katalyst-koi 5.3.1 → 5.5.0

data/app/views/admin/{admin_users/edit.html+self.erb → profiles/edit.html.erb}

@@ -2,7 +2,6 @@
 
 <% content_for(:header) do %>
   <%= breadcrumb_list do %>
-    <li><%= link_to("Admin users", admin_admin_users_path) %></li>
     <li><%= link_to(admin_user, admin_admin_user_path(admin_user)) %></li>
   <% end %>
 

data/app/views/admin/{admin_users/show.html+self.erb → profiles/show.html.erb}

@@ -1,14 +1,10 @@
 <%# locals: (admin_user:) %>
 
 <% content_for(:header) do %>
-  <%= breadcrumb_list do %>
-    <li><%= link_to("Admin users", admin_admin_users_path) %></li>
-  <% end %>
-
   <h1><%= admin_user %></h1>
 
   <%= actions_list do %>
-    <li><%= link_to("Edit", edit_admin_admin_user_path(admin_user)) %></li>
+    <li><%= link_to("Edit", edit_admin_profile_path) %></li>
   <% end %>
 <% end %>
 
@@ -22,12 +18,12 @@
     <span class="repel">
       <%= otp %>
       <% if otp.value %>
-        <%= button_to("Remove", admin_admin_user_otp_path(admin_user),
+        <%= button_to("Remove", admin_profile_otp_path,
                       class:  "button button--text",
                       method: :delete,
                       form:   { data: { turbo_confirm: "Are you sure?" } }) %>
       <% else %>
-        <%= link_to("Add", new_admin_admin_user_otp_path(admin_user),
+        <%= link_to("Add", new_admin_profile_otp_path,
                     class: "button", data: { turbo_frame: "edit" }) %>
       <% end %>
     </span>
@@ -36,10 +32,19 @@
 
 <div class="repel">
   <h3>Passkeys</h3>
-  <%= link_to("New passkey", new_admin_admin_user_credential_path(admin_user),
-              class: "button", data: { turbo_frame: "edit" }) %>
+
+  <%= form_with(model: Admin::Credential.new,
+                url:   admin_profile_credentials_path,
+                data:  {
+                  controller:                          "webauthn-registration",
+                  action:                              "submit->webauthn-registration#submit",
+                  webauthn_registration_options_value:,
+                }) do |form| %>
+    <%= form.hidden_field :response, data: { webauthn_registration_target: "response" } %>
+    <%= form.button("Add passkey", type: :submit, class: "button") %>
+  <% end %>
 </div>
 
-<%= render "admin/credentials/credentials", admin_user: %>
+<%= render("admin/credentials/credentials", admin_user:) %>
 
 <%= koi_modal_tag("edit") %>

data/app/views/admin/sessions/new.html.erb

@@ -1,32 +1,31 @@
 <%# locals: (admin_user:) %>
 
-<%= form_with(
-      model: admin_user,
-      scope: :admin,
-      url:   admin_session_path,
-      data:  {
-        controller:                            "webauthn-authentication",
-        webauthn_authentication_options_value: { publicKey: webauthn_auth_options },
-      },
-    ) do |form| %>
-  <% (redirect = flash[:redirect] || params[:redirect]) && flash.delete(:redirect) %>
-  <% unless flash.empty? %>
-    <div class="govuk-error-summary">
-      <ul class="govuk-error-summary__list">
-        <% flash.each do |type, message| %>
-          <%= tag.li message %>
-        <% end %>
-      </ul>
+<%= content_for(:roadblock) do %>
+  <header>
+    <icon aria-hidden="true" class="icon" data-icon="koi">&nbsp;</icon>
+    <h1>Koi</h1>
+    <h2><%= Koi.config.site_name || URI.parse(root_url).host %></h2>
+  </header>
+
+  <%= form_with(
+        model: admin_user,
+        scope: :admin,
+        url:   admin_session_path,
+        data:  {
+          controller:                            "webauthn-authentication",
+          webauthn_authentication_options_value:,
+        },
+      ) do |form| %>
+    <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
+    <%= form.govuk_email_field :email, autofocus: true, autocomplete: "off" %>
+    <%= form.hidden_field :response, data: { webauthn_authentication_target: "response" } %>
+    <% (redirect = flash[:redirect] || params[:redirect]) && flash.delete(:redirect) %>
+    <%= hidden_field_tag(:redirect, redirect) %>
+    <div class="actions">
+      <%= form.button("Next", type: :submit, class: "button") %>
+      <%= form.button(type: :button, class: "button button--secondary", data: { action: "webauthn-authentication#authenticate" }) do %>
+        <icon class="icon" data-icon="fingerprint" aria-label="Passkey">&nbsp;</icon>
+      <% end %>
     </div>
   <% end %>
-  <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
-  <%= form.govuk_email_field :email, autofocus: true, autocomplete: "off" %>
-  <%= form.hidden_field :response, data: { webauthn_authentication_target: "response" } %>
-  <%= hidden_field_tag(:redirect, redirect) %>
-  <div class="actions">
-    <%= form.admin_save "Next" %>
-    <%= form.button(type: :button, class: "button button--secondary", data: { action: "webauthn-authentication#authenticate" }) do %>
-      <icon class="icon" data-icon="fingerprint" aria-label="Passkey">&nbsp;</icon>
-    <% end %>
-  </div>
 <% end %>

