has_secure_passkey 0.2.7 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d60ec46a0f356a08daa382861505f23961c77d8e5f1de1b80e0d6d6e830b7939
-  data.tar.gz: ee2bba7266aca050dd3cf56ac3b349c712c1e3718c9f465306e860ca81c1cef8
+  metadata.gz: d8701c9e46b1dfce56e62338235a894088e6973b2ae425ba531cd683c3e1d436
+  data.tar.gz: 8b5312f7fecd005bdf6cd058a5a5d03f8c884424d0d759ad4e8b444e73a236bf
 SHA512:
-  metadata.gz: e9d6e8c611b7db01e03876aed6ed627d7793621f4503c52a312b291e7658e6016c365c294091b41b3c3b583cfa42339a064d9e7d8d27a7bfb7774039c03e14b6
-  data.tar.gz: 6ec3fbd29b8d09d2803aec6505d286c661d030952011dcc7c06dd826a0b126617b6fabe0de4692f0d30592d74dc3798430fca34de1b19546d8eac2290de32001
+  metadata.gz: 47ea5e397d57f8bf7b6646674f6a3fee6cdac26302de8d9f02da0e721675a50110af46c35e50cd2bade07b549fc7282d9e64253967b3bb2c3528af88857d69af
+  data.tar.gz: b5bae0850c9e4238798ce232ab0ff0bb746b96c8466c7571e748ca84e9cb045a54d2b1754bc7e3253208dcfd0f25820436815de85553fef9d8fcecc5472ac22e

data/app/assets/javascripts/components/web_authn.js

@@ -1,5 +1,4 @@
-import * as WebAuthnJSON from "@github/webauthn-json"
-import { post } from "@rails/request"
+import { post } from "@rails/request.js"
 
 export default class WebAuthn extends HTMLElement {
   static observedAttributes = ["action", "callback", "options"];
@@ -16,13 +15,13 @@ export default class WebAuthn extends HTMLElement {
   }
 
   run() {
-    WebAuthnJSON[this.action](this.options).
+    navigator.credentials[this.action]({publicKey: this.publicKey}).
       then(async (credential) => {
         this.showProgress()
 
         const { response, redirected } = await post(this.callback, {
           responseKind: "turbo-stream",
-          body: JSON.stringify(Object.assign(credential, { webauthn_message: this.message }))
+          body: JSON.stringify(Object.assign(credential.toJSON(), { webauthn_message: this.message }))
         })
 
         this.hideProgress()
@@ -34,6 +33,7 @@ export default class WebAuthn extends HTMLElement {
             Turbo.navigator.proposeVisit(new URL(response.url), options)
         }
       }).catch((error) => {
+        console.error(error)
         this.onError(error)
       })
   }
@@ -77,4 +77,12 @@ export default class WebAuthn extends HTMLElement {
   get message() {
     return this.getAttribute('message');
   }
+
+  get publicKey() {
+    if (this.action === "create") {
+      return PublicKeyCredential.parseCreationOptionsFromJSON(this.options);
+    } else {
+      return PublicKeyCredential.parseRequestOptionsFromJSON(this.options);
+    }
+  }
 }

