action_auth 1.4.1 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/app/controllers/action_auth/webauthn_credentials_controller.rb +25 -1
- data/app/models/action_auth/webauthn_credential.rb +7 -0
- data/app/views/action_auth/sessions/index.html.erb +2 -0
- data/app/views/action_auth/sessions/passkeys/new.html.erb +1 -1
- data/db/migrate/20240818032321_add_type_to_webauthn_credentials.rb +5 -0
- data/lib/action_auth/configuration.rb +2 -0
- data/lib/action_auth/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: beb1aed113f8cce08b4e352b8d5d7f652b89a10cbf7ef7470c871da89b9346fc
|
4
|
+
data.tar.gz: f1ec6c10834bde54f5edbd1b473b72c55a8929cd9e8674c1f416bc1d70213a6d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 53abcdf203341654f8a1c63decdd54d6e06b1457b2de13e0a11f9c8e3243900a14cc04a661b727c6dedda4a81c61bbf4dd10efdea70d259be40be844cd4e5c36
|
7
|
+
data.tar.gz: 0d5ddeea817b8daeb0392c956aa3bd4e05c645d5b58333353b7854a9751f1a64913e0f7c3f29a32d8f14c9d449f4c325c3be4db8bd18e0089dd158782ffdbe75
|
data/README.md
CHANGED
@@ -103,8 +103,9 @@ ActionAuth.configure do |config|
|
|
103
103
|
config.default_from_email = "from@example.com"
|
104
104
|
config.magic_link_enabled = true
|
105
105
|
config.passkey_only = true # Allows sign in with only a passkey
|
106
|
+
config.pwned_enabled = true # defined?(Pwned)
|
106
107
|
config.verify_email_on_sign_in = true
|
107
|
-
config.webauthn_enabled = true
|
108
|
+
config.webauthn_enabled = true # defined?(WebAuthn)
|
108
109
|
config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
|
109
110
|
config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
|
110
111
|
end
|
@@ -38,7 +38,8 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
38
38
|
external_id: webauthn_credential.id,
|
39
39
|
nickname: params[:credential_nickname],
|
40
40
|
public_key: webauthn_credential.public_key,
|
41
|
-
sign_count: webauthn_credential.sign_count
|
41
|
+
sign_count: webauthn_credential.sign_count,
|
42
|
+
key_type: key_type
|
42
43
|
)
|
43
44
|
|
44
45
|
if credential.save
|
@@ -57,4 +58,27 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
|
|
57
58
|
|
58
59
|
redirect_to sessions_path
|
59
60
|
end
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
def key_type
|
65
|
+
transports = params.dig(:response, :transports)
|
66
|
+
return :unknown unless transports.present?
|
67
|
+
|
68
|
+
transport_types = {
|
69
|
+
["internal", "hybrid"] => :passkey,
|
70
|
+
["usb", "nfc"] => :hardware,
|
71
|
+
["bluetooth", "wireless"] => :wireless,
|
72
|
+
}.freeze
|
73
|
+
|
74
|
+
transport_types.each do |keys, type|
|
75
|
+
if transports.is_a?(String)
|
76
|
+
return type if keys.include?(transports)
|
77
|
+
elsif transports.is_a?(Array)
|
78
|
+
return type if (keys & transports).any?
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
:unknown
|
83
|
+
end
|
60
84
|
end
|
@@ -36,6 +36,7 @@
|
|
36
36
|
<thead>
|
37
37
|
<tr>
|
38
38
|
<th>Key</th>
|
39
|
+
<th>Type</th>
|
39
40
|
<th nowrap>Registered On</th>
|
40
41
|
<th nowrap></th>
|
41
42
|
</tr>
|
@@ -44,6 +45,7 @@
|
|
44
45
|
<% current_user.webauthn_credentials.each do |credential| %>
|
45
46
|
<%= content_tag :tr, id: dom_id(credential) do %>
|
46
47
|
<td><%= credential.nickname %></td>
|
48
|
+
<td><%= credential.key_type %></td>
|
47
49
|
<td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
|
48
50
|
<td nowrap><%= button_to "Delete", credential, method: :delete, class: "btn btn-primary" %></td>
|
49
51
|
<% end %>
|
@@ -10,7 +10,7 @@
|
|
10
10
|
class: "action-auth--text-center" do %>
|
11
11
|
|
12
12
|
<div class="mb-3 action-auth--text-center">
|
13
|
-
|
13
|
+
You must use a passkey, not a hardware key, to sign in.
|
14
14
|
An account with a matching passkey is required.
|
15
15
|
</div>
|
16
16
|
<% end %>
|
@@ -4,6 +4,8 @@ module ActionAuth
|
|
4
4
|
attr_accessor :allow_user_deletion
|
5
5
|
attr_accessor :default_from_email
|
6
6
|
attr_accessor :magic_link_enabled
|
7
|
+
attr_accessor :passkey_only
|
8
|
+
attr_accessor :pwned_enabled
|
7
9
|
attr_accessor :verify_email_on_sign_in
|
8
10
|
attr_accessor :webauthn_enabled
|
9
11
|
attr_accessor :webauthn_origin
|
data/lib/action_auth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dave Kimura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-08-
|
11
|
+
date: 2024-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -98,6 +98,7 @@ files:
|
|
98
98
|
- db/migrate/20231107170349_create_action_auth_sessions.rb
|
99
99
|
- db/migrate/20240111125859_add_webauthn_credentials.rb
|
100
100
|
- db/migrate/20240111142545_add_webauthn_id_to_users.rb
|
101
|
+
- db/migrate/20240818032321_add_type_to_webauthn_credentials.rb
|
101
102
|
- lib/action_auth.rb
|
102
103
|
- lib/action_auth/configuration.rb
|
103
104
|
- lib/action_auth/controllers/helpers.rb
|
@@ -127,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
128
|
- !ruby/object:Gem::Version
|
128
129
|
version: '0'
|
129
130
|
requirements: []
|
130
|
-
rubygems_version: 3.5.
|
131
|
+
rubygems_version: 3.5.17
|
131
132
|
signing_key:
|
132
133
|
specification_version: 4
|
133
134
|
summary: A simple Rails engine for authorization.
|