.configuration.action_pack.web_authn.default_request_options.to_h, - **holder&.passkey_request_options.to_h, + **holder&.passkey_authentication_options.to_h, **options ) end diff --git a/lib/action_pack/passkey/holder.rb b/lib/action_pack/passkey/holder.rb index 6db8200ca..e6d936a9e 100644 --- a/lib/action_pack/passkey/holder.rb +++ b/lib/action_pack/passkey/holder.rb @@ -10,7 +10,7 @@ # model that supply holder-specific options for the WebAuthn ceremonies: # # - +passkey_registration_options+ — merged into ActionPack::Passkey.registration_options -# - +passkey_request_options+ — merged into ActionPack::Passkey.request_options +# - +passkey_authentication_options+ — merged into ActionPack::Passkey.authentication_options # # == Options # @@ -32,14 +32,14 @@ # # has_passkeys do |config| # config.registration_options { { name: email, display_name: name } } -# config.request_options { { user_verification: "required" } } +# config.authentication_options { { user_verification: "required" } } # end module ActionPack::Passkey::Holder extend ActiveSupport::Concern class_methods do # Declares that this model can hold passkeys. Sets up a polymorphic +has_many+ association - # and defines +passkey_registration_options+ and +passkey_request_options+ instance methods used + # and defines +passkey_registration_options+ and +passkey_authentication_options+ instance methods used # by ActionPack::Passkey to build ceremony options. # # Keyword arguments matching CreationOptions or RequestOptions fields are extracted and @@ -61,8 +61,8 @@ module ActionPack::Passkey::Holder }.merge(config.evaluate_registration_options(self)) end - define_method(:passkey_request_options) do - { credentials: public_send(config.association_name) }.merge(config.evaluate_request_options(self)) + define_method(:passkey_authentication_options) do + { credentials: public_send(config.association_name) }.merge(config.evaluate_authentication_options(self)) end end end @@ -81,15 +81,15 @@ module ActionPack::Passkey::Holder end if request_opts = extract_options_for(ActionPack::WebAuthn::PublicKeyCredential::RequestOptions, options) - @request_options = options_to_proc(request_opts) + @authentication_options = options_to_proc(request_opts) end end - # Sets a block to evaluate in the holder's context to produce additional request options. + # Sets a block to evaluate in the holder's context to produce additional authentication options. # - # config.request_options { { user_verification: "required" } } - def request_options(&block) - @request_options = block + # config.authentication_options { { user_verification: "required" } } + def authentication_options(&block) + @authentication_options = block end # Sets a block to evaluate in the holder's context to produce additional creation options. @@ -100,10 +100,10 @@ module ActionPack::Passkey::Holder end # Evaluates the request options block (if any) in the context of the given +record+. Called - # internally by the +passkey_request_options+ method defined on the holder. - def evaluate_request_options(record) - if @request_options - record.instance_exec(&@request_options) + # internally by the +passkey_authentication_options+ method defined on the holder. + def evaluate_authentication_options(record) + if @authentication_options + record.instance_exec(&@authentication_options) else {} end diff --git a/lib/action_pack/passkey/request.rb b/lib/action_pack/passkey/request.rb index 74de1bc16..6591183fc 100644 --- a/lib/action_pack/passkey/request.rb +++ b/lib/action_pack/passkey/request.rb @@ -27,11 +27,11 @@ # include ActionPack::Passkey::Request # # def new -# @request_options = passkey_request_options +# @authentication_options = passkey_authentication_options # end # # def create -# if passkey = ActionPack::Passkey.authenticate(passkey_request_params) +# if passkey = ActionPack::Passkey.authenticate(passkey_authentication_params) # sign_in passkey.holder # redirect_to root_path # else @@ -61,13 +61,13 @@ module ActionPack::Passkey::Request end # Returns strong parameters for the passkey authentication ceremony. - def passkey_request_params(param: :passkey) + def passkey_authentication_params(param: :passkey) params.expect(param => [ :id, :client_data_json, :authenticator_data, :signature ]) end # Returns RequestOptions for the authentication ceremony. - def passkey_request_options(**options) - ActionPack::Passkey.request_options(**options) + def passkey_authentication_options(**options) + ActionPack::Passkey.authentication_options(**options) end # Returns RegistrationOptions for the registration ceremony. diff --git a/test/lib/action_pack/passkey_test.rb b/test/lib/action_pack/passkey_test.rb index a2c6ad934..3494ed3f5 100644 --- a/test/lib/action_pack/passkey_test.rb +++ b/test/lib/action_pack/passkey_test.rb @@ -17,7 +17,7 @@ class ActionPack::PasskeyTest < ActiveSupport::TestCase end test "authenticate with valid assertion" do - challenge = ActionPack::Passkey.request_options(credentials: [ @passkey ]).challenge + challenge = ActionPack::Passkey.authentication_options(credentials: [ @passkey ]).challenge assertion = build_assertion(challenge: challenge) result = @passkey.authenticate(assertion) @@ -26,7 +26,7 @@ class ActionPack::PasskeyTest < ActiveSupport::TestCase end test "authenticate returns nil with invalid signature" do - challenge = ActionPack::Passkey.request_options(credentials: [ @passkey ]).challenge + challenge = ActionPack::Passkey.authentication_options(credentials: [ @passkey ]).challenge assertion = build_assertion(challenge: challenge) assertion[:signature] = Base64.urlsafe_encode64("invalid", padding: false) @@ -34,7 +34,7 @@ class ActionPack::PasskeyTest < ActiveSupport::TestCase end test "authenticate updates sign count and backed_up" do - challenge = ActionPack::Passkey.request_options(credentials: [ @passkey ]).challenge + challenge = ActionPack::Passkey.authentication_options(credentials: [ @passkey ]).challenge assertion = build_assertion(challenge: challenge, sign_count: 5, backed_up: true) @passkey.authenticate(assertion)