passkeys-rails 0.1.2 → 0.1.4

data/lib/passkeys_rails/engine.rb

@@ -0,0 +1,21 @@
+require "rails"
+require "active_support/core_ext/numeric/time"
+require "active_support/dependencies"
+
+require "interactor"
+require "jwt"
+require "webauthn"
+
+module PasskeysRails
+  class Engine < ::Rails::Engine
+    isolate_namespace PasskeysRails
+
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_bot
+      g.factory_bot dir: 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+  end
+end

data/lib/passkeys_rails/railtie.rb

@@ -0,0 +1,17 @@
+require 'passkeys-rails'
+require 'rails'
+
+module PasskeysRails
+  class Railtie < ::Rails::Railtie
+    railtie_name :passkeys_rails
+
+    rake_tasks do
+      path = File.expand_path(__dir__)
+      Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+    end
+
+    generators do
+      require "generators/passkeys_rails/install_generator"
+    end
+  end
+end

data/lib/passkeys_rails/version.rb

@@ -0,0 +1,3 @@
+module PasskeysRails
+  VERSION = "0.1.4".freeze
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: passkeys-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
 platform: ruby
 authors:
 - Troy Anderson
@@ -351,16 +351,23 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/assets/config/passkeys_rails_manifest.js
-- app/assets/stylesheets/passkeys_rails/application.css
-- app/controllers/passkeys/rails/application_controller.rb
-- app/controllers/passkeys/rails/passkeys_controller.rb
-- app/models/concerns/passkeys/rails/authenticatable.rb
-- app/models/passkeys/rails/agent.rb
-- app/models/passkeys/rails/application_record.rb
-- app/models/passkeys/rails/error.rb
-- app/models/passkeys/rails/passkey.rb
-- app/views/layouts/passkeys/rails/application.html.erb
+- app/controllers/concerns/passkeys_rails/authentication.rb
+- app/controllers/passkeys_rails/application_controller.rb
+- app/controllers/passkeys_rails/passkeys_controller.rb
+- app/interactors/passkeys_rails/begin_authentication.rb
+- app/interactors/passkeys_rails/begin_challenge.rb
+- app/interactors/passkeys_rails/begin_registration.rb
+- app/interactors/passkeys_rails/finish_authentication.rb
+- app/interactors/passkeys_rails/finish_registration.rb
+- app/interactors/passkeys_rails/generate_auth_token.rb
+- app/interactors/passkeys_rails/refresh_token.rb
+- app/interactors/passkeys_rails/validate_auth_token.rb
+- app/models/concerns/passkeys_rails/authenticatable.rb
+- app/models/passkeys_rails/agent.rb
+- app/models/passkeys_rails/application_record.rb
+- app/models/passkeys_rails/error.rb
+- app/models/passkeys_rails/passkey.rb
+- config/initializers/application_controller.rb
 - config/routes.rb
 - db/migrate/20230620012530_create_passkeys_rails_agents.rb
 - db/migrate/20230620012600_create_passkeys_rails_passkeys.rb
@@ -369,18 +376,9 @@ files:
 - lib/generators/passkeys_rails/templates/README
 - lib/generators/passkeys_rails/templates/passkeys_rails_config.rb
 - lib/passkeys-rails.rb
-- lib/passkeys/rails/controllers/helpers.rb
-- lib/passkeys/rails/engine.rb
-- lib/passkeys/rails/interactors/begin_authentication.rb
-- lib/passkeys/rails/interactors/begin_challenge.rb
-- lib/passkeys/rails/interactors/begin_registration.rb
-- lib/passkeys/rails/interactors/finish_authentication.rb
-- lib/passkeys/rails/interactors/finish_registration.rb
-- lib/passkeys/rails/interactors/generate_auth_token.rb
-- lib/passkeys/rails/interactors/refresh_token.rb
-- lib/passkeys/rails/interactors/validate_auth_token.rb
-- lib/passkeys/rails/railtie.rb
-- lib/passkeys/rails/version.rb
+- lib/passkeys_rails/engine.rb
+- lib/passkeys_rails/railtie.rb
+- lib/passkeys_rails/version.rb
 - lib/tasks/passkeys_rails_tasks.rake
 homepage: https://github.com/alliedcode/passkeys-rails
 licenses:
@@ -405,7 +403,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.12
+rubygems_version: 3.4.17
 signing_key:
 specification_version: 4
 summary: PassKey authentication back end with simple API

