017bcc9ce1
- Fix indentation - Split awkward initializer into separate methods - Rename credentials to passkeys - Simplify authenticator registry loading - Flatten nested errors under ActionPack::WebAuthn - Set passkey current params only requests that use it - Inline anemic methods - Replace custom validation with ActiveModel::Validation - Rename identity to holder in Passkey - Rename credentials to passkeys in JS - Extract framework library out of controllers - Pass params hashes down to ActionPack - Attempt to simplify public interface - Push data decoding down to the classes representing the data - Introduce has_passkeys - Add CBOR bigint support - Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey - Add create_passkey_button helper - Rename public-key to creation-options - Add sign_in_with_passkey_button helper - Dispatch events for the whole Passkey lifecycle - Add ED25519 support - Prevent crash on missing meta tag - Validate resident key options - Don't clobber existing ActionPack config options - Validate cryptographic params - Move CurrentWebAuthnRequest into ActionPack::Passkey - Use ActiveModel::Attributes for Options objects - Implement expiring challanges - Add lifecycle events - Extract param helpers into Request - Add passkey_creation_options and passkey_request_options helpers - Add create_passkey_challenge to make it easier to override the create method if needed - Prefix all view helpers with passkey_ - Auto-include ActionPack::Passkey::Holder - Make the passkey challange url configurable - Add a reminder about Passkeys to the magic link email
82 lines
2.5 KiB
Ruby
82 lines
2.5 KiB
Ruby
# = Action Pack Passkey Request
|
|
#
|
|
# Controller concern that sets up the WebAuthn request context and provides
|
|
# helper methods for passkey registration and authentication. Include this
|
|
# in any controller that handles passkey form submissions.
|
|
#
|
|
# == Registration example
|
|
#
|
|
# class PasskeysController < ApplicationController
|
|
# include ActionPack::Passkey::Request
|
|
#
|
|
# def new
|
|
# @creation_options = passkey_creation_options(holder: Current.user)
|
|
# end
|
|
#
|
|
# def create
|
|
# @passkey = ActionPack::Passkey.register(
|
|
# passkey_creation_params, holder: Current.user
|
|
# )
|
|
# redirect_to settings_path
|
|
# end
|
|
# end
|
|
#
|
|
# == Authentication example
|
|
#
|
|
# class SessionsController < ApplicationController
|
|
# include ActionPack::Passkey::Request
|
|
#
|
|
# def new
|
|
# @request_options = passkey_request_options
|
|
# end
|
|
#
|
|
# def create
|
|
# if passkey = ActionPack::Passkey.authenticate(passkey_request_params)
|
|
# sign_in passkey.holder
|
|
# redirect_to root_path
|
|
# else
|
|
# redirect_to new_session_path, alert: "Authentication failed"
|
|
# end
|
|
# end
|
|
# end
|
|
#
|
|
# == Before Action
|
|
#
|
|
# Automatically populates +ActionPack::WebAuthn::Current+ with the request
|
|
# host, origin, and challenge (read from the encrypted cookie set by
|
|
# ChallengesController). The cookie is deleted after being read to prevent
|
|
# replay.
|
|
#
|
|
module ActionPack::Passkey::Request
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
before_action do
|
|
ActionPack::WebAuthn::Current.host = request.host
|
|
ActionPack::WebAuthn::Current.origin = request.base_url
|
|
ActionPack::WebAuthn::Current.challenge = cookies.encrypted[ActionPack::Passkey::ChallengesController::COOKIE_NAME]
|
|
cookies.delete(ActionPack::Passkey::ChallengesController::COOKIE_NAME)
|
|
end
|
|
end
|
|
|
|
# Returns strong parameters for the passkey registration ceremony.
|
|
def passkey_creation_params(param: :passkey)
|
|
params.expect(param => [ :client_data_json, :attestation_object, transports: [] ])
|
|
end
|
|
|
|
# Returns strong parameters for the passkey authentication ceremony.
|
|
def passkey_request_params(param: :passkey)
|
|
params.expect(param => [ :id, :client_data_json, :authenticator_data, :signature ])
|
|
end
|
|
|
|
# Returns RequestOptions for the authentication ceremony.
|
|
def passkey_request_options(**options)
|
|
ActionPack::Passkey.request_options(**options)
|
|
end
|
|
|
|
# Returns CreationOptions for the registration ceremony.
|
|
def passkey_creation_options(**options)
|
|
ActionPack::Passkey.creation_options(**options)
|
|
end
|
|
end
|