action_auth 1.4.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2082f44369afe3132a783d6bd8477b7df97188bf29c55791a131ed4b5cc8034
-  data.tar.gz: ca85a89d45d638a85bef5a9f18c5e881deea0d716feddc5ac33d49c687e0f0d7
+  metadata.gz: beb1aed113f8cce08b4e352b8d5d7f652b89a10cbf7ef7470c871da89b9346fc
+  data.tar.gz: f1ec6c10834bde54f5edbd1b473b72c55a8929cd9e8674c1f416bc1d70213a6d
 SHA512:
-  metadata.gz: 6409ba5c720feb68d07b4e9dc4a8fa1d234e990fdcfe3fe710410f3671ae4d044ff58784c0015a67dc07083a0b4b840fcbcdc2494191bcfb852208ede5c0fadf
-  data.tar.gz: b156d5b0c0e6edc056b5935c3f18ec5677ea925e3dcfe8979e13048e2db0526ebcfed8f91b33f6d1109daf87cef8f510b7367bf488740a5de9d5593a81f9adaf
+  metadata.gz: 53abcdf203341654f8a1c63decdd54d6e06b1457b2de13e0a11f9c8e3243900a14cc04a661b727c6dedda4a81c61bbf4dd10efdea70d259be40be844cd4e5c36
+  data.tar.gz: 0d5ddeea817b8daeb0392c956aa3bd4e05c645d5b58333353b7854a9751f1a64913e0f7c3f29a32d8f14c9d449f4c325c3be4db8bd18e0089dd158782ffdbe75

data/README.md

@@ -103,8 +103,9 @@ ActionAuth.configure do |config|
   config.default_from_email = "from@example.com"
   config.magic_link_enabled = true
   config.passkey_only = true # Allows sign in with only a passkey
+  config.pwned_enabled = true # defined?(Pwned)
   config.verify_email_on_sign_in = true
-  config.webauthn_enabled = true
+  config.webauthn_enabled = true # defined?(WebAuthn)
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
 end

data/app/controllers/action_auth/webauthn_credentials_controller.rb

@@ -38,7 +38,8 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
         external_id: webauthn_credential.id,
         nickname: params[:credential_nickname],
         public_key: webauthn_credential.public_key,
-        sign_count: webauthn_credential.sign_count
+        sign_count: webauthn_credential.sign_count,
+        key_type: key_type
       )
 
       if credential.save
@@ -57,4 +58,27 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
 
     redirect_to sessions_path
   end
+
+  private
+
+  def key_type
+    transports = params.dig(:response, :transports)
+    return :unknown unless transports.present?
+
+    transport_types = {
+      ["internal", "hybrid"] => :passkey,
+      ["usb", "nfc"] => :hardware,
+      ["bluetooth", "wireless"] => :wireless,
+    }.freeze
+
+    transport_types.each do |keys, type|
+      if transports.is_a?(String)
+        return type if keys.include?(transports)
+      elsif transports.is_a?(Array)
+        return type if (keys & transports).any?
+      end
+    end
+
+    :unknown
+  end
 end

data/app/models/action_auth/webauthn_credential.rb

@@ -10,5 +10,12 @@ module ActionAuth
                 greater_than_or_equal_to: 0,
                 less_than_or_equal_to: 2**32 - 1
               }
+
+    enum :key_type, {
+      unknown: 0,
+      passkey: 1,
+      hardware: 2,
+      wireless: 3
+    }
   end
 end

data/app/views/action_auth/sessions/index.html.erb

@@ -36,6 +36,7 @@
       <thead>
         <tr>
           <th>Key</th>
+          <th>Type</th>
           <th nowrap>Registered On</th>
           <th nowrap></th>
         </tr>
@@ -44,6 +45,7 @@
         <% current_user.webauthn_credentials.each do |credential| %>
           <%= content_tag :tr, id: dom_id(credential) do %>
             <td><%= credential.nickname %></td>
+            <td><%= credential.key_type %></td>
             <td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
             <td nowrap><%= button_to "Delete", credential, method: :delete, class: "btn btn-primary" %></td>
           <% end %>

data/app/views/action_auth/sessions/passkeys/new.html.erb

@@ -10,7 +10,7 @@
   class: "action-auth--text-center" do %>
 
   <div class="mb-3 action-auth--text-center">
-    Insert a USB key, if necessary, and tap it.
+    You must use a passkey, not a hardware key, to sign in.
     An account with a matching passkey is required.
   </div>
 <% end %>

data/db/migrate/20240818032321_add_type_to_webauthn_credentials.rb

@@ -0,0 +1,5 @@
+class AddTypeToWebauthnCredentials < ActiveRecord::Migration[7.2]
+  def change
+    add_column :webauthn_credentials, :key_type, :integer, default: 0, limit: 2
+  end
+end

data/lib/action_auth/configuration.rb

@@ -4,6 +4,8 @@ module ActionAuth
     attr_accessor :allow_user_deletion
     attr_accessor :default_from_email
     attr_accessor :magic_link_enabled
+    attr_accessor :passkey_only
+    attr_accessor :pwned_enabled
     attr_accessor :verify_email_on_sign_in
     attr_accessor :webauthn_enabled
     attr_accessor :webauthn_origin

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.4.1"
+  VERSION = "1.5.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-15 00:00:00.000000000 Z
+date: 2024-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -98,6 +98,7 @@ files:
 - db/migrate/20231107170349_create_action_auth_sessions.rb
 - db/migrate/20240111125859_add_webauthn_credentials.rb
 - db/migrate/20240111142545_add_webauthn_id_to_users.rb
+- db/migrate/20240818032321_add_type_to_webauthn_credentials.rb
 - lib/action_auth.rb
 - lib/action_auth/configuration.rb
 - lib/action_auth/controllers/helpers.rb
@@ -127,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.17
 signing_key:
 specification_version: 4
 summary: A simple Rails engine for authorization.