passkeys-rails 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c6b2553d498c30365341aba0aad49eafd09c5b49dd5453bbad29c20a026ab39c
-  data.tar.gz: 795d362e15d977c47b5381a4fe5cc852cdd546a0fa8f81e5a5452343f2b4fa1e
+  metadata.gz: 84469b812d394ac75533be6f935292932f43fceab669d0842be1daa077abe7ee
+  data.tar.gz: 8430b3679760bc10af93da66835b549646e50bca94bb25fc008ec067a37e32b0
 SHA512:
-  metadata.gz: 15694fd664f6b60343ede055acfefdfef0d8378ffe386420e7cd5d996920fe19a9321ac1148f3e22605b85a8486cbd1f56999167a84be33f9acf950ea0e5e722
-  data.tar.gz: b6f224af15ee0feb2489c786eefe68293d4854b43b7dcf3a2d17dea4514497cdd5df5f80bd5941972918b4c05864529c62bbe694c09ff58540a87529216bf8f3
+  metadata.gz: 654a20573b11dae74154bc3b8576f7204d2694218732ec88fdb80004286d20dc8ef0426fbf2f186efc33645ff9ce8604e32cdf59cae9b77712af271255807103
+  data.tar.gz: cb5380598b67e0969ec619570729cea1e534a8e100942adbb9d4389ce9b1eba0937e35d359dd3d8eb2646965e5343519c5404eccefbe606fed1f5a25d9ca6b08

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+### 0.1.3
+
+* More restructuring and fixed issue where autoloading failed
+  during client app initialization.
+
 ### 0.1.2
 
 * Restructured lib directory.

data/README.md

@@ -1,4 +1,4 @@
-[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg)](https://badge.fury.io/rb/passkeys-rails)
+[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg?cachebust=1)](https://badge.fury.io/rb/passkeys-rails)
 [![Build Status](https://app.travis-ci.com/alliedcode/passkeys-rails.svg?branch=main)](https://travis-ci.org/alliedcode/passkeys-rails)
 [![codecov](https://codecov.io/gh/alliedcode/passkeys-rails/branch/main/graph/badge.svg?token=UHSNJDUL21)](https://codecov.io/gh/alliedcode/passkeys-rails)
 

data/app/controllers/concerns/passkeys/rails/authentication.rb

@@ -0,0 +1,29 @@
+module Passkeys::Rails
+  module Authentication
+    extend ActiveSupport::Concern
+
+    included do
+      rescue_from Passkeys::Rails::Error do |e|
+        render json: e.to_h, status: :unauthorized
+      end
+    end
+
+    def current_agent
+      return nil if request.headers['HTTP_X_AUTH'].blank?
+
+      @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
+    end
+
+    def authenticate_passkey!
+      return if validated_auth_token.success?
+
+      raise Passkeys::Rails::Error.new(:authentication,
+                                       code: :unauthorized,
+                                       message: "You are not authorized to access this resource.")
+    end
+
+    def validated_auth_token
+      @validated_auth_token ||= Passkeys::Rails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
+    end
+  end
+end

data/app/interactors/passkeys/rails/begin_authentication.rb

@@ -0,0 +1,9 @@
+module Passkeys::Rails
+  class BeginAuthentication
+    include Interactor
+
+    def call
+      context.options = WebAuthn::Credential.options_for_get
+    end
+  end
+end

data/app/interactors/passkeys/rails/begin_challenge.rb

@@ -0,0 +1,35 @@
+module Passkeys::Rails
+  class BeginChallenge
+    include Interactor
+
+    delegate :username, to: :context
+
+    def call
+      result = generate_challenge!
+
+      options = result.options
+
+      context.response = options
+      context.session_data = session_data(options)
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+
+    private
+
+    def generate_challenge!
+      if username.present?
+        BeginRegistration.call!(username:)
+      else
+        BeginAuthentication.call!
+      end
+    end
+
+    def session_data(options)
+      {
+        username:,
+        challenge: WebAuthn.standard_encoder.encode(options.challenge)
+      }
+    end
+  end
+end

data/app/interactors/passkeys/rails/begin_registration.rb

@@ -0,0 +1,23 @@
+module Passkeys::Rails
+  class BeginRegistration
+    include Interactor
+
+    delegate :username, to: :context
+
+    def call
+      agent = create_unregistered_agent
+
+      context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
+    end
+
+    private
+
+    def create_unregistered_agent
+      agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
+
+      context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?
+
+      agent
+    end
+  end
+end

