017bcc9ce1
- Fix indentation - Split awkward initializer into separate methods - Rename credentials to passkeys - Simplify authenticator registry loading - Flatten nested errors under ActionPack::WebAuthn - Set passkey current params only requests that use it - Inline anemic methods - Replace custom validation with ActiveModel::Validation - Rename identity to holder in Passkey - Rename credentials to passkeys in JS - Extract framework library out of controllers - Pass params hashes down to ActionPack - Attempt to simplify public interface - Push data decoding down to the classes representing the data - Introduce has_passkeys - Add CBOR bigint support - Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey - Add create_passkey_button helper - Rename public-key to creation-options - Add sign_in_with_passkey_button helper - Dispatch events for the whole Passkey lifecycle - Add ED25519 support - Prevent crash on missing meta tag - Validate resident key options - Don't clobber existing ActionPack config options - Validate cryptographic params - Move CurrentWebAuthnRequest into ActionPack::Passkey - Use ActiveModel::Attributes for Options objects - Implement expiring challanges - Add lifecycle events - Extract param helpers into Request - Add passkey_creation_options and passkey_request_options helpers - Add create_passkey_challenge to make it easier to override the create method if needed - Prefix all view helpers with passkey_ - Auto-include ActionPack::Passkey::Holder - Make the passkey challange url configurable - Add a reminder about Passkeys to the magic link email
38 lines
1.4 KiB
Ruby
38 lines
1.4 KiB
Ruby
# = Action Pack Passkey Challenges Controller
|
|
#
|
|
# Generates fresh WebAuthn challenges for passkey ceremonies. The companion
|
|
# JavaScript calls this endpoint before initiating a registration or
|
|
# authentication ceremony so that the challenge is issued just-in-time rather
|
|
# than embedded in the initial page load.
|
|
#
|
|
# The generated challenge is stored in an encrypted, HTTP-only, same-site
|
|
# cookie and simultaneously returned in the JSON response body. The cookie is
|
|
# consumed by ActionPack::Passkey::Request on the subsequent form submission.
|
|
#
|
|
# == Route
|
|
#
|
|
# By default mounted at +/rails/action_pack/passkey/challenge+ (configurable
|
|
# via +config.action_pack.passkey.routes_prefix+).
|
|
#
|
|
class ActionPack::Passkey::ChallengesController < ActionController::Base
|
|
COOKIE_NAME = :action_pack_passkey_challenge
|
|
|
|
include ActionPack::Passkey::Request
|
|
|
|
# Generates a fresh challenge, stores it in an encrypted cookie, and returns
|
|
# it as JSON. The cookie is consumed on the next passkey form submission.
|
|
def create
|
|
challenge = create_passkey_challenge
|
|
|
|
cookies.encrypted[COOKIE_NAME] = { value: challenge, httponly: true, same_site: :strict, secure: !request.local? && request.ssl? }
|
|
render json: { challenge: challenge }
|
|
end
|
|
|
|
private
|
|
def create_passkey_challenge
|
|
ActionPack::WebAuthn::PublicKeyCredential::Options.new(
|
|
challenge_expiration: Rails.configuration.action_pack.web_authn.request_challenge_expiration
|
|
).challenge
|
|
end
|
|
end
|