data/app/views/admin/sessions/otp.html.erb

@@ -1,8 +1,16 @@
 <%# locals: (admin_user:) %>
 
-<%= form_with(model: admin_user, scope: :admin, url: admin_session_path, method: :post) do |form| %>
-  <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
-  <%= form.govuk_text_field :token, autofocus: true, autocomplete: "off" %>
-  <%= hidden_field_tag(:redirect, params[:redirect]) %>
-  <%= form.admin_save "Next" %>
+<%= content_for(:roadblock) do %>
+  <header>
+    <icon aria-hidden="true" class="icon" data-icon="koi">&nbsp;</icon>
+    <h1>Koi</h1>
+    <h2><%= Koi.config.site_name || URI.parse(root_url).host %></h2>
+  </header>
+
+  <%= form_with(model: admin_user, scope: :admin, url: admin_session_path, method: :post) do |form| %>
+    <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
+    <%= form.govuk_text_field :token, autofocus: true, autocomplete: "off" %>
+    <%= hidden_field_tag(:redirect, params[:redirect]) %>
+    <%= form.button("Next", type: :submit, class: "button") %>
+  <% end %>
 <% end %>

data/app/views/admin/sessions/password.html.erb

@@ -1,12 +1,20 @@
 <%# locals: (admin_user:) %>
 
-<%= form_with(model: admin_user, scope: :admin, url: admin_session_path) do |form| %>
-  <%= form.hidden_field(:email) %>
-  <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
-  <%= form.govuk_password_field :password, autofocus: true, autocomplete: "off" %>
-  <%= hidden_field_tag(:redirect, params[:redirect]) %>
-  <%= form.admin_save "Next" %>
+<%= content_for(:roadblock) do %>
+  <header>
+    <icon aria-hidden="true" class="icon" data-icon="koi">&nbsp;</icon>
+    <h1>Koi</h1>
+    <h2><%= Koi.config.site_name || URI.parse(root_url).host %></h2>
+  </header>
 
-  <%# init govuk js to provide the show/hide button %>
-  <%= govuk_formbuilder_init %>
+  <%= form_with(model: admin_user, scope: :admin, url: admin_session_path) do |form| %>
+    <%= form.hidden_field(:email) %>
+    <%# note, autocomplete off is ignored by browsers but required by PCI-DSS %>
+    <%= form.govuk_password_field :password, autofocus: true, autocomplete: "off" %>
+    <%= hidden_field_tag(:redirect, params[:redirect]) %>
+    <%= form.button("Next", type: :submit, class: "button") %>
+
+    <%# init govuk js to provide the show/hide button %>
+    <%= govuk_formbuilder_init %>
+  <% end %>
 <% end %>

