devise-webauthn 0.0.0 → 0.1.0

data/lib/devise/webauthn/url_helpers.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Devise
+  module Webauthn
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by devise.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_passkey_path(:user)      => new_user_passkey_path
+    #   passkeys_path(:user)         => user_passkeys_path
+    #   passkey_path(:user)          => user_passkey_path
+    #
+    # Those helpers are included by default to ActionController::Base.
+    #
+    # In case you want to add such helpers to another class, you can do
+    # that as long as this new class includes both url_helpers and
+    # mounted_helpers. Example:
+    #
+    #     include Rails.application.routes.url_helpers
+    #     include Rails.application.routes.mounted_helpers
+    #
+    module UrlHelpers
+      {
+        passkeys: [nil],
+        passkey: [nil, :new]
+      }.each do |route, actions|
+        %i[path url].each do |path_or_url|
+          actions.each do |action|
+            action = action ? "#{action}_" : ""
+            method = :"#{action}#{route}_#{path_or_url}"
+
+            define_method method do |resource_or_scope, *args|
+              scope = Devise::Mapping.find_scope!(resource_or_scope)
+              router_name = Devise.mappings[scope].router_name
+              context = router_name ? send(router_name) : _devise_route_context
+              context.send("#{action}#{scope}_#{route}_#{path_or_url}", *args)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise/webauthn/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Devise
   module Webauthn
-    VERSION = "0.0.0"
+    VERSION = "0.1.0"
   end
 end

data/lib/devise/webauthn.rb

@@ -1,8 +1,18 @@
-require "devise/webauthn/version"
+# frozen_string_literal: true
+
+require "devise"
+require "webauthn"
+
+require_relative "webauthn/version"
+require_relative "webauthn/engine"
+require_relative "webauthn/helpers/credentials_helper"
+require_relative "webauthn/routes"
+require_relative "webauthn/url_helpers"
 
 module Devise
   module Webauthn
-    class Error < StandardError; end
-    # Your code goes here...
+    module Test
+      autoload :AuthenticatorHelpers, "devise/webauthn/test/authenticator_helpers"
+    end
   end
 end

data/lib/generators/devise/webauthn/controllers_generator.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module Devise
+  module Webauthn
+    class ControllersGenerator < Rails::Generators::Base
+      CONTROLLERS = %w[passkeys].freeze
+
+      desc "Create inherited Devise::Webauthn controllers in your app/controllers folder."
+
+      source_root File.expand_path("templates/controllers", __dir__)
+      argument :scope, required: true,
+                       desc: "The scope to create controllers in, e.g. users, admins"
+
+      def create_controllers
+        @scope_prefix = scope.blank? ? "" : "#{scope.camelize}::"
+        CONTROLLERS.each do |name|
+          template "#{name}_controller.rb",
+                   "app/controllers/#{scope}/#{name}_controller.rb"
+        end
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/devise/webauthn/install/install_generator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module Devise
+  module Webauthn
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Install Devise::Webauthn configuration into your application"
+
+      class_option :resource_name, type: :string, default: "user", desc: "The resource name for Devise (default: user)"
+
+      def install
+        say "Installing DeviseWebauthn configuration...", :green
+
+        template "webauthn.rb", "config/initializers/webauthn.rb"
+        say "Created initializer: config/initializers/webauthn.rb", :green
+      end
+
+      def generate_webauthn_credential_model
+        invoke "devise:webauthn:webauthn_credential_model", [], resource_name: options[:resource_name]
+      end
+
+      def generate_webauthn_id_column
+        invoke "devise:webauthn:webauthn_id", [], resource_name: options[:resource_name]
+      end
+
+      def generate_stimulus_controller
+        invoke "devise:webauthn:stimulus"
+      end
+
+      def final_message
+        say "\nAlmost done! Now edit `config/initializers/webauthn.rb` and set the `allowed_origins` for your app.",
+            :yellow
+      end
+    end
+  end
+end

data/lib/generators/devise/webauthn/install/templates/webauthn.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+WebAuthn.configure do |config|
+  # This value needs to match `window.location.origin` evaluated by
+  # the User Agent during registration and authentication ceremonies.
+  # Multiple origins can be used when needed. Using more than one will imply you MUST configure rp_id explicitely.
+  # please see [webauthn-ruby Advanced Configuration section](https://github.com/cedarcode/webauthn-ruby/blob/master/docs/advanced_configuration.md)
+  # instead of adding multiple origins.
+  # config.allowed_origins = [ "https://auth.example.com" ]
+
+  # Relying Party name for display purposes
+  # config.rp_name = "Example Inc."
+
+  # Optionally configure a client timeout hint, in milliseconds.
+  # This hint specifies how long the browser should wait for any
+  # interaction with the user.
+  # This hint may be overridden by the browser.
+  # https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-timeout
+  # config.credential_options_timeout = 120_000
+
+  # You can optionally specify a different Relying Party ID
+  # (https://www.w3.org/TR/webauthn/#relying-party-identifier)
+  # if it differs from the default one.
+  #
+  # config.rp_id = "localhost"
+
+  # Configure preferred binary-to-text encoding scheme. This should match the encoding scheme
+  # used in your client-side (user agent) code before sending the credential to the server.
+  # Supported values: `:base64url` (default), `:base64` or `false` to disable all encoding.
+  #
+  # config.encoding = :base64url
+
+  # Possible values: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "RS1"
+  # Default: ["ES256", "PS256", "RS256"]
+  #
+  # config.algorithms << "ES384"
+end