data/app/assets/config/passkeys_rails_manifest.js

@@ -1 +0,0 @@
-//= link_directory ../stylesheets/passkeys_rails .css

data/app/assets/stylesheets/passkeys_rails/application.css

@@ -1,15 +0,0 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */

data/app/controllers/passkeys/rails/application_controller.rb

@@ -1,24 +0,0 @@
-module Passkeys
-  module Rails
-    class ApplicationController < ActionController::Base
-      rescue_from ::Interactor::Failure, with: :handle_interactor_failure
-      rescue_from ActionController::ParameterMissing, with: :handle_missing_parameter
-
-      protected
-
-      def handle_missing_parameter(error)
-        render_error(:authentication, 'missing_parameter', error.message)
-      end
-
-      def handle_interactor_failure(failure)
-        render_error(:authentication, failure.context.code, failure.context.message)
-      end
-
-      private
-
-      def render_error(context, code, message, status: :unprocessable_entity)
-        render json: { error: { context:, code:, message: } }, status:
-      end
-    end
-  end
-end

data/app/controllers/passkeys/rails/passkeys_controller.rb

@@ -1,63 +0,0 @@
-module Passkeys
-  module Rails
-    class PasskeysController < ApplicationController
-      def challenge
-        result = Passkeys::Rails::BeginChallenge.call!(username: challenge_params[:username])
-
-        # Store the challenge so we can verify the future register or authentication request
-        session[:passkeys_rails] = result.session_data
-
-        render json: result.response.as_json
-      end
-
-      def register
-        result = Passkeys::Rails::FinishRegistration.call!(credential: attestation_credential_params.to_h,
-                                                           authenticatable_class:,
-                                                           username: session.dig(:passkeys_rails, :username),
-                                                           challenge: session.dig(:passkeys_rails, :challenge))
-
-        render json: { username: result.username, auth_token: result.auth_token }
-      end
-
-      def authenticate
-        result = Passkeys::Rails::FinishAuthentication.call!(credential: authentication_params.to_h,
-                                                             challenge: session.dig(:passkeys_rails, :challenge))
-
-        render json: { username: result.username, auth_token: result.auth_token }
-      end
-
-      def refresh
-        result = Passkeys::Rails::RefreshToken.call!(token: refresh_params[:auth_token])
-        render json: { username: result.username, auth_token: result.auth_token }
-      end
-
-      protected
-
-      def challenge_params
-        params.permit(:username)
-      end
-
-      def attestation_credential_params
-        credential = params.require(:credential)
-        credential.require(%i[id rawId type response])
-        credential.require(:response).require(%i[attestationObject clientDataJSON])
-        credential.permit(:id, :rawId, :type, { response: %i[attestationObject clientDataJSON] })
-      end
-
-      def authenticatable_class
-        params[:authenticatable_class]
-      end
-
-      def authentication_params
-        params.require(%i[id rawId type response])
-        params.require(:response).require(%i[authenticatorData clientDataJSON signature userHandle])
-        params.permit(:id, :rawId, :type, { response: %i[authenticatorData clientDataJSON signature userHandle] })
-      end
-
-      def refresh_params
-        params.require(:auth_token)
-        params.permit(:auth_token)
-      end
-    end
-  end
-end

data/app/models/concerns/passkeys/rails/authenticatable.rb

@@ -1,19 +0,0 @@
-require 'active_support/concern'
-
-module Passkeys
-  module Rails
-    module Authenticatable
-      extend ActiveSupport::Concern
-
-      included do
-        has_one :agent, as: :authenticatable
-
-        delegate :registered?, to: :agent, allow_nil: true
-
-        def registering_with(_agent)
-          # initialize required attributes
-        end
-      end
-    end
-  end
-end

data/app/models/passkeys/rails/agent.rb

@@ -1,17 +0,0 @@
-module Passkeys
-  module Rails
-    class Agent < ApplicationRecord
-      belongs_to :authenticatable, polymorphic: true, optional: true
-      has_many :passkeys
-
-      scope :registered, -> { where.not registered_at: nil }
-      scope :unregistered, -> { where registered_at: nil }
-
-      validates :username, presence: true, uniqueness: true
-
-      def registered?
-        registered_at.present?
-      end
-    end
-  end
-end

data/app/models/passkeys/rails/application_record.rb

@@ -1,7 +0,0 @@
-module Passkeys
-  module Rails
-    class ApplicationRecord < ActiveRecord::Base
-      self.abstract_class = true
-    end
-  end
-end