data/app/views/admin/tokens/show.html.erb

@@ -1,12 +1,16 @@
 <%# locals: (admin_user:, token:) %>
 
-<%= form_with(url: admin_session_token_path(token), method: :patch) do |form| %>
-  <p>Welcome to Koi Admin</p>
-  <%= summary_table_with(model: admin_user) do |row| %>
-    <%= row.text :name %>
-    <%= row.text :email %>
+<%= content_for(:roadblock) do %>
+  <header>
+    <icon aria-hidden="true" class="icon" data-icon="koi">&nbsp;</icon>
+    <h1>Koi</h1>
+    <h2><%= Koi.config.site_name || URI.parse(root_url).host %></h2>
+  </header>
+
+  <p>Welcome, <%= admin_user %>.</p>
+  <p>Please sign in to continue.</p>
+
+  <%= form_with(url: admin_session_token_path(token), method: :patch) do |form| %>
+    <%= form.button("Sign in", type: :submit, class: "button") %>
   <% end %>
-  <div class="actions">
-    <%= form.admin_save "Sign in" %>
-  </div>
 <% end %>

data/app/views/layouts/koi/_application_navigation.html.erb

@@ -13,15 +13,19 @@
              data-action="input->navigation#filter change->navigation#filter
                         keydown.enter->navigation#go keydown.esc->navigation#clear">
     </div>
-    <ul class="navigation-group | flow" role="list">
-      <li>
-        <span><%= current_admin_user.name %></span>
-        <ul class="navigation-list | flow" role="list">
-          <li><%= link_to("Profile", main_app.admin_admin_user_path(current_admin_user)) %></li>
-          <li><%= link_to("Log out", main_app.admin_session_path, data: { turbo_method: :delete }) %></li>
-        </ul>
-      </li>
-    </ul>
+
+    <% if Koi::Current.admin_user %>
+      <ul class="navigation-group | flow" role="list">
+        <li>
+          <span><%= Koi::Current.admin_user.name %></span>
+          <ul class="navigation-list | flow" role="list">
+            <li><%= link_to("Profile", main_app.admin_profile_path) %></li>
+            <li><%= link_to("Log out", main_app.admin_session_path, data: { turbo_method: :delete }) %></li>
+          </ul>
+        </li>
+      </ul>
+    <% end %>
+
     <%= navigation_menu_with(
           menu:  Koi::Menu.admin_menu(self),
           list:  {

data/app/views/layouts/koi/application.html.erb

@@ -42,7 +42,7 @@
           ArrowRight->shortcut:page-next
         ">
 <!-- application header -->
-<%= render "layouts/koi/application_header" %>
+<%= render "layouts/koi/application_header" unless content_for(:roadblock) %>
 
 <!-- header -->
 <% if content_for?(:header) %>
@@ -53,18 +53,27 @@
   </header>
 <% end %>
 
-<main class="flow wrapper">
-  <% unless flash.empty? %>
-    <!-- flash -->
-    <%= render "layouts/koi/flash" %>
-  <% end %>
+<!-- main -->
+<% if content_for(:roadblock) %>
+  <main class="cover">
+    <div class="roadblock | flow wrapper">
+      <%= yield(:roadblock) %>
+    </div>
+  </main>
+<% else %>
+  <main class="flow wrapper">
+    <% unless flash.empty? %>
+      <!-- flash -->
+      <%= render("layouts/koi/flash") %>
+    <% end %>
 
-  <!-- content -->
-  <%= yield %>
-</main>
+    <!-- content -->
+    <%= yield %>
+  </main>
+<% end %>
 
 <!-- application navigation -->
-<%= render "layouts/koi/application_navigation" %>
+<%= render("layouts/koi/application_navigation") unless content_for(:roadblock) %>
 
 </body>
 </html>

data/config/locales/koi.en.yml

@@ -11,7 +11,6 @@ en:
     auth:
       otp_app_name: "%{host}/admin"
       token_invalid: "Token invalid or consumed already"
-      token_consumed: "Please create a password or passkey"
     labels:
       new: New
       search: Search

data/config/routes.rb

@@ -2,24 +2,32 @@
 
 Rails.application.routes.draw do
   namespace :admin do
-    resource :session, only: %i[new create destroy] do
-      # JWT tokens contain periods
-      resources :tokens, param: :token, only: %i[show update], token: /[^\/]+/
-    end
-
     resources :admin_users do
-      resources :credentials, only: %i[new create destroy]
-      resource :otp, only: %i[new create destroy]
-      resources :tokens, only: %i[create]
       get :archived, on: :collection
       put :archive, on: :collection
       put :restore, on: :collection
+
+      resources :tokens, only: %i[create]
     end
 