data/app/interactors/passkeys/rails/finish_authentication.rb

@@ -0,0 +1,53 @@
+# Finish authentication ceremony
+module Passkeys::Rails
+  class FinishAuthentication
+    include Interactor
+
+    delegate :credential, :challenge, to: :context
+
+    def call
+      verify_credential!
+
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+
+    private
+
+    def verify_credential!
+      webauthn_credential.verify(
+        challenge,
+        public_key: passkey.public_key,
+        sign_count: passkey.sign_count
+      )
+
+      passkey.update!(sign_count: webauthn_credential.sign_count)
+      agent.update!(last_authenticated_at: Time.current)
+    rescue WebAuthn::SignCountVerificationError
+      # Cryptographic verification of the authenticator data succeeded, but the signature counter was less than or equal
+      # to the stored value. This can have several reasons and depending on your risk tolerance you can choose to fail or
+      # pass authentication. For more information see https://www.w3.org/TR/webauthn/#sign-counter
+    rescue WebAuthn::Error => e
+      context.fail!(code: :webauthn_error, message: e.message)
+    end
+
+    def webauthn_credential
+      @webauthn_credential ||= WebAuthn::Credential.from_get(credential)
+    end
+
+    def passkey
+      @passkey ||= begin
+        passkey = Passkey.find_by(identifier: webauthn_credential.id)
+        context.fail!(code: :passkey_not_found, message: "Unable to find the specified passkey") if passkey.blank?
+
+        passkey
+      end
+    end
+
+    def agent
+      passkey.agent
+    end
+  end
+end

data/app/interactors/passkeys/rails/finish_registration.rb

@@ -0,0 +1,77 @@
+# Finish registration ceremony
+module Passkeys::Rails
+  class FinishRegistration
+    include Interactor
+
+    delegate :credential, :username, :challenge, :authenticatable_class, to: :context
+
+    def call
+      verify_credential!
+      store_passkey_and_register_agent!
+
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+
+    private
+
+    def verify_credential!
+      webauthn_credential.verify(challenge)
+    rescue WebAuthn::Error => e
+      context.fail!(code: :webauthn_error, message: e.message)
+    rescue StandardError => e
+      context.fail!(code: :error, message: e.message)
+    end
+
+    def store_passkey_and_register_agent!
+      agent.transaction do
+        begin
+          # Store Credential ID, Credential Public Key and Sign Count for future authentications
+          agent.passkeys.create!(
+            identifier: webauthn_credential.id,
+            public_key: webauthn_credential.public_key,
+            sign_count: webauthn_credential.sign_count
+          )
+
+          agent.update! registered_at: Time.current
+        rescue StandardError => e
+          context.fail! code: :passkey_error, message: e.message
+        end
+
+        create_authenticatable! if authenticatable_class.present?
+      end
+    end
+
+    def create_authenticatable!
+      klass = begin
+        authenticatable_class.constantize
+      rescue StandardError
+        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
+      end
+
+      begin
+        authenticatable = klass.create! do |obj|
+          obj.registering_with(agent) if obj.respond_to?(:registering_with)
+        end
+        agent.update!(authenticatable:)
+      rescue ActiveRecord::RecordInvalid => e
+        context.fail!(code: :record_invalid, message: e.message)
+      end
+    end
+
+    def webauthn_credential
+      @webauthn_credential ||= WebAuthn::Credential.from_create(credential)
+    end
+
+    def agent
+      @agent ||= begin
+        agent = Agent.find_by(username:)
+        context.fail!(code: :agent_not_found, message: "Agent not found for session value: \"#{username}\"") if agent.blank?
+
+        agent
+      end
+    end
+  end
+end

data/app/interactors/passkeys/rails/generate_auth_token.rb

@@ -0,0 +1,27 @@
+module Passkeys::Rails
+  class GenerateAuthToken
+    include Interactor
+
+    delegate :agent, to: :context
+
+    def call
+      context.auth_token = generate_auth_token
+    end
+
+    private
+
+    def generate_auth_token
+      JWT.encode(jwt_payload,
+                 Passkeys::Rails.auth_token_secret,
+                 Passkeys::Rails.auth_token_algorithm)
+    end
+
+    def jwt_payload
+      expiration = (Time.current + Passkeys::Rails.auth_token_expires_in).to_i
+
+      payload = { agent_id: agent.id }
+      payload[:exp] = expiration unless expiration.zero?
+      payload
+    end
+  end
+end