data/app/assets/javascripts/has_secure_passkey.js

@@ -1,113 +1,7 @@
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-
-// app/assets/javascripts/@github--webauthn-json.js
-var exports__github_webauthn_json = {};
-__export(exports__github_webauthn_json, {
-  supported: () => supported,
-  schema: () => c,
-  get: () => get,
-  create: () => create
-});
-function base64urlToBuffer(e) {
-  const r = "==".slice(0, (4 - e.length % 4) % 4);
-  const t = e.replace(/-/g, "+").replace(/_/g, "/") + r;
-  const n = atob(t);
-  const i = new ArrayBuffer(n.length);
-  const o = new Uint8Array(i);
-  for (let e2 = 0;e2 < n.length; e2++)
-    o[e2] = n.charCodeAt(e2);
-  return i;
-}
-function bufferToBase64url(e) {
-  const r = new Uint8Array(e);
-  let t = "";
-  for (const e2 of r)
-    t += String.fromCharCode(e2);
-  const n = btoa(t);
-  const i = n.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-  return i;
-}
-var e = "copy";
-var r = "convert";
-function convert(t, n, i) {
-  if (n === e)
-    return i;
-  if (n === r)
-    return t(i);
-  if (n instanceof Array)
-    return i.map((e2) => convert(t, n[0], e2));
-  if (n instanceof Object) {
-    const e2 = {};
-    for (const [r2, o] of Object.entries(n)) {
-      if (o.derive) {
-        const e3 = o.derive(i);
-        e3 !== undefined && (i[r2] = e3);
-      }
-      if (r2 in i)
-        i[r2] != null ? e2[r2] = convert(t, o.schema, i[r2]) : e2[r2] = null;
-      else if (o.required)
-        throw new Error(`Missing key: ${r2}`);
-    }
-    return e2;
-  }
-}
-function derived(e2, r2) {
-  return { required: true, schema: e2, derive: r2 };
-}
-function required(e2) {
-  return { required: true, schema: e2 };
-}
-function optional(e2) {
-  return { required: false, schema: e2 };
-}
-var t = { type: required(e), id: required(r), transports: optional(e) };
-var n = { appid: optional(e), appidExclude: optional(e), credProps: optional(e) };
-var i = { appid: optional(e), appidExclude: optional(e), credProps: optional(e) };
-var o = { publicKey: required({ rp: required(e), user: required({ id: required(r), name: required(e), displayName: required(e) }), challenge: required(r), pubKeyCredParams: required(e), timeout: optional(e), excludeCredentials: optional([t]), authenticatorSelection: optional(e), attestation: optional(e), extensions: optional(n) }), signal: optional(e) };
-var a = { type: required(e), id: required(e), rawId: required(r), authenticatorAttachment: optional(e), response: required({ clientDataJSON: required(r), attestationObject: required(r), transports: derived(e, (e2) => {
-  var r2;
-  return ((r2 = e2.getTransports) == null ? undefined : r2.call(e2)) || [];
-}) }), clientExtensionResults: derived(i, (e2) => e2.getClientExtensionResults()) };
-var u = { mediation: optional(e), publicKey: required({ challenge: required(r), timeout: optional(e), rpId: optional(e), allowCredentials: optional([t]), userVerification: optional(e), extensions: optional(n) }), signal: optional(e) };
-var s = { type: required(e), id: required(e), rawId: required(r), authenticatorAttachment: optional(e), response: required({ clientDataJSON: required(r), authenticatorData: required(r), signature: required(r), userHandle: required(r) }), clientExtensionResults: derived(i, (e2) => e2.getClientExtensionResults()) };
-var c = { credentialCreationOptions: o, publicKeyCredentialWithAttestation: a, credentialRequestOptions: u, publicKeyCredentialWithAssertion: s };
-function createRequestFromJSON(e2) {
-  return convert(base64urlToBuffer, o, e2);
-}
-function createResponseToJSON(e2) {
-  return convert(bufferToBase64url, a, e2);
-}
-async function create(e2) {
-  const r2 = await navigator.credentials.create(createRequestFromJSON(e2));
-  return createResponseToJSON(r2);
-}
-function getRequestFromJSON(e2) {
-  return convert(base64urlToBuffer, u, e2);
-}
-function getResponseToJSON(e2) {
-  return convert(bufferToBase64url, s, e2);
-}
-async function get(e2) {
-  const r2 = await navigator.credentials.get(getRequestFromJSON(e2));
-  return getResponseToJSON(r2);
-}
-function supported() {
-  return !!(navigator.credentials && navigator.credentials.create && navigator.credentials.get && window.PublicKeyCredential);
-}
-
-// app/assets/javascripts/@rails--request.js
+// node_modules/@rails/request.js/src/fetch_response.js
 class FetchResponse {
-  constructor(t2) {
-    this.response = t2;
+  constructor(response) {
+    this.response = response;
   }
   get statusCode() {
     return this.response.status;
@@ -128,17 +22,23 @@ class FetchResponse {
     return this.response.headers.get("WWW-Authenticate");
   }
   get contentType() {
-    const t2 = this.response.headers.get("Content-Type") || "";
-    return t2.replace(/;.*$/, "");
+    const contentType = this.response.headers.get("Content-Type") || "";
+    return contentType.replace(/;.*$/, "");
   }
   get headers() {
     return this.response.headers;
   }
   get html() {
-    return this.contentType.match(/^(application|text)\/(html|xhtml\+xml)$/) ? this.text : Promise.reject(new Error(`Expected an HTML response but got "${this.contentType}" instead`));
+    if (this.contentType.match(/^(application|text)\/(html|xhtml\+xml)$/)) {
+      return this.text;
+    }
+    return Promise.reject(new Error(`Expected an HTML response but got "${this.contentType}" instead`));
   }
   get json() {
-    return this.contentType.match(/^application\/.*json$/) ? this.responseJson || (this.responseJson = this.response.json()) : Promise.reject(new Error(`Expected a JSON response but got "${this.contentType}" instead`));
+    if (this.contentType.match(/^application\/.*json$/)) {
+      return this.responseJson || (this.responseJson = this.response.json());
+    }
+    return Promise.reject(new Error(`Expected a JSON response but got "${this.contentType}" instead`));
   }
   get text() {
     return this.responseText || (this.responseText = this.response.text());
@@ -150,27 +50,38 @@ class FetchResponse {
     return this.contentType.match(/\b(?:java|ecma)script\b/);
   }
   async renderTurboStream() {
-    if (!this.isTurboStream)
+    if (this.isTurboStream) {
+      if (window.Turbo) {
+        await window.Turbo.renderStreamMessage(await this.text);
+      } else {
+        console.warn("You must set `window.Turbo = Turbo` to automatically process Turbo Stream events with request.js");
+      }
+    } else {
       return Promise.reject(new Error(`Expected a Turbo Stream response but got "${this.contentType}" instead`));
-    window.Turbo ? await window.Turbo.renderStreamMessage(await this.text) : console.warn("You must set `window.Turbo = Turbo` to automatically process Turbo Stream events with request.js");
+    }
   }
   async activeScript() {
-    if (!this.isScript)
+    if (this.isScript) {
+      const script = document.createElement("script");
+      const metaTag = document.querySelector("meta[name=csp-nonce]");
+      if (metaTag) {
+        const nonce = metaTag.nonce === "" ? metaTag.content : metaTag.nonce;
+        if (nonce) {
+          script.setAttribute("nonce", nonce);
+        }
+      }
+      script.innerHTML = await this.text;
+      document.body.appendChild(script);
+    } else {
       return Promise.reject(new Error(`Expected a Script response but got "${this.contentType}" instead`));
-    {
-      const t2 = document.createElement("script");
-      const e2 = document.querySelector("meta[name=csp-nonce]");
-      const n2 = e2 && e2.content;
-      n2 && t2.setAttribute("nonce", n2);
-      t2.innerHTML = await this.text;
-      document.body.appendChild(t2);
     }
   }
 }
 
