RubyGems - passkeys-rails - Versions diffs - 0.1.0 - Mend

passkeys-rails 0.1.0

Files changed (38) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +32 -0
data/Rakefile +28 -0
data/app/assets/config/passkeys_rails_manifest.js +1 -0
data/app/assets/stylesheets/passkeys_rails/application.css +15 -0
data/app/controllers/passkeys_rails/application_controller.rb +22 -0
data/app/controllers/passkeys_rails/passkeys_controller.rb +61 -0
data/app/helpers/passkeys_rails/application_helper.rb +21 -0
data/app/helpers/passkeys_rails/passkeys_helper.rb +4 -0
data/app/interactors/passkeys_rails/begin_authentication.rb +9 -0
data/app/interactors/passkeys_rails/begin_challenge.rb +35 -0
data/app/interactors/passkeys_rails/begin_registration.rb +23 -0
data/app/interactors/passkeys_rails/finish_authentication.rb +53 -0
data/app/interactors/passkeys_rails/finish_registration.rb +77 -0
data/app/interactors/passkeys_rails/generate_auth_token.rb +27 -0
data/app/interactors/passkeys_rails/refresh_token.rb +17 -0
data/app/interactors/passkeys_rails/validate_auth_token.rb +33 -0
data/app/models/concerns/passkeys_rails/authenticatable.rb +17 -0
data/app/models/passkeys_rails/agent.rb +15 -0
data/app/models/passkeys_rails/application_record.rb +5 -0
data/app/models/passkeys_rails/error.rb +14 -0
data/app/models/passkeys_rails/passkey.rb +8 -0
data/app/views/layouts/passkeys_rails/application.html.erb +15 -0
data/config/routes.rb +6 -0
data/db/migrate/20230620012530_create_passkeys_rails_agents.rb +18 -0
data/db/migrate/20230620012600_create_passkeys_rails_passkeys.rb +12 -0
data/lib/generators/passkeys_rails/USAGE +10 -0
data/lib/generators/passkeys_rails/install_generator.rb +21 -0
data/lib/generators/passkeys_rails/templates/README +17 -0
data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb +24 -0
data/lib/passkeys_rails/engine.rb +24 -0
data/lib/passkeys_rails/error_middleware.rb +17 -0
data/lib/passkeys_rails/railtie.rb +17 -0
data/lib/passkeys_rails/version.rb +3 -0
data/lib/passkeys_rails.rb +38 -0
data/lib/tasks/passkeys_rails_tasks.rake +4 -0
metadata +413 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fd944c1cfd019fb6abe5f0ec87383d1b2b60146b237eb78cc3836a2143947f57
+  data.tar.gz: 66533dd94392e42e01c1bea10002c3331db983a73d5270f32caa9f13a9f34707
+SHA512:
+  metadata.gz: df0a42e46f2dfe8f414d3772215836b6f926a5421c2a7fde9dfbdaae13d4b04effbcc066e3278432b6936770e3822f8a2cf4dcbb44a2d23da48f8e6626b20f8a
+  data.tar.gz: 6d9acca7962dede01d787e961e585736ab4ab1c18d685031ba9409344636c96433282b45ef169101a64d6b6835144dcf9cde95dc5e1bc41dfb1ff2390034a1af

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2023 Troy Anderson
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,32 @@
+[![Build Status](https://app.travis-ci.com/alliedcode/passkeys-rails.svg?branch=main)](https://travis-ci.org/alliedcode/passkeys-rails)
+[![codecov](https://codecov.io/gh/alliedcode/passkeys-rails/branch/main/graph/badge.svg?token=UHSNJDUL21)](https://codecov.io/gh/alliedcode/passkeys-rails)
+# PasskeysRails
+Devise is awesome, but we don't need all that UI/UX for PassKeys.  This gem is to make it easy to provide a back end that authenticates a mobile front end with PassKeys.
+## Usage
+rails passkeys-rails::install
+PasskeysRails maintains an Agent model and related Passeys.  If you have a user model, add `include PasskeysRails::Authenticatable` to your model and include the name of that class (e.g. "User") in the authenticatable_class param when calling the register API.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem "passkeys_rails"
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install passkeys_rails
+```
+## Contributing
+Contribution directions go here.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,28 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+Bundler::GemHelper.install_tasks
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+end
+require "rubocop/rake_task"
+RuboCop::RakeTask.new do |task|
+  task.requires << 'rubocop-rails'
+  task.requires << 'rubocop-performance'
+  task.requires << 'rubocop-rspec'
+  task.requires << 'rubocop-rake'
+  task.requires << 'rubocop-factory_bot'
+end
+task default: %i[spec rubocop]