data/app/models/passkeys/rails/error.rb

@@ -1,16 +0,0 @@
-module Passkeys
-  module Rails
-    class Error < StandardError
-      attr_reader :hash
-
-      def initialize(message, hash = {})
-        @hash = hash
-        super(message)
-      end
-
-      def to_h
-        { error: hash.merge(context: message) }
-      end
-    end
-  end
-end

data/app/models/passkeys/rails/passkey.rb

@@ -1,10 +0,0 @@
-module Passkeys
-  module Rails
-    class Passkey < ApplicationRecord
-      belongs_to :agent
-      validates :identifier, presence: true, uniqueness: true
-      validates :public_key, presence: true
-      validates :sign_count, presence: true
-    end
-  end
-end

data/app/views/layouts/passkeys/rails/application.html.erb

@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Mobile pass</title>
-  <%= csrf_meta_tags %>
-  <%= csp_meta_tag %>
-
-  <%= stylesheet_link_tag "passkeys_rails/application", media: "all" %>
-</head>
-<body>
-
-<%= yield %>
-
-</body>
-</html>

data/lib/passkeys/rails/controllers/helpers.rb

@@ -1,33 +0,0 @@
-module Passkeys
-  module Rails
-    module Controllers
-      module Helpers
-        extend ActiveSupport::Concern
-
-        included do
-          rescue_from Passkeys::Rails::Error do |e|
-            render json: e.to_h, status: :unauthorized
-          end
-        end
-
-        def current_agent
-          return nil if request.headers['HTTP_X_AUTH'].blank?
-
-          @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
-        end
-
-        def authenticate_passkey!
-          return if validated_auth_token.success?
-
-          raise Passkeys::Rails::Error.new(:authentication,
-                                           code: :unauthorized,
-                                           message: "You are not authorized to access this resource.")
-        end
-
-        def validated_auth_token
-          @validated_auth_token ||= Passkeys::Rails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
-        end
-      end
-    end
-  end
-end

data/lib/passkeys/rails/engine.rb

@@ -1,44 +0,0 @@
-require "rails"
-require "active_support/core_ext/numeric/time"
-require "active_support/dependencies"
-
-require "interactor"
-require "jwt"
-require "webauthn"
-
-require_relative 'controllers/helpers'
-require_relative "interactors/begin_authentication"
-require_relative "interactors/begin_challenge"
-require_relative "interactors/begin_registration"
-require_relative "interactors/finish_authentication"
-require_relative "interactors/finish_registration"
-require_relative "interactors/generate_auth_token"
-require_relative "interactors/refresh_token"
-require_relative "interactors/validate_auth_token"
-
-module Passkeys
-  module Rails
-    class Engine < ::Rails::Engine
-      isolate_namespace Passkeys::Rails
-
-      config.generators do |g|
-        g.test_framework :rspec
-        g.fixture_replacement :factory_bot
-        g.factory_bot dir: 'spec/factories'
-        g.assets false
-        g.helper false
-      end
-
-      # Include helpers
-      initializer "passkeys-rails.helpers" do
-        ActiveSupport.on_load(:action_controller_base) do
-          include Passkeys::Rails::Controllers::Helpers
-        end
-
-        ActiveSupport.on_load(:action_controller_api) do
-          include Passkeys::Rails::Controllers::Helpers
-        end
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_authentication.rb

@@ -1,11 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginAuthentication
-      include Interactor
-
-      def call
-        context.options = WebAuthn::Credential.options_for_get
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_challenge.rb

@@ -1,37 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginChallenge
-      include Interactor
-
-      delegate :username, to: :context
-
-      def call
-        result = generate_challenge!
-
-        options = result.options
-
-        context.response = options
-        context.session_data = session_data(options)
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def generate_challenge!
-        if username.present?
-          BeginRegistration.call!(username:)
-        else
-          BeginAuthentication.call!
-        end
-      end
-
-      def session_data(options)
-        {
-          username:,
-          challenge: WebAuthn.standard_encoder.encode(options.challenge)
-        }
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/begin_registration.rb

@@ -1,25 +0,0 @@
-module Passkeys
-  module Rails
-    class BeginRegistration
-      include Interactor
-
-      delegate :username, to: :context
-
-      def call
-        agent = create_unregistered_agent
-
-        context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
-      end
-
-      private
-
-      def create_unregistered_agent
-        agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
-
-        context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?
-
-        agent
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/finish_authentication.rb