data/lib/generators/devise/webauthn/stimulus/stimulus_generator.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module Devise
+  module Webauthn
+    class StimulusGenerator < Rails::Generators::Base
+      hide!
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Copy DeviseWebauthn Stimulus controller to your application"
+
+      def copy_stimulus_controller
+        copy_file "webauthn_credentials_controller.js",
+                  "app/javascript/controllers/webauthn_credentials_controller.js"
+      end
+
+      def show_instructions
+        say "✓ Stimulus controller setup complete!", :green
+        say "The webauthn_credentials controller has been installed and will be automatically registered by Stimulus."
+      end
+    end
+  end
+end

data/lib/generators/devise/webauthn/stimulus/templates/webauthn_credentials_controller.js

@@ -0,0 +1,31 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["credentialHiddenInput"]
+
+  async create({ params: { options } }) {
+    try {
+      const credentialOptions = PublicKeyCredential.parseCreationOptionsFromJSON(options);
+      const credential = await navigator.credentials.create({ publicKey: credentialOptions });
+
+      this.credentialHiddenInputTarget.value = JSON.stringify(credential);
+
+      this.element.submit();
+    } catch (error) {
+      alert(error.message || error);
+    }
+  }
+
+  async get({ params: { options } }) {
+    try {
+      const credentialOptions = PublicKeyCredential.parseRequestOptionsFromJSON(options);
+      const credential = await navigator.credentials.get({ publicKey: credentialOptions });
+
+      this.credentialHiddenInputTarget.value = JSON.stringify(credential);
+
+      this.element.submit();
+    } catch (error) {
+      alert(error.message || error);
+    }
+  }
+}

data/lib/generators/devise/webauthn/templates/controllers/README

@@ -0,0 +1,14 @@
+===============================================================================
+
+Some setup you must do manually if you haven't yet:
+
+  Ensure you have overridden routes for generated controllers in your routes.rb.
+  For example:
+
+    Rails.application.routes.draw do
+      devise_for :users, controllers: {
+        passkeys: 'users/passkeys'
+      }
+    end
+
+===============================================================================

data/lib/generators/devise/webauthn/templates/controllers/passkeys_controller.rb.tt

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class <%= @scope_prefix %>PasskeysController < Devise::PasskeysController
+  # GET /resource/passkeys/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/passkeys
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/passkeys/:id
+  # def destroy
+  #  super
+  # end
+
+  # private
+
+  # Verifies the passkey coming in the params and saves it to the database.
+  # def verify_and_save_passkey(passkey_from_params)
+  #   super
+  # end
+
+  # The default url to be used after creating a passkey. You can overwrite
+  # this method in your own PasskeysController.
+  # def after_update_path
+  #   super
+  # end
+end

data/lib/generators/devise/webauthn/views_generator.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module Devise
+  module Webauthn
+    class ViewsGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../../../app/views/devise", __dir__)
+
+      desc "Copies Devise::Webauthn views to your application."
+
+      argument :scope, required: false, default: nil,
+                       desc: "The scope to copy views to"
+
+      class_option :views, aliases: "-v", type: :array,
+                           desc: "Select specific view directories to generate (sessions, passkeys)"
+
+      def copy_views
+        if options[:views]
+          options[:views].each do |directory|
+            view_directory directory.to_sym
+          end
+        else
+          view_directory :passkeys
+          view_directory :sessions
+        end
+      end
+
+      private
+
+      def view_directory(name)
+        directory name.to_s, "#{target_path}/#{name}"
+      end
+
+      def target_path
+        "app/views/#{plural_scope || :devise}"
+      end
+
+      def plural_scope
+        scope.presence && scope.underscore.pluralize
+      end
+    end
+  end
+end