data/app/assets/config/passkeys_rails_manifest.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ //= link_directory ../stylesheets/passkeys_rails .css

data/app/assets/stylesheets/passkeys_rails/application.css ADDED Viewed

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/passkeys_rails/application_controller.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module PasskeysRails
+  class ApplicationController < ActionController::Base
+    rescue_from ::Interactor::Failure, with: :handle_interactor_failure
+    rescue_from ActionController::ParameterMissing, with: :handle_missing_parameter
+    protected
+    def handle_missing_parameter(error)
+      render_error(:authentication, 'missing_parameter', error.message)
+    end
+    def handle_interactor_failure(failure)
+      render_error(:authentication, failure.context.code, failure.context.message)
+    end
+    private
+    def render_error(context, code, message, status: :unprocessable_entity)
+      render json: { error: { context:, code:, message: } }, status:
+    end
+  end
+end

data/app/controllers/passkeys_rails/passkeys_controller.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module PasskeysRails
+  class PasskeysController < ApplicationController
+    def challenge
+      result = PasskeysRails::BeginChallenge.call!(username: challenge_params[:username])
+      # Store the challenge so we can verify the future register or authentication request
+      session[:passkeys_rails] = result.session_data
+      render json: result.response.as_json
+    end
+    def register
+      result = PasskeysRails::FinishRegistration.call!(credential: attestation_credential_params.to_h,
+                                                       authenticatable_class:,
+                                                       username: session.dig(:passkeys_rails, :username),
+                                                       challenge: session.dig(:passkeys_rails, :challenge))
+      render json: { username: result.username, auth_token: result.auth_token }
+    end
+    def authenticate
+      result = PasskeysRails::FinishAuthentication.call!(credential: authentication_params.to_h,
+                                                         challenge: session.dig(:passkeys_rails, :challenge))
+      render json: { username: result.username, auth_token: result.auth_token }
+    end
+    def refresh
+      result = PasskeysRails::RefreshToken.call!(token: refresh_params[:auth_token])
+      render json: { username: result.username, auth_token: result.auth_token }
+    end
+    protected
+    def challenge_params
+      params.permit(:username)
+    end
+    def attestation_credential_params
+      credential = params.require(:credential)
+      credential.require(%i[id rawId type response])
+      credential.require(:response).require(%i[attestationObject clientDataJSON])
+      credential.permit(:id, :rawId, :type, { response: %i[attestationObject clientDataJSON] })
+    end
+    def authenticatable_class
+      params[:authenticatable_class]
+    end
+    def authentication_params
+      params.require(%i[id rawId type response])
+      params.require(:response).require(%i[authenticatorData clientDataJSON signature userHandle])
+      params.permit(:id, :rawId, :type, { response: %i[authenticatorData clientDataJSON signature userHandle] })
+    end
+    def refresh_params
+      params.require(:auth_token)
+      params.permit(:auth_token)
+    end
+  end
+end

data/app/helpers/passkeys_rails/application_helper.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module PasskeysRails
+  module ApplicationHelper
+    def current_agent
+      return nil if request.headers['HTTP_X_AUTH'].blank?
+      @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
+    end
+    def authenticate!
+      return if validated_auth_token.success?
+      raise PasskeysRails::Error.new(:authentication,
+                                     code: :unauthorized,
+                                     message: "You are not authorized to access this resource.")
+    end
+    def validated_auth_token
+      @validated_auth_token ||= ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
+    end
+  end
+end

data/app/helpers/passkeys_rails/passkeys_helper.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module PasskeysRails
+  module PasskeysHelper
+  end
+end

data/app/interactors/passkeys_rails/begin_authentication.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module PasskeysRails
+  class BeginAuthentication
+    include Interactor
+    def call
+      context.options = WebAuthn::Credential.options_for_get
+    end
+  end
+end

data/app/interactors/passkeys_rails/begin_challenge.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module PasskeysRails
+  class BeginChallenge
+    include Interactor
+    delegate :username, to: :context
+    def call
+      result = generate_challenge!
+      options = result.options
+      context.response = options
+      context.session_data = session_data(options)
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+    private
+    def generate_challenge!
+      if username.present?
+        BeginRegistration.call!(username:)
+      else
+        BeginAuthentication.call!
+      end
+    end
+    def session_data(options)
+      {
+        username:,
+        challenge: WebAuthn.standard_encoder.encode(options.challenge)
+      }
+    end
+  end
+end

