action_auth 1.3.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9adce01d4651e8af6f14f8738bb4f762512485d75640d9fd1993ef68fa6c37a
-  data.tar.gz: 9b0c5e31a61b57efef137cb9429de5015390da6a01ce6ce1bad200a3b881ccbb
+  metadata.gz: f2082f44369afe3132a783d6bd8477b7df97188bf29c55791a131ed4b5cc8034
+  data.tar.gz: ca85a89d45d638a85bef5a9f18c5e881deea0d716feddc5ac33d49c687e0f0d7
 SHA512:
-  metadata.gz: 132b6dad72a8a2d4531febde70f32cb3e793ab98a23d48567a9ec7c2e62655737e9c5c608f302e011c10018e787422c2d4205a1739feea3aeb7849e82ea19c82
-  data.tar.gz: a4fed6bd6daf8ae5c2de6cdf3e4b46090a349a4426155d368d9ec94713e0b2e00288c4c199724253a9f96ac2722c0647e3382a2c1b0b23bdb196756a4d7b00c0
+  metadata.gz: 6409ba5c720feb68d07b4e9dc4a8fa1d234e990fdcfe3fe710410f3671ae4d044ff58784c0015a67dc07083a0b4b840fcbcdc2494191bcfb852208ede5c0fadf
+  data.tar.gz: b156d5b0c0e6edc056b5935c3f18ec5677ea925e3dcfe8979e13048e2db0526ebcfed8f91b33f6d1109daf87cef8f510b7367bf488740a5de9d5593a81f9adaf

data/README.md

@@ -102,6 +102,7 @@ ActionAuth.configure do |config|
   config.allow_user_deletion = true
   config.default_from_email = "from@example.com"
   config.magic_link_enabled = true
+  config.passkey_only = true # Allows sign in with only a passkey
   config.verify_email_on_sign_in = true
   config.webauthn_enabled = true
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
@@ -127,6 +128,8 @@ These are the planned features for ActionAuth. The ones that are checked off are
 
 ✅ - Passkeys/Hardware Security Keys
 
+✅ - Passkeys sign in without email/password
+
 ✅ - Magic Links
 
 ⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
@@ -141,8 +144,6 @@ These are the planned features for ActionAuth. The ones that are checked off are
 
 ⏳ - Account Impersonation
 
-
-
 ## Usage
 
 ### Routes

data/app/assets/javascripts/action_auth/application.js

@@ -43,7 +43,9 @@ const Credential = {
 
   get: function (credentialOptions) {
     const self = this;
-    const webauthnUrl = document.querySelector('meta[name="webauthn_auth_url"]').getAttribute("content");
+    const webauthnUrlTag = document.querySelector('meta[name="passkey_auth_url"]') ||
+      document.querySelector('meta[name="webauthn_auth_url"]');
+    const webauthnUrl = webauthnUrlTag.getAttribute("content");
     WebAuthnJSON.get({ "publicKey": credentialOptions }).then(function (credential) {
       self.callback(webauthnUrl, credential, "/");
     });

data/app/assets/stylesheets/action_auth/application.css

@@ -36,6 +36,7 @@ body {
     margin-right: 5px;
   }
 }
+
 .container-fluid {
   -webkit-text-size-adjust: 100%;
   -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
@@ -78,6 +79,11 @@ input[type="password"] {
   margin-bottom: 1rem !important;
 }
 
+.mx-3 {
+  margin-left: 1rem !important;
+  margin-right: 1rem !important;
+}
+
 .btn {
   padding: 0.375rem 0.75rem;
   font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;

data/app/controllers/action_auth/sessions/passkeys_controller.rb

@@ -0,0 +1,24 @@
+module ActionAuth
+  module Sessions
+    class PasskeysController < ApplicationController
+      def new
+        get_options = WebAuthn::Credential.options_for_get
+        session[:current_challenge] = get_options.challenge
+        @options = get_options
+      end
+
+      def create
+        webauthn_credential = WebAuthn::Credential.from_get(params)
+        credential = WebauthnCredential.find_by(external_id: webauthn_credential.id)
+        user = User.find_by(id: credential&.user_id)
+        if credential && user
+          session = user.sessions.create
+          cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+          redirect_to main_app.root_path(format: :html), notice: "Signed in successfully"
+        else
+          redirect_to sign_in_path(format: :html), alert: "That passkey is incorrect" and return
+        end
+      end
+    end
+  end
+end

data/app/views/action_auth/magics/requests/new.html.erb

@@ -1,4 +1,4 @@
-<h1>Sign up</h1>
+<h1>Request Magic Link</h1>
 
 <%= form_with(url: magics_requests_path) do |form| %>
   <div class="mb-3">
@@ -8,11 +8,16 @@
 
   <div class="mb-3">
     <%= form.submit "Request Magic Link", class: "btn btn-primary" %>
+    <span class="mx-3">or</span>
+    <%= link_to "Sign In", sign_in_path %>
+    <% if ActionAuth.configuration.passkey_only? %>
+      <span class="mx-3">or</span>
+      <%= link_to "Passkey", new_sessions_passkey_path %>
+    <% end %>
   </div>
 <% end %>
 