+// node_modules/@rails/request.js/src/request_interceptor.js
 class RequestInterceptor {
-  static register(t2) {
-    this.interceptor = t2;
+  static register(interceptor) {
+    this.interceptor = interceptor;
   }
   static get() {
     return this.interceptor;
@@ -179,90 +90,130 @@ class RequestInterceptor {
     this.interceptor = undefined;
   }
 }
-function getCookie(t2) {
-  const e2 = document.cookie ? document.cookie.split("; ") : [];
-  const n2 = `${encodeURIComponent(t2)}=`;
-  const s2 = e2.find((t3) => t3.startsWith(n2));
-  if (s2) {
-    const t3 = s2.split("=").slice(1).join("=");
-    if (t3)
-      return decodeURIComponent(t3);
+
+// node_modules/@rails/request.js/src/lib/utils.js
+function getCookie(name) {
+  const cookies = document.cookie ? document.cookie.split("; ") : [];
+  const prefix = `${encodeURIComponent(name)}=`;
+  const cookie = cookies.find((cookie2) => cookie2.startsWith(prefix));
+  if (cookie) {
+    const value = cookie.split("=").slice(1).join("=");
+    if (value) {
+      return decodeURIComponent(value);
+    }
   }
 }
-function compact(t2) {
-  const e2 = {};
-  for (const n2 in t2) {
-    const s2 = t2[n2];
-    s2 !== undefined && (e2[n2] = s2);
+function compact(object) {
+  const result = {};
+  for (const key in object) {
+    const value = object[key];
+    if (value !== undefined) {
+      result[key] = value;
+    }
   }
-  return e2;
+  return result;
 }
-function metaContent(t2) {
-  const e2 = document.head.querySelector(`meta[name="${t2}"]`);
-  return e2 && e2.content;
+function metaContent(name) {
+  const element = document.head.querySelector(`meta[name="${name}"]`);
+  return element && element.content;
 }
-function stringEntriesFromFormData(t2) {
-  return [...t2].reduce((t3, [e2, n2]) => t3.concat(typeof n2 === "string" ? [[e2, n2]] : []), []);
+function stringEntriesFromFormData(formData) {
+  return [...formData].reduce((entries, [name, value]) => {
+    return entries.concat(typeof value === "string" ? [[name, value]] : []);
+  }, []);
 }
-function mergeEntries(t2, e2) {
-  for (const [n2, s2] of e2)
-    if (!(s2 instanceof window.File))
-      if (t2.has(n2) && !n2.includes("[]")) {
-        t2.delete(n2);
-        t2.set(n2, s2);
-      } else
-        t2.append(n2, s2);
+function mergeEntries(searchParams, entries) {
+  for (const [name, value] of entries) {
+    if (value instanceof window.File)
+      continue;
+    if (searchParams.has(name) && !name.includes("[]")) {
+      searchParams.delete(name);
+      searchParams.set(name, value);
+    } else {
+      searchParams.append(name, value);
+    }
+  }
 }
 