data/lib/generators/devise/webauthn/webauthn_credential_model/webauthn_credential_model_generator.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Devise
+  module Webauthn
+    class WebauthnCredentialModelGenerator < Rails::Generators::Base
+      hide!
+      namespace "devise:webauthn:webauthn_credential_model"
+
+      desc "Generate a WebauthnCredential model with the required fields for WebAuthn"
+      class_option :resource_name, type: :string, default: "user", desc: "The resource name for Devise (default: user)"
+
+      def generate_model
+        invoke "active_record:model", [
+          "webauthn_credential",
+          "external_id:string:uniq",
+          "name:string",
+          "public_key:text",
+          "sign_count:integer{8}",
+          "#{user_model_name}:references"
+        ]
+      end
+
+      def inject_webauthn_credential_content
+        inject_into_file("app/models/webauthn_credential.rb", before: /^end\s*$/) do
+          <<~RUBY.indent(2)
+            validates :external_id, :public_key, :name, :sign_count, presence: true
+            validates :external_id, uniqueness: true
+          RUBY
+        end
+      end
+
+      def show_instructions
+        say <<~MSG
+          WebauthnCredential model has been generated! Next steps:
+
+          1. Run the migration:
+             rails db:migrate
+
+          2. Make sure your User model includes :passkey_authenticatable in the devise line:
+             devise :database_authenticatable, :passkey_authenticatable, ...
+        MSG
+      end
+
+      private
+
+      def user_model_name
+        options[:resource_name].underscore
+      end
+    end
+  end
+end

data/lib/generators/devise/webauthn/webauthn_id/webauthn_id_generator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Devise
+  module Webauthn
+    class WebauthnIdGenerator < Rails::Generators::Base
+      hide!
+      namespace "devise:webauthn:webauthn_id"
+
+      desc "Add webauthn_id field to User model"
+      class_option :resource_name, type: :string, default: "user", desc: "The resource name for Devise (default: user)"
+
+      def generate_migration
+        invoke "active_record:migration", [
+          "add_webauthn_id_to_#{user_table_name}",
+          "webauthn_id:string:uniq"
+        ]
+      end
+
+      def show_instructions
+        say <<~MSG
+          WebAuthn ID field has been added! Next steps:
+
+          1. Run the migration:
+             rails db:migrate
+
+          2. Make sure your User model includes :passkey_authenticatable in the devise line:
+             devise :database_authenticatable, :passkey_authenticatable, ...
+        MSG
+      end
+
+      private
+
+      def user_table_name
+        options[:resource_name].pluralize.underscore
+      end
+    end
+  end
+end

metadata

@@ -1,81 +1,96 @@
 --- !ruby/object:Gem::Specification
 name: devise-webauthn
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.1.0
 platform: ruby
 authors:
-- Braulio Martinez
-autorequire: 
+- Cedarcode
 bindir: exe
 cert_chain: []
-date: 2019-04-02 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
-  type: :development
+        version: '4.9'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '4.9'
 - !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-- !ruby/object:Gem::Dependency
-  name: rspec
+  name: webauthn
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-description: 
 email:
-- braulio@cedarcode.com
+- webauthn@cedarcode.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".rubocop.yml"
+- ".ruby-version"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/controllers/devise/passkeys_controller.rb
+- app/views/devise/passkeys/new.html.erb
+- app/views/devise/sessions/new.html.erb
 - bin/console
+- bin/rails
 - bin/setup
+- config.ru
+- config/locales/en.yml
 - devise-webauthn.gemspec
+- gemfiles/rails_7_1.gemfile
+- gemfiles/rails_7_2.gemfile
+- gemfiles/rails_8_0.gemfile
+- gemfiles/rails_edge.gemfile
+- lib/devise/models/passkey_authenticatable.rb
+- lib/devise/strategies/passkey_authenticatable.rb
 - lib/devise/webauthn.rb
+- lib/devise/webauthn/engine.rb
+- lib/devise/webauthn/helpers/credentials_helper.rb
+- lib/devise/webauthn/routes.rb
+- lib/devise/webauthn/test/authenticator_helpers.rb
+- lib/devise/webauthn/url_helpers.rb
 - lib/devise/webauthn/version.rb
-homepage: 
+- lib/generators/devise/webauthn/controllers_generator.rb
+- lib/generators/devise/webauthn/install/install_generator.rb
+- lib/generators/devise/webauthn/install/templates/webauthn.rb
+- lib/generators/devise/webauthn/stimulus/stimulus_generator.rb
+- lib/generators/devise/webauthn/stimulus/templates/webauthn_credentials_controller.js
+- lib/generators/devise/webauthn/templates/controllers/README
+- lib/generators/devise/webauthn/templates/controllers/passkeys_controller.rb.tt
+- lib/generators/devise/webauthn/views_generator.rb
+- lib/generators/devise/webauthn/webauthn_credential_model/webauthn_credential_model_generator.rb
+- lib/generators/devise/webauthn/webauthn_id/webauthn_id_generator.rb
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -83,16 +98,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Devise extension to support WebAuthn.
 test_files: []

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.5.3
-before_install: gem install bundler -v 1.17.1