 <div class="mb-3">
-  <%= link_to "Sign In", sign_in_path %> |
   <%= link_to "Sign Up", sign_up_path %> |
   <%= link_to "Reset Password", new_identity_password_reset_path %>
   <% if ActionAuth.configuration.verify_email_on_sign_in %>

data/app/views/action_auth/registrations/new.html.erb

@@ -39,6 +39,9 @@
   <% if ActionAuth.configuration.magic_link_enabled? %>
     <%= link_to "Magic Link", new_magics_requests_path %> |
   <% end %>
+  <% if ActionAuth.configuration.passkey_only? %>
+    <%= link_to "Passkey", new_sessions_passkey_path %> |
+  <% end %>
   <%= link_to "Reset Password", new_identity_password_reset_path %>
   <% if ActionAuth.configuration.verify_email_on_sign_in %>
     | <%= link_to "Verify Email", identity_email_verification_path %>

data/app/views/action_auth/sessions/new.html.erb

@@ -16,14 +16,19 @@
 
   <div class="mb-3">
     <%= form.submit "Sign in", class: "btn btn-primary" %>
+    <% if ActionAuth.configuration.magic_link_enabled? %>
+      <span class="mx-3">or</span>
+      <%= link_to "Magic Link", new_magics_requests_path %>
+    <% end %>
+    <% if ActionAuth.configuration.passkey_only? %>
+      <span class="mx-3">or</span>
+      <%= link_to "Passkey", new_sessions_passkey_path %>
+    <% end %>
   </div>
 <% end %>
 
 <div class="mb-3">
   <%= link_to "Sign Up", sign_up_path %> |
-  <% if ActionAuth.configuration.magic_link_enabled? %>
-    <%= link_to "Magic Link", new_magics_requests_path %> |
-  <% end %>
   <%= link_to "Reset Password", new_identity_password_reset_path %>
   <% if ActionAuth.configuration.verify_email_on_sign_in %>
     | <%= link_to "Verify Email", identity_email_verification_path %>

data/app/views/action_auth/sessions/passkeys/new.html.erb

@@ -0,0 +1,20 @@
+<h2 class="action-auth--text-center">Use a passkey to sign in</h2>
+<%= tag :meta, name: :passkey_auth_url, content: action_auth.sessions_passkeys_url %>
+
+<%= content_tag :div,
+  id: "webauthn_credential_form",
+  data: {
+    controller: "credential-authenticator",
+    "credential-authenticator-options-value": @options
+  },
+  class: "action-auth--text-center" do %>
+
+  <div class="mb-3 action-auth--text-center">
+    Insert a USB key, if necessary, and tap it.
+    An account with a matching passkey is required.
+  </div>
+<% end %>
+
+<%= content_for :cancel_path do %>
+  <%= link_to "Cancel", action_auth.sign_in_path %>
+<% end %>

data/config/routes.rb

@@ -10,6 +10,11 @@ ActionAuth::Engine.routes.draw do
     resource :password_reset,     only: [:new, :edit, :create, :update]
   end
   resource  :password, only: [:edit, :update]
+  namespace :sessions do
+    if ActionAuth.configuration.webauthn_enabled? && ActionAuth.configuration.passkey_only?
+      resources :passkeys, only: [:new, :create]
+    end
+  end
   resources :sessions, only: [:index, :show, :destroy]
 
   if ActionAuth.configuration.allow_user_deletion?

data/lib/action_auth/configuration.rb

@@ -14,6 +14,7 @@ module ActionAuth
       @allow_user_deletion = true
       @default_from_email = "from@example.com"
       @magic_link_enabled = true
+      @passkey_only = true
       @pwned_enabled = defined?(Pwned)
       @verify_email_on_sign_in = true
       @webauthn_enabled = defined?(WebAuthn)
@@ -29,6 +30,10 @@ module ActionAuth
       @magic_link_enabled == true
     end
 
+    def passkey_only?
+      webauthn_enabled? && @passkey_only == true
+    end
+
     def webauthn_enabled?
       @webauthn_enabled.respond_to?(:call) ? @webauthn_enabled.call : @webauthn_enabled
     end

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.3.0"
+  VERSION = "1.4.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.1
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-13 00:00:00.000000000 Z
+date: 2024-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -60,6 +60,7 @@ files:
 - app/controllers/action_auth/magics/sign_ins_controller.rb
 - app/controllers/action_auth/passwords_controller.rb
 - app/controllers/action_auth/registrations_controller.rb
+- app/controllers/action_auth/sessions/passkeys_controller.rb
 - app/controllers/action_auth/sessions_controller.rb
 - app/controllers/action_auth/users_controller.rb
 - app/controllers/action_auth/webauthn_credential_authentications_controller.rb
@@ -81,6 +82,7 @@ files:
 - app/views/action_auth/registrations/new.html.erb
 - app/views/action_auth/sessions/index.html.erb
 - app/views/action_auth/sessions/new.html.erb
+- app/views/action_auth/sessions/passkeys/new.html.erb
 - app/views/action_auth/user_mailer/email_verification.html.erb
 - app/views/action_auth/user_mailer/email_verification.text.erb
 - app/views/action_auth/user_mailer/magic_link.html.erb
@@ -125,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.17
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: A simple Rails engine for authorization.