data/app/interactors/passkeys/rails/refresh_token.rb

@@ -0,0 +1,17 @@
+# Finish authentication ceremony
+module Passkeys::Rails
+  class RefreshToken
+    include Interactor
+
+    delegate :token, to: :context
+
+    def call
+      agent = ValidateAuthToken.call!(auth_token: token).agent
+
+      context.username = agent.username
+      context.auth_token = GenerateAuthToken.call!(agent:).auth_token
+    rescue Interactor::Failure => e
+      context.fail! code: e.context.code, message: e.context.message
+    end
+  end
+end

data/app/interactors/passkeys/rails/validate_auth_token.rb

@@ -0,0 +1,33 @@
+module Passkeys::Rails
+  class ValidateAuthToken
+    include Interactor
+
+    delegate :auth_token, to: :context
+
+    def call
+      context.fail!(code: :missing_token, message: "X-Auth header is required") if auth_token.blank?
+
+      context.agent = fetch_agent
+    end
+
+    private
+
+    def fetch_agent
+      agent = Agent.find_by(id: payload['agent_id'])
+      context.fail!(code: :invalid_token, message: "Invalid token - no agent exists with agent_id") if agent.blank?
+
+      agent
+    end
+
+    def payload
+      JWT.decode(auth_token,
+                 Passkeys::Rails.auth_token_secret,
+                 true,
+                 { required_claims: %w[exp agent_id], algorithm: Passkeys::Rails.auth_token_algorithm }).first
+    rescue JWT::ExpiredSignature
+      context.fail!(code: :expired_token, message: "The token has expired")
+    rescue StandardError => e
+      context.fail!(code: :token_error, message: e.message)
+    end
+  end
+end

data/app/models/concerns/passkeys/rails/authenticatable.rb

@@ -1,18 +1,16 @@
 require 'active_support/concern'
 
-module Passkeys
-  module Rails
-    module Authenticatable
-      extend ActiveSupport::Concern
+module Passkeys::Rails
+  module Authenticatable
+    extend ActiveSupport::Concern
 
-      included do
-        has_one :agent, as: :authenticatable
+    included do
+      has_one :agent, as: :authenticatable
 
-        delegate :registered?, to: :agent, allow_nil: true
+      delegate :registered?, to: :agent, allow_nil: true
 
-        def registering_with(_agent)
-          # initialize required attributes
-        end
+      def registering_with(_agent)
+        # initialize required attributes
       end
     end
   end

data/app/models/passkeys/rails/agent.rb

@@ -1,17 +1,15 @@
-module Passkeys
-  module Rails
-    class Agent < ApplicationRecord
-      belongs_to :authenticatable, polymorphic: true, optional: true
-      has_many :passkeys
+module Passkeys::Rails
+  class Agent < ApplicationRecord
+    belongs_to :authenticatable, polymorphic: true, optional: true
+    has_many :passkeys
 
-      scope :registered, -> { where.not registered_at: nil }
-      scope :unregistered, -> { where registered_at: nil }
+    scope :registered, -> { where.not registered_at: nil }
+    scope :unregistered, -> { where registered_at: nil }
 
-      validates :username, presence: true, uniqueness: true
+    validates :username, presence: true, uniqueness: true
 
-      def registered?
-        registered_at.present?
-      end
+    def registered?
+      registered_at.present?
     end
   end
 end

data/app/models/passkeys/rails/application_record.rb

@@ -1,7 +1,5 @@
-module Passkeys
-  module Rails
-    class ApplicationRecord < ActiveRecord::Base
-      self.abstract_class = true
-    end
+module Passkeys::Rails
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
   end
 end

data/app/models/passkeys/rails/error.rb

@@ -1,16 +1,14 @@
-module Passkeys
-  module Rails
-    class Error < StandardError
-      attr_reader :hash
+module Passkeys::Rails
+  class Error < StandardError
+    attr_reader :hash
 
-      def initialize(message, hash = {})
-        @hash = hash
-        super(message)
-      end
+    def initialize(message, hash = {})
+      @hash = hash
+      super(message)
+    end
 