data/app/interactors/passkeys_rails/begin_registration.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module PasskeysRails
+  class BeginRegistration
+    include Interactor
+    delegate :username, to: :context
+    def call
+      agent = create_unregistered_agent
+      context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
+    end
+    private
+    def create_unregistered_agent
+      agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
+      context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?
+      agent
+    end
+  end
+end

data/app/interactors/passkeys_rails/finish_authentication.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# Finish authentication ceremony
+module PasskeysRails
+  class FinishAuthentication
+    include Interactor
+    delegate :credential, :challenge, to: :context
+    def call
+      verify_credential!
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+    private
+    def verify_credential!
+      webauthn_credential.verify(
+        challenge,
+        public_key: passkey.public_key,
+        sign_count: passkey.sign_count
+      )
+      passkey.update!(sign_count: webauthn_credential.sign_count)
+      agent.update!(last_authenticated_at: Time.current)
+    rescue WebAuthn::SignCountVerificationError
+      # Cryptographic verification of the authenticator data succeeded, but the signature counter was less than or equal
+      # to the stored value. This can have several reasons and depending on your risk tolerance you can choose to fail or
+      # pass authentication. For more information see https://www.w3.org/TR/webauthn/#sign-counter
+    rescue WebAuthn::Error => e
+      context.fail!(code: :webauthn_error, message: e.message)
+    end
+    def webauthn_credential
+      @webauthn_credential ||= WebAuthn::Credential.from_get(credential)
+    end
+    def passkey
+      @passkey ||= begin
+        passkey = Passkey.find_by(identifier: webauthn_credential.id)
+        context.fail!(code: :passkey_not_found, message: "Unable to find the specified passkey") if passkey.blank?
+        passkey
+      end
+    end
+    def agent
+      passkey.agent
+    end
+  end
+end

data/app/interactors/passkeys_rails/finish_registration.rb ADDED Viewed

@@ -0,0 +1,77 @@
+# Finish registration ceremony
+module PasskeysRails
+  class FinishRegistration
+    include Interactor
+    delegate :credential, :username, :challenge, :authenticatable_class, to: :context
+    def call
+      verify_credential!
+      store_passkey_and_register_agent!
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+    private
+    def verify_credential!
+      webauthn_credential.verify(challenge)
+    rescue WebAuthn::Error => e
+      context.fail!(code: :webauthn_error, message: e.message)
+    rescue StandardError => e
+      context.fail!(code: :error, message: e.message)
+    end
+    def store_passkey_and_register_agent!
+      agent.transaction do
+        begin
+          # Store Credential ID, Credential Public Key and Sign Count for future authentications
+          agent.passkeys.create!(
+            identifier: webauthn_credential.id,
+            public_key: webauthn_credential.public_key,
+            sign_count: webauthn_credential.sign_count
+          )
+          agent.update! registered_at: Time.current
+        rescue StandardError => e
+          context.fail! code: :passkey_error, message: e.message
+        end
+        create_authenticatable! if authenticatable_class.present?
+      end
+    end
+    def create_authenticatable!
+      klass = begin
+        authenticatable_class.constantize
+      rescue StandardError
+        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
+      end
+      begin
+        authenticatable = klass.create! do |obj|
+          obj.registering_with(agent) if obj.respond_to?(:registering_with)
+        end
+        agent.update!(authenticatable:)
+      rescue ActiveRecord::RecordInvalid => e
+        context.fail!(code: :record_invalid, message: e.message)
+      end
+    end
+    def webauthn_credential
+      @webauthn_credential ||= WebAuthn::Credential.from_create(credential)
+    end
+    def agent
+      @agent ||= begin
+        agent = Agent.find_by(username:)
+        context.fail!(code: :agent_not_found, message: "Agent not found for session value: \"#{username}\"") if agent.blank?
+        agent
+      end
+    end
+  end
+end