+// node_modules/@rails/request.js/src/fetch_request.js
 class FetchRequest {
-  constructor(t2, e2, n2 = {}) {
-    this.method = t2;
-    this.options = n2;
-    this.originalUrl = e2.toString();
+  constructor(method, url, options = {}) {
+    this.method = method;
+    this.options = options;
+    this.originalUrl = url.toString();
   }
   async perform() {
     try {
-      const t3 = RequestInterceptor.get();
-      t3 && await t3(this);
-    } catch (t3) {
-      console.error(t3);
+      const requestInterceptor = RequestInterceptor.get();
+      if (requestInterceptor) {
+        await requestInterceptor(this);
+      }
+    } catch (error) {
+      console.error(error);
+    }
+    const fetch = this.responseKind === "turbo-stream" && window.Turbo ? window.Turbo.fetch : window.fetch;
+    const response = new FetchResponse(await fetch(this.url, this.fetchOptions));
+    if (response.unauthenticated && response.authenticationURL) {
+      return Promise.reject(window.location.href = response.authenticationURL);
+    }
+    if (response.isScript) {
+      await response.activeScript();
+    }
+    const responseStatusIsTurboStreamable = response.ok || response.unprocessableEntity;
+    if (responseStatusIsTurboStreamable && response.isTurboStream) {
+      await response.renderTurboStream();
     }
-    const t2 = this.responseKind === "turbo-stream" && window.Turbo ? window.Turbo.fetch : window.fetch;
-    const e2 = new FetchResponse(await t2(this.url, this.fetchOptions));
-    if (e2.unauthenticated && e2.authenticationURL)
-      return Promise.reject(window.location.href = e2.authenticationURL);
-    e2.isScript && await e2.activeScript();
-    const n2 = e2.ok || e2.unprocessableEntity;
-    n2 && e2.isTurboStream && await e2.renderTurboStream();
-    return e2;
-  }
-  addHeader(t2, e2) {
-    const n2 = this.additionalHeaders;
-    n2[t2] = e2;
-    this.options.headers = n2;
+    return response;
+  }
+  addHeader(key, value) {
+    const headers = this.additionalHeaders;
+    headers[key] = value;
+    this.options.headers = headers;
   }
   sameHostname() {
-    if (!this.originalUrl.startsWith("http:"))
+    if (!this.originalUrl.startsWith("http:") && !this.originalUrl.startsWith("https:")) {
       return true;
+    }
     try {
       return new URL(this.originalUrl).hostname === window.location.hostname;
-    } catch (t2) {
+    } catch (_) {
       return true;
     }
   }
   get fetchOptions() {
-    return { method: this.method.toUpperCase(), headers: this.headers, body: this.formattedBody, signal: this.signal, credentials: this.credentials, redirect: this.redirect };
+    return {
+      method: this.method.toUpperCase(),
+      headers: this.headers,
+      body: this.formattedBody,
+      signal: this.signal,
+      credentials: this.credentials,
+      redirect: this.redirect,
+      keepalive: this.keepalive
+    };
   }
   get headers() {
-    const t2 = { "X-Requested-With": "XMLHttpRequest", "Content-Type": this.contentType, Accept: this.accept };
-    this.sameHostname() && (t2["X-CSRF-Token"] = this.csrfToken);
-    return compact(Object.assign(t2, this.additionalHeaders));
+    const baseHeaders = {
+      "X-Requested-With": "XMLHttpRequest",
+      "Content-Type": this.contentType,
+      Accept: this.accept
+    };
+    if (this.sameHostname()) {
+      baseHeaders["X-CSRF-Token"] = this.csrfToken;
+    }
+    return compact(Object.assign(baseHeaders, this.additionalHeaders));
   }
   get csrfToken() {
     return getCookie(metaContent("csrf-param")) || metaContent("csrf-token");
   }
   get contentType() {
-    return this.options.contentType ? this.options.contentType : this.body == null || this.body instanceof window.FormData ? undefined : this.body instanceof window.File ? this.body.type : "application/json";
+    if (this.options.contentType) {
+      return this.options.contentType;
+    } else if (this.body == null || this.body instanceof window.FormData) {
+      return;
+    } else if (this.body instanceof window.File) {
+      return this.body.type;
+    }
+    return "application/json";
   }
   get accept() {
     switch (this.responseKind) {
@@ -282,13 +233,19 @@ class FetchRequest {
     return this.options.body;
   }
   get query() {
-    const t2 = (this.originalUrl.split("?")[1] || "").split("#")[0];
-    const e2 = new URLSearchParams(t2);
-    let n2 = this.options.query;
-    n2 = n2 instanceof window.FormData ? stringEntriesFromFormData(n2) : n2 instanceof window.URLSearchParams ? n2.entries() : Object.entries(n2 || {});
-    mergeEntries(e2, n2);
-    const s2 = e2.toString();
-    return s2.length > 0 ? `?${s2}` : "";
+    const originalQuery = (this.originalUrl.split("?")[1] || "").split("#")[0];
+    const params = new URLSearchParams(originalQuery);
+    let requestQuery = this.options.query;
+    if (requestQuery instanceof window.FormData) {
+      requestQuery = stringEntriesFromFormData(requestQuery);
+    } else if (requestQuery instanceof window.URLSearchParams) {
+      requestQuery = requestQuery.entries();
+    } else {
+      requestQuery = Object.entries(requestQuery || {});
+    }
+    mergeEntries(params, requestQuery);
+    const query = params.toString();
+    return query.length > 0 ? `?${query}` : "";
   }
   get url() {
     return this.originalUrl.split("?")[0].split("#")[0] + this.query;
@@ -305,18 +262,26 @@ class FetchRequest {
   get credentials() {
     return this.options.credentials || "same-origin";
   }
+  get keepalive() {
+    return this.options.keepalive || false;
+  }
   get additionalHeaders() {
     return this.options.headers || {};
   }
   get formattedBody() {
-    const t2 = Object.prototype.toString.call(this.body) === "[object String]";
-    const e2 = this.headers["Content-Type"] === "application/json";
-    return e2 && !t2 ? JSON.stringify(this.body) : this.body;
+    const bodyIsAString = Object.prototype.toString.call(this.body) === "[object String]";
+    const contentTypeIsJson = this.headers["Content-Type"] === "application/json";
+    if (contentTypeIsJson && !bodyIsAString) {
+      return JSON.stringify(this.body);
+    }
+    return this.body;
   }
 }
-async function post(t2, e2) {
-  const n2 = new FetchRequest("post", t2, e2);
-  return n2.perform();
+
+// node_modules/@rails/request.js/src/verbs.js
+async function post(url, options) {
+  const request = new FetchRequest("post", url, options);
+  return request.perform();
 }
 