@@ -1,55 +0,0 @@
-# Finish authentication ceremony
-module Passkeys
-  module Rails
-    class FinishAuthentication
-      include Interactor
-
-      delegate :credential, :challenge, to: :context
-
-      def call
-        verify_credential!
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def verify_credential!
-        webauthn_credential.verify(
-          challenge,
-          public_key: passkey.public_key,
-          sign_count: passkey.sign_count
-        )
-
-        passkey.update!(sign_count: webauthn_credential.sign_count)
-        agent.update!(last_authenticated_at: Time.current)
-      rescue WebAuthn::SignCountVerificationError
-        # Cryptographic verification of the authenticator data succeeded, but the signature counter was less than or equal
-        # to the stored value. This can have several reasons and depending on your risk tolerance you can choose to fail or
-        # pass authentication. For more information see https://www.w3.org/TR/webauthn/#sign-counter
-      rescue WebAuthn::Error => e
-        context.fail!(code: :webauthn_error, message: e.message)
-      end
-
-      def webauthn_credential
-        @webauthn_credential ||= WebAuthn::Credential.from_get(credential)
-      end
-
-      def passkey
-        @passkey ||= begin
-          passkey = Passkey.find_by(identifier: webauthn_credential.id)
-          context.fail!(code: :passkey_not_found, message: "Unable to find the specified passkey") if passkey.blank?
-
-          passkey
-        end
-      end
-
-      def agent
-        passkey.agent
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/finish_registration.rb

@@ -1,79 +0,0 @@
-# Finish registration ceremony
-module Passkeys
-  module Rails
-    class FinishRegistration
-      include Interactor
-
-      delegate :credential, :username, :challenge, :authenticatable_class, to: :context
-
-      def call
-        verify_credential!
-        store_passkey_and_register_agent!
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-
-      private
-
-      def verify_credential!
-        webauthn_credential.verify(challenge)
-      rescue WebAuthn::Error => e
-        context.fail!(code: :webauthn_error, message: e.message)
-      rescue StandardError => e
-        context.fail!(code: :error, message: e.message)
-      end
-
-      def store_passkey_and_register_agent!
-        agent.transaction do
-          begin
-            # Store Credential ID, Credential Public Key and Sign Count for future authentications
-            agent.passkeys.create!(
-              identifier: webauthn_credential.id,
-              public_key: webauthn_credential.public_key,
-              sign_count: webauthn_credential.sign_count
-            )
-
-            agent.update! registered_at: Time.current
-          rescue StandardError => e
-            context.fail! code: :passkey_error, message: e.message
-          end
-
-          create_authenticatable! if authenticatable_class.present?
-        end
-      end
-
-      def create_authenticatable!
-        klass = begin
-          authenticatable_class.constantize
-        rescue StandardError
-          context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
-        end
-
-        begin
-          authenticatable = klass.create! do |obj|
-            obj.registering_with(agent) if obj.respond_to?(:registering_with)
-          end
-          agent.update!(authenticatable:)
-        rescue ActiveRecord::RecordInvalid => e
-          context.fail!(code: :record_invalid, message: e.message)
-        end
-      end
-
-      def webauthn_credential
-        @webauthn_credential ||= WebAuthn::Credential.from_create(credential)
-      end
-
-      def agent
-        @agent ||= begin
-          agent = Agent.find_by(username:)
-          context.fail!(code: :agent_not_found, message: "Agent not found for session value: \"#{username}\"") if agent.blank?
-
-          agent
-        end
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/generate_auth_token.rb

@@ -1,29 +0,0 @@
-module Passkeys
-  module Rails
-    class GenerateAuthToken
-      include Interactor
-
-      delegate :agent, to: :context
-
-      def call
-        context.auth_token = generate_auth_token
-      end
-
-      private
-
-      def generate_auth_token
-        JWT.encode(jwt_payload,
-                   Passkeys::Rails.auth_token_secret,
-                   Passkeys::Rails.auth_token_algorithm)
-      end
-
-      def jwt_payload
-        expiration = (Time.current + Passkeys::Rails.auth_token_expires_in).to_i
-
-        payload = { agent_id: agent.id }
-        payload[:exp] = expiration unless expiration.zero?
-        payload
-      end
-    end
-  end
-end

data/lib/passkeys/rails/interactors/refresh_token.rb

@@ -1,19 +0,0 @@
-# Finish authentication ceremony
-module Passkeys
-  module Rails
-    class RefreshToken
-      include Interactor
-
-      delegate :token, to: :context
-
-      def call
-        agent = ValidateAuthToken.call!(auth_token: token).agent
-
-        context.username = agent.username
-        context.auth_token = GenerateAuthToken.call!(agent:).auth_token
-      rescue Interactor::Failure => e
-        context.fail! code: e.context.code, message: e.context.message
-      end
-    end
-  end
-end