data/app/interactors/passkeys_rails/generate_auth_token.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module PasskeysRails
+  class GenerateAuthToken
+    include Interactor
+    delegate :agent, to: :context
+    def call
+      context.auth_token = generate_auth_token
+    end
+    private
+    def generate_auth_token
+      JWT.encode(jwt_payload,
+                 PasskeysRails.auth_token_secret,
+                 PasskeysRails.auth_token_algorithm)
+    end
+    def jwt_payload
+      expiration = (Time.current + PasskeysRails.auth_token_expires_in).to_i
+      payload = { agent_id: agent.id }
+      payload[:exp] = expiration unless expiration.zero?
+      payload
+    end
+  end
+end

data/app/interactors/passkeys_rails/refresh_token.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# Finish authentication ceremony
+module PasskeysRails
+  class RefreshToken
+    include Interactor
+    delegate :token, to: :context
+    def call
+      agent = ValidateAuthToken.call!(auth_token: token).agent
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+  end
+end

data/app/interactors/passkeys_rails/validate_auth_token.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module PasskeysRails
+  class ValidateAuthToken
+    include Interactor
+    delegate :auth_token, to: :context
+    def call
+      context.fail!(code: :missing_token, message: "X-Auth header is required") if auth_token.blank?
+      context.agent = fetch_agent
+    end
+    private
+    def fetch_agent
+      agent = Agent.find_by(id: payload['agent_id'])
+      context.fail!(code: :invalid_token, message: "Invalid token - no agent exists with agent_id") if agent.blank?
+      agent
+    end
+    def payload
+      JWT.decode(auth_token,
+                 PasskeysRails.auth_token_secret,
+                 true,
+                 { required_claims: %w[exp agent_id], algorithm: PasskeysRails.auth_token_algorithm }).first
+    rescue JWT::ExpiredSignature
+      context.fail!(code: :expired_token, message: "The token has expired")
+    rescue StandardError => e
+      context.fail!(code: :token_error, message: e.message)
+    end
+  end
+end

data/app/models/concerns/passkeys_rails/authenticatable.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'active_support/concern'
+module PasskeysRails
+  module Authenticatable
+    extend ActiveSupport::Concern
+    included do
+      has_one :agent, as: :authenticatable
+      delegate :registered?, to: :agent, allow_nil: true
+      def registering_with(_agent)
+        # initialize required attributes
+      end
+    end
+  end
+end

data/app/models/passkeys_rails/agent.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module PasskeysRails
+  class Agent < ApplicationRecord
+    belongs_to :authenticatable, polymorphic: true, optional: true
+    has_many :passkeys
+    scope :registered, -> { where.not registered_at: nil }
+    scope :unregistered, -> { where registered_at: nil }
+    validates :username, presence: true, uniqueness: true
+    def registered?
+      registered_at.present?
+    end
+  end
+end

data/app/models/passkeys_rails/application_record.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module PasskeysRails
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/passkeys_rails/error.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module PasskeysRails
+  class Error < StandardError
+    attr_reader :hash
+    def initialize(message, hash = {})
+      @hash = hash
+      super(message)
+    end
+    def to_h
+      { error: hash.merge(context: message) }
+    end
+  end
+end

data/app/models/passkeys_rails/passkey.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module PasskeysRails
+  class Passkey < ApplicationRecord
+    belongs_to :agent
+    validates :identifier, presence: true, uniqueness: true
+    validates :public_key, presence: true
+    validates :sign_count, presence: true
+  end
+end

data/app/views/layouts/passkeys_rails/application.html.erb ADDED Viewed

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Mobile pass</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+  <%= stylesheet_link_tag "passkeys_rails/application", media: "all" %>
+</head>
+<body>
+<%= yield %>
+</body>
+</html>

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,6 @@
+PasskeysRails::Engine.routes.draw do
+  post 'passkeys/challenge'
+  post 'passkeys/register'
+  post 'passkeys/authenticate'
+  post 'passkeys/refresh'
+end

data/db/migrate/20230620012530_create_passkeys_rails_agents.rb ADDED Viewed

@@ -0,0 +1,18 @@
+class CreatePasskeysRailsAgents < ActiveRecord::Migration[7.0]
+  def change
+    create_table :passkeys_rails_agents do |t|
+      t.string :username, null: false
+      t.references :authenticatable, polymorphic: true
+      t.string :webauthn_identifier
+      t.datetime :registered_at
+      t.datetime :last_authenticated_at
+      t.timestamps
+    end
+    # Make the authenticatable index enforce uniqueness
+    remove_index :passkeys_rails_agents, %i[authenticatable_type authenticatable_id], name: 'index_passkeys_rails_agents_on_authenticatable'
+    add_index :passkeys_rails_agents, %i[authenticatable_type authenticatable_id], unique: true, name: 'index_passkeys_rails_agents_on_authenticatable'
+    add_index :passkeys_rails_agents, :username, unique: true
+  end
+end