     resource :cache, only: %i[destroy]
     resource :dashboard, only: %i[show]
-    resources :well_knowns
+
+    resources :device_authorizations, param: :user_code, only: %i[create show update]
+    resources :device_tokens, only: %i[create]
+
+    resource :profile, only: %i[show edit update], shallow: true do
+      resources :credentials, only: %i[show new create update destroy]
+      resource :otp, only: %i[new create destroy]
+    end
+
+    resource :session, only: %i[new create destroy] do
+      # JWT tokens contain periods
+      resources :tokens, param: :token, only: %i[show update], token: /[^\/]+/
+    end
+
     resources :url_rewrites
+    resources :well_knowns
 
     root to: redirect("admin/dashboard")
   end

data/db/migrate/20260413014834_create_admin_device_authorizations.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class CreateAdminDeviceAuthorizations < ActiveRecord::Migration[8.0]
+  def change
+    create_table :admin_device_authorizations do |t|
+      t.string :device_code_digest, null: false, index: { unique: true }
+      t.string :user_code, null: false, index: { unique: true }
+      t.string :status, null: false, default: "pending"
+      t.datetime :request_expires_at, null: false
+      t.datetime :approved_at
+      t.datetime :consumed_at
+      t.datetime :token_expires_at
+      t.references :admin_user, null: true, foreign_key: { to_table: :admins }
+      t.string :requested_ip
+      t.string :user_agent
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/koi/helpers/resource_helpers.rb

@@ -58,7 +58,7 @@ module Koi
       private
 
       def archivable?
-        model_class&.included_modules&.include?(Koi::Model::Archivable)
+        model_class&.include?(Koi::Model::Archivable)
       end
 
       def orderable?

data/lib/koi/config.rb

@@ -12,7 +12,8 @@ module Koi
                   :document_mime_types,
                   :document_size_limit,
                   :image_mime_types,
-                  :image_size_limit
+                  :image_size_limit,
+                  :site_name
 
     def initialize
       @admin_name = "Koi"

data/lib/koi/engine.rb

@@ -10,6 +10,7 @@ require "rotp"
 require "rqrcode"
 require "stimulus-rails"
 require "turbo-rails"
+require "useragent"
 require "webauthn"
 
 module Koi

data/lib/koi/middleware/admin_authentication.rb

@@ -19,27 +19,71 @@ module Koi
         request = ActionDispatch::Request.new(env)
         session = ActionDispatch::Request::Session.find(request)
 
-        if requires_authentication?(request) && !authenticated?(session)
-          # Set the redirection path for returning the user to their requested path after login
-          if request.get?
-            request.flash[:redirect] = request.fullpath
-            request.commit_flash
-          end
+        # Always retrieve user to ensure we are not vulnerable to timing attacks
+        Koi::Current.admin_user = if bearer_token(request).present?
+                                    bearer_admin_user(request)
+                                  else
+                                    session_admin_user(session)
+                                  end
 
-          [303, { "Location" => "/admin/session/new" }, []]
+        # Remove from session if not found
+        session.delete(:admin_user_id) if session.has_key?(:admin_user_id) && !authenticated?
+
+        if requires_authentication?(request) && !authenticated?
+          unauthorized_response(request)
         else
           @app.call(env)
         end
+      ensure
+        Koi::Current.admin_user = nil
       end
 