 // app/assets/javascripts/components/web_authn.js
@@ -332,11 +297,11 @@ class WebAuthn extends HTMLElement {
     this.run();
   }
   run() {
-    exports__github_webauthn_json[this.action](this.options).then(async (credential) => {
+    navigator.credentials[this.action]({ publicKey: this.publicKey }).then(async (credential) => {
       this.showProgress();
       const { response, redirected } = await post(this.callback, {
         responseKind: "turbo-stream",
-        body: JSON.stringify(Object.assign(credential, { webauthn_message: this.message }))
+        body: JSON.stringify(Object.assign(credential.toJSON(), { webauthn_message: this.message }))
       });
       this.hideProgress();
       if (response.ok && redirected) {
@@ -349,6 +314,7 @@ class WebAuthn extends HTMLElement {
         Turbo.navigator.proposeVisit(new URL(response.url), options);
       }
     }).catch((error) => {
+      console.error(error);
       this.onError(error);
     });
   }
@@ -383,6 +349,13 @@ class WebAuthn extends HTMLElement {
   get message() {
     return this.getAttribute("message");
   }
+  get publicKey() {
+    if (this.action === "create") {
+      return PublicKeyCredential.parseCreationOptionsFromJSON(this.options);
+    } else {
+      return PublicKeyCredential.parseRequestOptionsFromJSON(this.options);
+    }
+  }
 }
 
