action_auth 1.4.2 → 1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd82e71b203279a24d5a44196f1e9df519ef646f611f4b1ff3ad7e6b8bc043a9
-  data.tar.gz: d4df3340ffdcaa481b49f5e8518a2720b7bec664d2daf47a3c3d594e8a06215a
+  metadata.gz: 4d991a1cd381778da7c3ed0b5ef0878790e81bdd668098eff84937cd4831c0ea
+  data.tar.gz: 82e3f14dc10fc5b67311ef397fd155d92102bab8ef51b6a3494e760f9ff9463d
 SHA512:
-  metadata.gz: 4c02bbf9ea57e5361291a20c6c36a1ad994dfec332eecb50c562380041388f74923b2bb7f227ed835e03e5317e7668485c4229349cb752d94b7585830341ac1e
-  data.tar.gz: a6cce71017754f203e43c231a3e604836c904475d899f8a02347a347dcd77b1f3ee27de50a78b1f5c8f6c19eb8bbc54f62e83fab3beb5c596318dfb88fd9d0b6
+  metadata.gz: 77dd6d551f7891f62fb2dd10f1fcc17bd6daca8660edf25e232e05b6e2ca6c4ad83b9e4ce73c1f247c2b770d9e4430eb5d681466844ca09a593f77f2c0e79c24
+  data.tar.gz: b6247d918574f799757b41345c234dd8cd78545ff81dd49c57528d7994c62d46adf7c0e9c5e6275c4bbf5eb28be27cba4df5cf5d5e1043256b8b317c59b93e43

data/README.md

@@ -61,6 +61,23 @@ add_foreign_key :nfcs, :users, column: :user_id unless foreign_key_exists?(:nfcs
 ```
 
 ## Installation
+
+### Automatic Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+bundle add action_auth
+```
+
+Then run the rake task to copy over the migrations, config and routes.
+
+```bash
+bin/rails action_auth:install
+```
+
+### Manual Installation
+
 Add this line to your application's Gemfile:
 
 ```ruby
@@ -103,8 +120,9 @@ ActionAuth.configure do |config|
   config.default_from_email = "from@example.com"
   config.magic_link_enabled = true
   config.passkey_only = true # Allows sign in with only a passkey
+  config.pwned_enabled = true # defined?(Pwned)
   config.verify_email_on_sign_in = true
-  config.webauthn_enabled = true
+  config.webauthn_enabled = true # defined?(WebAuthn)
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
 end

data/app/assets/stylesheets/action_auth/application.css

@@ -171,3 +171,78 @@ input[type="password"] {
 .action-auth--text-center {
   text-align: center !important;
 }
+
+@media (prefers-color-scheme: dark) {
+  body {
+    color: #d5c4a1;
+    background-color: #282828 !important;
+  }
+
+  .container,
+  .container-fluid {
+    background-color: #3c3836 !important;
+    border-color: #3c3836 !important;
+  }
+
+  input[type="text"],
+  input[type="email"],
+  input[type="password"] {
+    color: #d5c4a1;
+    background-color: #282828;
+    border-color: #3c3836;
+  }
+
+  .btn {
+    color: #fbf1c7;
+    background-color: #d65d0e;
+    border-color: #d65d0e;
+  }
+
+  .btn:hover {
+    background-color: #cc241d;
+    border-color: #cc241d;
+  }
+
+  .btn:focus {
+    box-shadow: 0 0 0 0.25rem rgba(214, 93, 14, .5);
+  }
+
+  .btn:disabled {
+    background-color: #d65d0e;
+    border-color: #d65d0e;
+    color: #fbf1c7;
+  }
+
+  .action-auth--table {
+    background-color: #3c3836;
+    color: #d5c4a1;
+    box-shadow: 0 4px 8px rgba(0, 0, 0, 0.4);
+  }
+
+  .action-auth--table thead {
+    background-color: #d79921;
+    color: #282828;
+  }
+
+  .action-auth--table th,
+  .action-auth--table td {
+    border-bottom: 1px solid #504945;
+  }
+
+  .action-auth--table tbody tr:hover {
+    background-color: #282828;
+  }
+
+  a {
+    color: #83a598;
+    text-decoration: none;
+  }
+
+  a:visited {
+    color: #d3869b;
+  }
+
+  a:hover {
+    color: #fabd2f;
+  }
+}

data/app/controllers/action_auth/webauthn_credentials_controller.rb

@@ -38,7 +38,8 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
         external_id: webauthn_credential.id,
         nickname: params[:credential_nickname],
         public_key: webauthn_credential.public_key,
-        sign_count: webauthn_credential.sign_count
+        sign_count: webauthn_credential.sign_count,
+        key_type: key_type
       )
 
       if credential.save
@@ -57,4 +58,27 @@ class ActionAuth::WebauthnCredentialsController < ApplicationController
 
     redirect_to sessions_path
   end
+
+  private
+
+  def key_type
+    transports = params.dig(:response, :transports)
+    return :unknown unless transports.present?
+
+    transport_types = {
+      ["internal", "hybrid"] => :passkey,
+      ["usb", "nfc"] => :hardware,
+      ["bluetooth", "wireless"] => :wireless,
+    }.freeze
+
+    transport_types.each do |keys, type|
+      if transports.is_a?(String)
+        return type if keys.include?(transports)
+      elsif transports.is_a?(Array)
+        return type if (keys & transports).any?
+      end
+    end
+
+    :unknown
+  end
 end