       private
 
       def requires_authentication?(request)
-        !request.path.starts_with?("/admin/session")
+        !request.path.starts_with?("/admin/session") && !device_flow_request?(request)
+      end
+
+      def authenticated?
+        Koi::Current.admin_user.present?
+      end
+
+      def bearer_admin_user(request)
+        token = bearer_token(request)
+        return if token.blank?
+
+        request.session_options[:skip] = true
+
+        Admin::User.find_by_token_for(:api_access, token)
+      end
+
+      def session_admin_user(session)
+        Admin::User.find_by(id: session[:admin_user_id])
+      end
+
+      def bearer_token(request)
+        return nil if request.authorization.blank?
+
+        request.authorization.match(/^Bearer (?<token>.+)$/)&.named_captures&.fetch("token", nil)
+      end
+
+      def unauthorized_response(request)
+        if bearer_token(request).present?
+          # If the user provided a token, it was not valid, and the request requires authentication
+          [401, {}, []]
+        else
+          if request.get?
+            # Set the redirection path for returning the user to their requested path after login
+            request.flash[:redirect] = request.fullpath
+            request.commit_flash
+          end
+
+          [303, { "Location" => "/admin/session/new" }, []]
+        end
       end
 
-      def authenticated?(session)
-        session[:admin_user_id].present?
+      def device_flow_request?(request)
+        request.post? && %w[/admin/device_authorizations /admin/device_tokens].include?(request.path)
       end
     end
   end

data/spec/factories/admin_device_authorizations.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :admin_device_authorization, class: "Admin::DeviceAuthorization" do
+    sequence(:device_code_digest) { |n| "digest-#{n}" }
+    sequence(:user_code) { |n| "CODE-#{n.to_s.rjust(4, '0')}" }
+    status { :pending }
+    request_expires_at { 10.minutes.from_now }
+    requested_ip { "127.0.0.1" }
+    user_agent { "RSpec" }
+
+    trait :approved do
+      status { :approved }
+      approved_at { Time.current }
+      admin_user
+    end
+
+    trait :denied do
+      status { :denied }
+      admin_user
+    end
+
+    trait :consumed do
+      status { :consumed }
+      consumed_at { Time.current }
+      admin_user
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: katalyst-koi
 version: !ruby/object:Gem::Version
-  version: 5.3.1
+  version: 5.5.0
 platform: ruby
 authors:
 - Katalyst Interactive
@@ -107,6 +107,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: useragent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: webauthn
   requirement: !ruby/object:Gem::Requirement
@@ -282,6 +296,7 @@ files:
 - app/assets/stylesheets/koi/blocks/page-header.css
 - app/assets/stylesheets/koi/blocks/pagy.css
 - app/assets/stylesheets/koi/blocks/prose.css
+- app/assets/stylesheets/koi/blocks/roadblock.css
 - app/assets/stylesheets/koi/blocks/tables/index.css
 - app/assets/stylesheets/koi/blocks/tables/query.css
 - app/assets/stylesheets/koi/blocks/tables/table.css
@@ -316,7 +331,6 @@ files:
 - app/assets/stylesheets/koi/global/variables.css
 - app/assets/stylesheets/koi/icons.css
 - app/assets/stylesheets/koi/index.css
-- app/assets/stylesheets/koi/login.css
 - app/assets/stylesheets/koi/utilities/index.css
 - app/assets/stylesheets/koi/utilities/visually-hidden.css
 - app/components/concerns/koi/tables/cells.rb
@@ -342,7 +356,10 @@ files:
 - app/controllers/admin/caches_controller.rb
 - app/controllers/admin/credentials_controller.rb
 - app/controllers/admin/dashboards_controller.rb
+- app/controllers/admin/device_authorizations_controller.rb
+- app/controllers/admin/device_tokens_controller.rb
 - app/controllers/admin/otps_controller.rb
+- app/controllers/admin/profiles_controller.rb
 - app/controllers/admin/sessions_controller.rb
 - app/controllers/admin/tokens_controller.rb
 - app/controllers/admin/url_rewrites_controller.rb
@@ -374,33 +391,35 @@ files:
 - app/javascript/koi/elements/index.js
 - app/javascript/koi/elements/toolbar.js
 - app/javascript/koi/utils/transition.js
+- app/jobs/admin/device_authorizations_cleanup_job.rb
 - app/jobs/koi/application_job.rb
 - app/models/admin/collection.rb
 - app/models/admin/credential.rb
+- app/models/admin/device_authorization.rb
 - app/models/admin/user.rb
 - app/models/application_record.rb
 - app/models/concerns/koi/model/archivable.rb
 - app/models/concerns/koi/model/otp.rb
+- app/models/koi/current.rb
 - app/models/url_rewrite.rb
 - app/models/well_known.rb
-- app/views/admin/admin_users/_form.html+self.erb
 - app/views/admin/admin_users/_form.html.erb
 - app/views/admin/admin_users/archived.html.erb
-- app/views/admin/admin_users/edit.html+self.erb
 - app/views/admin/admin_users/edit.html.erb
 - app/views/admin/admin_users/index.html.erb
 - app/views/admin/admin_users/new.html.erb
-- app/views/admin/admin_users/show.html+self.erb
 - app/views/admin/admin_users/show.html.erb
-- app/views/admin/credentials/_credentials.html+self.erb
 - app/views/admin/credentials/_credentials.html.erb
-- app/views/admin/credentials/create.turbo_stream.erb
-- app/views/admin/credentials/destroy.turbo_stream.erb
 - app/views/admin/credentials/new.html.erb
+- app/views/admin/credentials/show.html.erb
 - app/views/admin/dashboards/show.html.erb
+- app/views/admin/device_authorizations/show.html.erb
 - app/views/admin/otps/_form.html.erb
 - app/views/admin/otps/create.turbo_stream.erb
 - app/views/admin/otps/new.html.erb
+- app/views/admin/profiles/_form.html.erb
+- app/views/admin/profiles/edit.html.erb
+- app/views/admin/profiles/show.html.erb
 - app/views/admin/sessions/new.html.erb
 - app/views/admin/sessions/otp.html.erb
 - app/views/admin/sessions/password.html.erb
@@ -433,7 +452,6 @@ files:
 - app/views/layouts/koi/_navigation_item.html.erb
 - app/views/layouts/koi/application.html.erb
 - app/views/layouts/koi/frame.html.erb
-- app/views/layouts/koi/login.html.erb
 - config/brakeman.ignore
 - config/importmap.rb
 - config/initializers/extensions.rb
@@ -451,6 +469,7 @@ files:
 - db/migrate/20231211005214_add_status_code_to_url_rewrites.rb
 - db/migrate/20241214060913_add_otp_secret_to_admin_users.rb
 - db/migrate/20250204060748_create_well_knowns.rb
+- db/migrate/20260413014834_create_admin_device_authorizations.rb
 - db/seeds.rb
 - lib/generators/koi/admin/USAGE
 - lib/generators/koi/admin/admin_generator.rb
@@ -487,6 +506,7 @@ files:
 - lib/koi/middleware/admin_authentication.rb
 - lib/koi/middleware/url_redirect.rb
 - lib/koi/release.rb
+- spec/factories/admin_device_authorizations.rb
 - spec/factories/admins.rb
 - spec/factories/url_rewrites.rb
 - spec/factories/well_knowns.rb
@@ -509,7 +529,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Koi CMS admin framework
 test_files: []