 // app/assets/javascripts/components/has_secure_passkey.js

data/lib/has_secure_passkey/active_record_helpers.rb

@@ -22,6 +22,10 @@ module HasSecurePasskey::ActiveRecordHelpers
         authenticated
     end
 
+    define_singleton_method :recover_passkey do |params:|
+      HasSecurePasskey::Recovery.new(model: self, params:).run
+    end
+
     define_singleton_method :create_by_webauthn do |params:|
       authenticatable = new(HasSecurePasskey::OptionsForCreate.
         from_message(params[:webauthn_message]).authenticatable)
@@ -41,6 +45,14 @@ module HasSecurePasskey::ActiveRecordHelpers
         save
     end
 
+    define_method :reset_webauthn_id do
+      self.webauthn_id = self.class.webauthn_id
+    end
+
+    define_method :passkey_recovery_token do
+      to_sgid(expires_in: 1.hour, for: :recovery).to_s
+    end
+
     define_method :encode_webauthn_message do
       HasSecurePasskey::OptionsForCreate.new(authenticatable: self).message
     end

data/lib/has_secure_passkey/options_for_create.rb

@@ -28,7 +28,7 @@ class HasSecurePasskey::OptionsForCreate
   end
 
   def as_json
-    options
+    credential.as_json
   end
 
   def challenge

data/lib/has_secure_passkey/options_for_get.rb

@@ -22,7 +22,7 @@ class HasSecurePasskey::OptionsForGet
   end
 
   def as_json
-    { publicKey: credential.as_json }
+    credential.as_json
   end
 
   private

data/lib/has_secure_passkey/recovery.rb

@@ -0,0 +1,35 @@
+class HasSecurePasskey::Recovery
+  def initialize(model:, params:)
+    @model = model
+    @params = params
+  end
+
+  def run
+    old_passkeys = authenticatable.passkeys.to_a
+
+    ActiveRecord::Base.transaction do
+      (authenticatable.update(webauthn_id:) &&
+        authenticatable.add_passkey(params:) &&
+        old_passkeys.all?(&:destroy) && authenticatable) ||
+      raise(ActiveRecord::Rollback)
+    end
+  end
+
+  private
+
+  attr_reader :params, :model
+
+  def authenticatable
+    model.find(options.authenticatable[:id])
+  end
+
+  def webauthn_id
+    options.authenticatable[:webauthn_id]
+  end
+
+  def options
+    HasSecurePasskey::OptionsForCreate.from_message(params[:webauthn_message])
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    ""
+  end
+end

data/lib/has_secure_passkey/version.rb

@@ -1,3 +1,3 @@
 module HasSecurePasskey
-  VERSION = "0.2.7"
+  VERSION = "0.3.0"
 end

data/lib/has_secure_passkey.rb

@@ -9,4 +9,9 @@ require "has_secure_passkey/authenticate_by"
 require "has_secure_passkey/add_passkey"
 
 module HasSecurePasskey
+  def self.find_recovery_token(token)
+    GlobalID::Locator.
+      locate_signed(token, for: :recovery).
+      tap { it&.reset_webauthn_id } || raise(ActiveRecord::RecordNotFound)
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: has_secure_passkey
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 0.3.0
 platform: ruby
 authors:
 - Nick Pezza
 bindir: bin
 cert_chain: []
-date: 2025-02-23 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -84,6 +84,7 @@ files:
 - lib/has_secure_passkey/engine.rb
 - lib/has_secure_passkey/options_for_create.rb
 - lib/has_secure_passkey/options_for_get.rb
+- lib/has_secure_passkey/recovery.rb
 - lib/has_secure_passkey/version.rb
 - lib/tasks/has_secure_passkey_tasks.rake
 homepage: https://github.com/npezza93/has_secure_passkey
@@ -105,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.7.1
 specification_version: 4
 summary: Add passkey support to Rails
 test_files: []