data/db/migrate/20230620012600_create_passkeys_rails_passkeys.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreatePasskeysRailsPasskeys < ActiveRecord::Migration[7.0]
+  def change
+    create_table :passkeys_rails_passkeys do |t|
+      t.string :identifier
+      t.string :public_key
+      t.integer :sign_count
+      t.references :agent, null: false, foreign_key: { to_table: :passkeys_rails_agents }
+      t.timestamps
+    end
+  end
+end

data/lib/generators/passkeys_rails/USAGE ADDED Viewed

@@ -0,0 +1,10 @@
+Description:
+    Creates a PasskeysRails config file, updates the routes and adds migrations.
+Example:
+    bin/rails generate passkeys-rails:install
+    This will:
+        create config/passkeys_rails.rb
+        add database migrations
+        update routes to mount the passkeys_rails engine

data/lib/generators/passkeys_rails/install_generator.rb ADDED Viewed

@@ -0,0 +1,21 @@
+require 'rails/generators'
+module PasskeysRails
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+      def copy_config
+        template 'passkeys_rails_config.rb', "config/initializers/passkeys_rails.rb"
+      end
+      def add_routes
+        route 'mount PasskeysRails::Engine => "/passkeys_rails"'
+      end
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/passkeys_rails/templates/README ADDED Viewed

@@ -0,0 +1,17 @@
+===============================================================================
+Depending on your application's configuration some manual setup may be required:
+  1. Add a before_action to all controllers that require authentication to use.
+     For example:
+        before_action :authitencate_passkey!, except: [:index]
+  2. Optionally include PasskeysRails::Authenticatable to the model(s) you are using as
+     your user model(s).  For example, the User model.
+  3. See the reference mobile applications for how to use passkeys-rails for passkey
+     authentication.
+===============================================================================

data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'passkeys_rails'
+PasskeysRails.config do |c|
+  # Secret used to encode the auth token.
+  # Changing this value will invalidate all tokens that have been fetched
+  # through the API.
+  # Default is the application's `secret_key_base`.  You can change it below
+  # and use your own secret key.
+  #
+  # c.auth_token_secret = '<%= SecureRandom.hex(64) %>'
+  # Algorithm used to generate the auth token.
+  # Changing this value will invalidate all tokens that have been fetched
+  # through the API.
+  # Default is HS256
+  #
+  # c.auth_token_algorithm = "HS256"
+  # How long the auth token is valid before requiring a refresh or new login.
+  # Set it to 0 for no expiration (not recommended in production).
+  # Default is 30 days
+  #
+  # c.auth_token_expires_in = 30.days
+end

data/lib/passkeys_rails/engine.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require_relative 'error_middleware'
+module PasskeysRails
+  class Engine < ::Rails::Engine
+    isolate_namespace PasskeysRails
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_bot
+      g.factory_bot dir: 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+    config.to_prepare do
+      # include our helper methods in the host application's ApplicationController
+      ::ApplicationController.include ApplicationHelper
+    end
+    # provide a way to bail out of the render flow if needed
+    initializer 'passkeys_rails.configure.middleware' do |app|
+      app.middleware.use ErrorMiddleware
+    end
+  end
+end

data/lib/passkeys_rails/error_middleware.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module PasskeysRails
+  class ErrorMiddleware
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      begin
+        response = @app.call(env)
+      rescue Error => e
+        return [401, { 'Content-Type' => 'application/json' }, e.to_h.to_json]
+      end
+      response
+    end
+  end
+end

data/lib/passkeys_rails/railtie.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'passkeys_rails'
+require 'rails'
+module PasskeysRails
+  class Railtie < Rails::Railtie
+    railtie_name :passkeys_rails
+    rake_tasks do
+      path = File.expand_path(__dir__)
+      Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+    end
+    generators do
+      require "generators/passkeys_rails/install_generator"
+    end
+  end
+end

data/lib/passkeys_rails/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module PasskeysRails
+  VERSION = "0.1.0".freeze
+end