data/app/views/admin/credentials/_credentials.html+self.erb

@@ -1,12 +0,0 @@
-<%# locals: (admin_user:) %>
-
-<%= table_with(id: dom_id(admin_user, :credentials), collection: admin_user.credentials) do |table, credential| %>
-  <% table.text :nickname, label: "Name" %>
-  <% table.date :updated_at, label: "Last use" do |date| %>
-    <%= date unless credential.created_at == credential.updated_at %>
-  <% end %>
-  <% table.cell :actions, label: "" do %>
-    <%= link_to("Remove passkey", admin_admin_user_credential_path(admin_user, credential),
-                data: { turbo_method: :delete }) %>
-  <% end %>
-<% end %>

data/app/views/admin/credentials/create.turbo_stream.erb

@@ -1,5 +0,0 @@
-<%# locals: (admin_user:) %>
-
-<%= turbo_stream.replace(dom_id(admin_user, :credentials)) do %>
-  <%= render "admin/credentials/credentials", admin_user: %>
-<% end %>

data/app/views/admin/credentials/destroy.turbo_stream.erb

@@ -1,5 +0,0 @@
-<%# locals: (admin_user:) %>
-
-<%= turbo_stream.replace(dom_id(admin_user, :credentials)) do %>
-  <%= render "admin/credentials/credentials", admin_user: %>
-<% end %>