-      def to_h
-        { error: hash.merge(context: message) }
-      end
+    def to_h
+      { error: hash.merge(context: message) }
     end
   end
 end

data/app/models/passkeys/rails/passkey.rb

@@ -1,10 +1,8 @@
-module Passkeys
-  module Rails
-    class Passkey < ApplicationRecord
-      belongs_to :agent
-      validates :identifier, presence: true, uniqueness: true
-      validates :public_key, presence: true
-      validates :sign_count, presence: true
-    end
+module Passkeys::Rails
+  class Passkey < ApplicationRecord
+    belongs_to :agent
+    validates :identifier, presence: true, uniqueness: true
+    validates :public_key, presence: true
+    validates :sign_count, presence: true
   end
 end

data/config/initializers/application_controller.rb

@@ -0,0 +1,12 @@
+# These should be autoloaded, but if these aren't required here, apps using this
+# gem will throw an exception that Passkeys::Rails::Authentication can't be found
+require_relative '../../app/controllers/concerns/passkeys/rails/authentication'
+require_relative '../../app/models/passkeys/rails/error'
+
+class ActionController::Base
+  include Passkeys::Rails::Authentication
+end
+
+class ActionController::API
+  include Passkeys::Rails::Authentication
+end

data/lib/passkeys/rails/engine.rb

@@ -6,39 +6,16 @@ require "interactor"
 require "jwt"
 require "webauthn"
 
-require_relative 'controllers/helpers'
-require_relative "interactors/begin_authentication"
-require_relative "interactors/begin_challenge"
-require_relative "interactors/begin_registration"
-require_relative "interactors/finish_authentication"
-require_relative "interactors/finish_registration"
-require_relative "interactors/generate_auth_token"
-require_relative "interactors/refresh_token"
-require_relative "interactors/validate_auth_token"
+module Passkeys::Rails
+  class Engine < ::Rails::Engine
+    isolate_namespace Passkeys::Rails
 
-module Passkeys
-  module Rails
-    class Engine < ::Rails::Engine
-      isolate_namespace Passkeys::Rails
-
-      config.generators do |g|
-        g.test_framework :rspec
-        g.fixture_replacement :factory_bot
-        g.factory_bot dir: 'spec/factories'
-        g.assets false
-        g.helper false
-      end
-
-      # Include helpers
-      initializer "passkeys-rails.helpers" do
-        ActiveSupport.on_load(:action_controller_base) do
-          include Passkeys::Rails::Controllers::Helpers
-        end
-
-        ActiveSupport.on_load(:action_controller_api) do
-          include Passkeys::Rails::Controllers::Helpers
-        end
-      end
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_bot
+      g.factory_bot dir: 'spec/factories'
+      g.assets false
+      g.helper false
     end
   end
 end

data/lib/passkeys/rails/version.rb

@@ -1,5 +1,5 @@
 module Passkeys
   module Rails
-    VERSION = "0.1.2".freeze
+    VERSION = "0.1.3".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: passkeys-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Troy Anderson
@@ -353,14 +353,24 @@ files:
 - Rakefile
 - app/assets/config/passkeys_rails_manifest.js
 - app/assets/stylesheets/passkeys_rails/application.css
+- app/controllers/concerns/passkeys/rails/authentication.rb
 - app/controllers/passkeys/rails/application_controller.rb
 - app/controllers/passkeys/rails/passkeys_controller.rb
+- app/interactors/passkeys/rails/begin_authentication.rb
+- app/interactors/passkeys/rails/begin_challenge.rb
+- app/interactors/passkeys/rails/begin_registration.rb
+- app/interactors/passkeys/rails/finish_authentication.rb
+- app/interactors/passkeys/rails/finish_registration.rb
+- app/interactors/passkeys/rails/generate_auth_token.rb
+- app/interactors/passkeys/rails/refresh_token.rb
+- app/interactors/passkeys/rails/validate_auth_token.rb
 - app/models/concerns/passkeys/rails/authenticatable.rb
 - app/models/passkeys/rails/agent.rb
 - app/models/passkeys/rails/application_record.rb
 - app/models/passkeys/rails/error.rb
 - app/models/passkeys/rails/passkey.rb
 - app/views/layouts/passkeys/rails/application.html.erb
+- config/initializers/application_controller.rb
 - config/routes.rb
 - db/migrate/20230620012530_create_passkeys_rails_agents.rb
 - db/migrate/20230620012600_create_passkeys_rails_passkeys.rb
@@ -369,16 +379,7 @@ files:
 - lib/generators/passkeys_rails/templates/README
 - lib/generators/passkeys_rails/templates/passkeys_rails_config.rb
 - lib/passkeys-rails.rb
-- lib/passkeys/rails/controllers/helpers.rb
 - lib/passkeys/rails/engine.rb
-- lib/passkeys/rails/interactors/begin_authentication.rb
-- lib/passkeys/rails/interactors/begin_challenge.rb
-- lib/passkeys/rails/interactors/begin_registration.rb
-- lib/passkeys/rails/interactors/finish_authentication.rb
-- lib/passkeys/rails/interactors/finish_registration.rb
-- lib/passkeys/rails/interactors/generate_auth_token.rb
-- lib/passkeys/rails/interactors/refresh_token.rb
-- lib/passkeys/rails/interactors/validate_auth_token.rb
 - lib/passkeys/rails/railtie.rb
 - lib/passkeys/rails/version.rb
 - lib/tasks/passkeys_rails_tasks.rake
@@ -405,7 +406,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.12
+rubygems_version: 3.4.17
 signing_key:
 specification_version: 4
 summary: PassKey authentication back end with simple API