data/app/models/action_auth/webauthn_credential.rb

@@ -10,5 +10,12 @@ module ActionAuth
                 greater_than_or_equal_to: 0,
                 less_than_or_equal_to: 2**32 - 1
               }
+
+    enum :key_type, {
+      unknown: 0,
+      passkey: 1,
+      hardware: 2,
+      wireless: 3
+    }
   end
 end

data/app/views/action_auth/sessions/index.html.erb

@@ -36,6 +36,7 @@
       <thead>
         <tr>
           <th>Key</th>
+          <th>Type</th>
           <th nowrap>Registered On</th>
           <th nowrap></th>
         </tr>
@@ -44,6 +45,7 @@
         <% current_user.webauthn_credentials.each do |credential| %>
           <%= content_tag :tr, id: dom_id(credential) do %>
             <td><%= credential.nickname %></td>
+            <td><%= credential.key_type %></td>
             <td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
             <td nowrap><%= button_to "Delete", credential, method: :delete, class: "btn btn-primary" %></td>
           <% end %>

data/app/views/action_auth/sessions/passkeys/new.html.erb

@@ -10,7 +10,7 @@
   class: "action-auth--text-center" do %>
 
   <div class="mb-3 action-auth--text-center">
-    Insert a USB key, if necessary, and tap it.
+    You must use a passkey, not a hardware key, to sign in.
     An account with a matching passkey is required.
   </div>
 <% end %>

data/db/migrate/20240818032321_add_type_to_webauthn_credentials.rb

@@ -0,0 +1,5 @@
+class AddTypeToWebauthnCredentials < ActiveRecord::Migration[7.2]
+  def change
+    add_column :webauthn_credentials, :key_type, :integer, default: 0, limit: 2
+  end
+end

data/lib/action_auth/configuration.rb

@@ -4,6 +4,8 @@ module ActionAuth
     attr_accessor :allow_user_deletion
     attr_accessor :default_from_email
     attr_accessor :magic_link_enabled
+    attr_accessor :passkey_only
+    attr_accessor :pwned_enabled
     attr_accessor :verify_email_on_sign_in
     attr_accessor :webauthn_enabled
     attr_accessor :webauthn_origin

data/lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.4.2"
+  VERSION = "1.5.1"
 end

data/lib/tasks/action_auth_tasks.rake

@@ -1,4 +1,49 @@
-# desc "Explaining what the task does"
-# task :action_auth do
-#   # Task goes here
-# end
+desc "Installs Configs, Migrations, and Routes for ActionAuth"
+namespace :action_auth do
+  task :install do
+    # Copies to config/initializers/action_auth.rb
+    puts "Installing ActionAuth Configs"
+    config_file_path = Rails.root.join('config', 'initializers', 'action_auth.rb')
+    unless File.exist?(config_file_path)
+      File.open(config_file_path, 'w') do |file|
+        file.puts <<~RUBY
+          # ActionAuth.configure do |config|
+          #   config.allow_user_deletion = true
+          #   config.default_from_email = "from@example.com"
+          #   config.magic_link_enabled = true
+          #   config.passkey_only = true # Allows sign in with only a passkey
+          #   config.pwned_enabled = true # defined?(Pwned)
+          #   config.verify_email_on_sign_in = true
+          #   config.webauthn_enabled = true # defined?(WebAuthn)
+          #   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
+          #   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
+          # end
+        RUBY
+      end
+      puts "Created config/initializers/action_auth.rb"
+    else
+      puts "Config file already exists at config/initializers/action_auth.rb"
+    end
+
+    # Installs the ActionAuth Migrations
+    puts "Installing ActionAuth Migrations"
+    Rake::Task["action_auth:install:migrations"].invoke
+
+    # Add ActionAuth routes to config/routes.rb
+    puts "Installing ActionAuth Routes"
+    routes_file_path = Rails.root.join('config', 'routes.rb')
+    route_line = "mount ActionAuth::Engine => \"/action_auth\""
+    routes_content = File.read(routes_file_path)
+    unless routes_content.include?(route_line)
+      insert_after = "Rails.application.routes.draw do"
+      new_routes_content = routes_content.sub(/(#{insert_after})/i, "\\1\n  #{route_line}\n")
+      File.open(routes_file_path, 'w') do |file|
+        file.puts new_routes_content
+      end
+      puts "Added ActionAuth route to config/routes.rb"
+    else
+      puts "ActionAuth route already present in config/routes.rb"
+    end
+
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_auth
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.5.1
 platform: ruby
 authors:
 - Dave Kimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-16 00:00:00.000000000 Z
+date: 2024-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -98,6 +98,7 @@ files:
 - db/migrate/20231107170349_create_action_auth_sessions.rb
 - db/migrate/20240111125859_add_webauthn_credentials.rb
 - db/migrate/20240111142545_add_webauthn_id_to_users.rb
+- db/migrate/20240818032321_add_type_to_webauthn_credentials.rb
 - lib/action_auth.rb
 - lib/action_auth/configuration.rb
 - lib/action_auth/controllers/helpers.rb