data/lib/passkeys_rails.rb ADDED Viewed

@@ -0,0 +1,38 @@
+require_relative "passkeys_rails/version"
+require_relative "passkeys_rails/engine"
+require_relative "generators/passkeys_rails/install_generator"
+require "rails"
+require "active_support/core_ext/numeric/time"
+require "active_support/dependencies"
+require "interactor"
+require "jwt"
+require "webauthn"
+module PasskeysRails
+  # Secret used to encode the auth token.
+  # Rails.application.secret_key_base is used if none is defined here.
+  # Changing this value will invalidate all tokens that have been fetched
+  # through the API.
+  mattr_accessor(:auth_token_secret)
+  # Algorithm used to generate the auth token.
+  # Changing this value will invalidate all tokens that have been fetched
+  # through the API.
+  mattr_accessor :auth_token_algorithm, default: "HS256"
+  # How long the auth token is valid before requiring a refresh or new login.
+  # Set it to 0 for no expiration (not recommended in production).
+  mattr_accessor :auth_token_expires_in, default: 30.days
+  class << self
+    def config
+      yield self
+    end
+  end
+  require 'passkeys_rails/railtie' if defined?(Rails)
+end
+ActiveSupport.on_load(:before_initialize) do
+  PasskeysRails.auth_token_secret ||= Rails.application.secret_key_base
+end

data/lib/tasks/passkeys_rails_tasks.rake ADDED Viewed

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :passkeys_rails do
+#   # Task goes here
+# end

metadata ADDED Viewed

@@ -0,0 +1,413 @@
+--- !ruby/object:Gem::Specification
+name: passkeys-rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Troy Anderson
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-07-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.5
+- !ruby/object:Gem::Dependency
+  name: interactor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.2
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+- !ruby/object:Gem::Dependency
+  name: webauthn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.8.1
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.6.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.6.5
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: sprockets-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.3
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.12
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.12
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
+- !ruby/object:Gem::Dependency
+  name: reek
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+- !ruby/object:Gem::Dependency
+  name: generator_spec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.4
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.3
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.18.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.18.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.20.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.20.2
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.22.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.22.0
+description: Devise is awesome, but we don't need all that UI/UX for PassKeys.  This
+  gem is to make it easy to provide a back end that authenticates a mobile front end
+  with PassKeys.
+email:
+- troy@alliedcode.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/passkeys_rails_manifest.js
+- app/assets/stylesheets/passkeys_rails/application.css
+- app/controllers/passkeys_rails/application_controller.rb
+- app/controllers/passkeys_rails/passkeys_controller.rb
+- app/helpers/passkeys_rails/application_helper.rb
+- app/helpers/passkeys_rails/passkeys_helper.rb
+- app/interactors/passkeys_rails/begin_authentication.rb
+- app/interactors/passkeys_rails/begin_challenge.rb
+- app/interactors/passkeys_rails/begin_registration.rb
+- app/interactors/passkeys_rails/finish_authentication.rb
+- app/interactors/passkeys_rails/finish_registration.rb
+- app/interactors/passkeys_rails/generate_auth_token.rb
+- app/interactors/passkeys_rails/refresh_token.rb
+- app/interactors/passkeys_rails/validate_auth_token.rb
+- app/models/concerns/passkeys_rails/authenticatable.rb
+- app/models/passkeys_rails/agent.rb
+- app/models/passkeys_rails/application_record.rb
+- app/models/passkeys_rails/error.rb
+- app/models/passkeys_rails/passkey.rb
+- app/views/layouts/passkeys_rails/application.html.erb
+- config/routes.rb
+- db/migrate/20230620012530_create_passkeys_rails_agents.rb
+- db/migrate/20230620012600_create_passkeys_rails_passkeys.rb
+- lib/generators/passkeys_rails/USAGE
+- lib/generators/passkeys_rails/install_generator.rb
+- lib/generators/passkeys_rails/templates/README
+- lib/generators/passkeys_rails/templates/passkeys_rails_config.rb
+- lib/passkeys_rails.rb
+- lib/passkeys_rails/engine.rb
+- lib/passkeys_rails/error_middleware.rb
+- lib/passkeys_rails/railtie.rb
+- lib/passkeys_rails/version.rb
+- lib/tasks/passkeys_rails_tasks.rake
+homepage: https://github.com/alliedcode/passkeys-rails
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/alliedcode/passkeys-rails
+  source_code_uri: https://github.com/alliedcode/passkeys-rails
+  changelog_uri: https://github.com/alliedcode/passkeys-rails/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.12
+signing_key:
+specification_version: 4
+summary: PassKey authentication back end with simple API
+test_files: []