data/lib/passkeys/rails/controllers/helpers.rb

@@ -1,33 +0,0 @@
-module Passkeys
-  module Rails
-    module Controllers
-      module Helpers
-        extend ActiveSupport::Concern
-
-        included do
-          rescue_from Passkeys::Rails::Error do |e|
-            render json: e.to_h, status: :unauthorized
-          end
-        end
-
-        def current_agent
-          return nil if request.headers['HTTP_X_AUTH'].blank?
-
-          @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
-        end
-
-        def authenticate_passkey!
-          return if validated_auth_token.success?
-
-          raise Passkeys::Rails::Error.new(:authentication,
-                                           code: :unauthorized,
-                                           message: "You are not authorized to access this resource.")
-        end
-
-        def validated_auth_token
-          @validated_auth_token ||= Passkeys::Rails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
-        end
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_authentication.rb

@@ -1,11 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginAuthentication
-      include Interactor
-
-      def call
-        context.options = WebAuthn::Credential.options_for_get
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_challenge.rb

@@ -1,37 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginChallenge
-      include Interactor
-
-      delegate :username, to: :context
-
-      def call
-        result = generate_challenge!
-
-        options = result.options
-
-        context.response = options
-        context.session_data = session_data(options)
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def generate_challenge!
-        if username.present?
-          BeginRegistration.call!(username:)
-        else
-          BeginAuthentication.call!
-        end
-      end
-
-      def session_data(options)
-        {
-          username:,
-          challenge: WebAuthn.standard_encoder.encode(options.challenge)
-        }
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_registration.rb

@@ -1,25 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginRegistration
-      include Interactor
-
-      delegate :username, to: :context
-
-      def call
-        agent = create_unregistered_agent
-
-        context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
-      end
-
-      private
-
-      def create_unregistered_agent
-        agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
-
-        context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?
-
-        agent
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/finish_authentication.rb

@@ -1,55 +0,0 @@
-# Finish authentication ceremony
-module Passkeys
-  module Rails
-    class FinishAuthentication
-      include Interactor
-
-      delegate :credential, :challenge, to: :context
-
-      def call
-        verify_credential!
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def verify_credential!
-        webauthn_credential.verify(
-          challenge,
-          public_key: passkey.public_key,
-          sign_count: passkey.sign_count
-        )
-
-        passkey.update!(sign_count: webauthn_credential.sign_count)
-        agent.update!(last_authenticated_at: Time.current)
-      rescue WebAuthn::SignCountVerificationError
-        # Cryptographic verification of the authenticator data succeeded, but the signature counter was less than or equal
-        # to the stored value. This can have several reasons and depending on your risk tolerance you can choose to fail or
-        # pass authentication. For more information see https://www.w3.org/TR/webauthn/#sign-counter
-      rescue WebAuthn::Error => e
-        context.fail!(code: :webauthn_error, message: e.message)
-      end
-
-      def webauthn_credential
-        @webauthn_credential ||= WebAuthn::Credential.from_get(credential)
-      end
-
-      def passkey
-        @passkey ||= begin
-          passkey = Passkey.find_by(identifier: webauthn_credential.id)
-          context.fail!(code: :passkey_not_found, message: "Unable to find the specified passkey") if passkey.blank?
-
-          passkey
-        end
-      end
-
-      def agent
-        passkey.agent
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/finish_registration.rb

