017bcc9ce1
- Fix indentation - Split awkward initializer into separate methods - Rename credentials to passkeys - Simplify authenticator registry loading - Flatten nested errors under ActionPack::WebAuthn - Set passkey current params only requests that use it - Inline anemic methods - Replace custom validation with ActiveModel::Validation - Rename identity to holder in Passkey - Rename credentials to passkeys in JS - Extract framework library out of controllers - Pass params hashes down to ActionPack - Attempt to simplify public interface - Push data decoding down to the classes representing the data - Introduce has_passkeys - Add CBOR bigint support - Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey - Add create_passkey_button helper - Rename public-key to creation-options - Add sign_in_with_passkey_button helper - Dispatch events for the whole Passkey lifecycle - Add ED25519 support - Prevent crash on missing meta tag - Validate resident key options - Don't clobber existing ActionPack config options - Validate cryptographic params - Move CurrentWebAuthnRequest into ActionPack::Passkey - Use ActiveModel::Attributes for Options objects - Implement expiring challanges - Add lifecycle events - Extract param helpers into Request - Add passkey_creation_options and passkey_request_options helpers - Add create_passkey_challenge to make it easier to override the create method if needed - Prefix all view helpers with passkey_ - Auto-include ActionPack::Passkey::Holder - Make the passkey challange url configurable - Add a reminder about Passkeys to the magic link email
65 lines
2.1 KiB
Ruby
65 lines
2.1 KiB
Ruby
# = Action Pack WebAuthn
|
|
#
|
|
# Provides a pure-Ruby implementation of the WebAuthn (Web Authentication)
|
|
# specification for passkey registration and authentication. This module
|
|
# is the top-level namespace for all WebAuthn components and provides
|
|
# shared utilities used across ceremonies.
|
|
#
|
|
# == Components
|
|
#
|
|
# [ActionPack::WebAuthn::RelyingParty]
|
|
# Identifies your application to authenticators.
|
|
#
|
|
# [ActionPack::WebAuthn::PublicKeyCredential]
|
|
# Orchestrates registration and authentication ceremonies.
|
|
#
|
|
# [ActionPack::WebAuthn::Authenticator]
|
|
# Parses and validates authenticator responses.
|
|
#
|
|
# [ActionPack::WebAuthn::CborDecoder]
|
|
# Decodes CBOR-encoded data from authenticators.
|
|
#
|
|
# [ActionPack::WebAuthn::CoseKey]
|
|
# Parses COSE public keys into OpenSSL key objects.
|
|
#
|
|
# == Extending Attestation Formats
|
|
#
|
|
# By default only the "none" attestation format is supported. Register
|
|
# additional verifiers with:
|
|
#
|
|
# ActionPack::WebAuthn.register_attestation_verifier("packed", MyPackedVerifier.new)
|
|
#
|
|
module ActionPack::WebAuthn
|
|
class InvalidResponseError < StandardError; end
|
|
class InvalidCborError < StandardError; end
|
|
class InvalidKeyError < StandardError; end
|
|
class UnsupportedKeyTypeError < StandardError; end
|
|
class InvalidOptionsError < StandardError; end
|
|
|
|
class << self
|
|
# Returns a new RelyingParty configured from the current request context.
|
|
def relying_party
|
|
RelyingParty.new
|
|
end
|
|
|
|
# Returns the MessageVerifier used to sign and verify WebAuthn challenges.
|
|
def challenge_verifier
|
|
Rails.application.message_verifier("action_pack.webauthn.challenge")
|
|
end
|
|
|
|
# Returns the registry of attestation format verifiers, keyed by format
|
|
# string (e.g., "none", "packed"). Only "none" is registered by default.
|
|
def attestation_verifiers
|
|
@attestation_verifiers ||= {
|
|
"none" => Authenticator::AttestationVerifiers::None.new
|
|
}
|
|
end
|
|
|
|
# Registers a custom attestation verifier for the given +format+.
|
|
# The +verifier+ must respond to +verify!(attestation, client_data_json:)+.
|
|
def register_attestation_verifier(format, verifier)
|
|
attestation_verifiers[format.to_s] = verifier
|
|
end
|
|
end
|
|
end
|