@@ -1,79 +0,0 @@
-# Finish registration ceremony
-module Passkeys
-  module Rails
-    class FinishRegistration
-      include Interactor
-
-      delegate :credential, :username, :challenge, :authenticatable_class, to: :context
-
-      def call
-        verify_credential!
-        store_passkey_and_register_agent!
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def verify_credential!
-        webauthn_credential.verify(challenge)
-      rescue WebAuthn::Error => e
-        context.fail!(code: :webauthn_error, message: e.message)
-      rescue StandardError => e
-        context.fail!(code: :error, message: e.message)
-      end
-
-      def store_passkey_and_register_agent!
-        agent.transaction do
-          begin
-            # Store Credential ID, Credential Public Key and Sign Count for future authentications
-            agent.passkeys.create!(
-              identifier: webauthn_credential.id,
-              public_key: webauthn_credential.public_key,
-              sign_count: webauthn_credential.sign_count
-            )
-
-            agent.update! registered_at: Time.current
-          rescue StandardError => e
-            context.fail! code: :passkey_error, message: e.message
-          end
-
-          create_authenticatable! if authenticatable_class.present?
-        end
-      end
-
-      def create_authenticatable!
-        klass = begin
-          authenticatable_class.constantize
-        rescue StandardError
-          context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
-        end
-
-        begin
-          authenticatable = klass.create! do |obj|
-            obj.registering_with(agent) if obj.respond_to?(:registering_with)
-          end
-          agent.update!(authenticatable:)
-        rescue ActiveRecord::RecordInvalid => e
-          context.fail!(code: :record_invalid, message: e.message)
-        end
-      end
-
-      def webauthn_credential
-        @webauthn_credential ||= WebAuthn::Credential.from_create(credential)
-      end
-
-      def agent
-        @agent ||= begin
-          agent = Agent.find_by(username:)
-          context.fail!(code: :agent_not_found, message: "Agent not found for session value: \"#{username}\"") if agent.blank?
-
-          agent
-        end
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/generate_auth_token.rb

@@ -1,29 +0,0 @@
-module Passkeys
-  module Rails
-    class GenerateAuthToken
-      include Interactor
-
-      delegate :agent, to: :context
-
-      def call
-        context.auth_token = generate_auth_token
-      end
-
-      private
-
-      def generate_auth_token
-        JWT.encode(jwt_payload,
-                   Passkeys::Rails.auth_token_secret,
-                   Passkeys::Rails.auth_token_algorithm)
-      end
-
-      def jwt_payload
-        expiration = (Time.current + Passkeys::Rails.auth_token_expires_in).to_i
-
-        payload = { agent_id: agent.id }
-        payload[:exp] = expiration unless expiration.zero?
-        payload
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/refresh_token.rb

@@ -1,19 +0,0 @@
-# Finish authentication ceremony
-module Passkeys
-  module Rails
-    class RefreshToken
-      include Interactor
-
-      delegate :token, to: :context
-
-      def call
-        agent = ValidateAuthToken.call!(auth_token: token).agent
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/validate_auth_token.rb

@@ -1,35 +0,0 @@
-module Passkeys
-  module Rails
-    class ValidateAuthToken
-      include Interactor
-
-      delegate :auth_token, to: :context
-
-      def call
-        context.fail!(code: :missing_token, message: "X-Auth header is required") if auth_token.blank?
-
-        context.agent = fetch_agent
-      end
-
-      private
-
-      def fetch_agent
-        agent = Agent.find_by(id: payload['agent_id'])
-        context.fail!(code: :invalid_token, message: "Invalid token - no agent exists with agent_id") if agent.blank?
-
-        agent
-      end
-
-      def payload
-        JWT.decode(auth_token,
-                   Passkeys::Rails.auth_token_secret,
-                   true,
-                   { required_claims: %w[exp agent_id], algorithm: Passkeys::Rails.auth_token_algorithm }).first
-      rescue JWT::ExpiredSignature
-        context.fail!(code: :expired_token, message: "The token has expired")
-      rescue StandardError => e
-        context.fail!(code: :token_error, message: e.message)
-      end
-    end
-  end
-end