RubyGems - passkeys-rails - Versions diffs - 0.1.4 → 0.1.6 - Mend

passkeys-rails 0.1.4 → 0.1.6

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +31 -3
data/app/controllers/concerns/passkeys_rails/authentication.rb +7 -6
data/app/interactors/passkeys_rails/begin_registration.rb +4 -2
data/app/interactors/passkeys_rails/finish_registration.rb +29 -12
data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb +24 -0
data/lib/passkeys-rails.rb +22 -0
data/lib/passkeys_rails/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2eb3101d4ecba95639b4cc95adfa6a86939b7bdc3e6db0e3c26ed9e154d9fa97
-  data.tar.gz: 86cc744ced315cb5a662743f2cbf44fa20a05f7fbe444103b62a82281b009edd
+  metadata.gz: c1c218e160d157a8ddcf931fae3a053fb6e130130b61a8e03f5a9a2bcade07b1
+  data.tar.gz: 42fb39898dd79867bd8d18fb95b39ac335a47ed5a06d3ccb13b5f3fc2b64b6af
 SHA512:
-  metadata.gz: f2b55ac5a4aea2f969ab32cff126f6cab53f2a0b819a998668d58b794231a4f6ca378247af0e2561fbf0062760ea0724641c36b4915c2bd2a9f24aedf2909a23
-  data.tar.gz: 115f5c9c098da302f13d45e6871ae0152a8bd454d4d5281effc29afcc7e1dfacf0b838322bb55ff5f9b17caf2f846917e1596c0f8e4fc8a525bf710e986e7a5f
+  metadata.gz: 85c226aabf90e17b56744947b37eab49f98c4cbacc42a4963316ea60a68fa6c49b40ea81297d2786a16151361fa6e0f637a5af18d147db12894f5288ef260558
+  data.tar.gz: 9a26aa0b7c5e907b954f2564244ab222205775da8087c0c9b17cde3e00706aace1b21b4c3c57d728b91472ed035eeb3f4c87d2ecc4ccecb1e41c5f767d548ccc

data/README.md CHANGED Viewed

@@ -1,13 +1,41 @@
-[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg?cachebust=4)](https://badge.fury.io/rb/passkeys-rails)
+[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg?cachebust=5)](https://badge.fury.io/rb/passkeys-rails)
 [![Build Status](https://app.travis-ci.com/alliedcode/passkeys-rails.svg?branch=main)](https://travis-ci.org/alliedcode/passkeys-rails)
 [![codecov](https://codecov.io/gh/alliedcode/passkeys-rails/branch/main/graph/badge.svg?token=UHSNJDUL21)](https://codecov.io/gh/alliedcode/passkeys-rails)
 # PasskeysRails
-Devise is awesome, but we don't need all that UI/UX for PassKeys.  This gem is to make it easy to provide a back end that authenticates a mobile front end with PassKeys.
+Devise is awesome, but we don't need all that UI/UX for PassKeys.  This gem is to make
+it easy to provide a back end that authenticates a mobile front end with PassKeys.
 ## Usage
 rails passkeys-rails::install
-PasskeysRails maintains an Agent model and related Passeys.  If you have a user model, add `include PasskeysRails::Authenticatable` to your model and include the name of that class (e.g. "User") in the authenticatable_class param when calling the register API.
+PasskeysRails maintains an Agent model and related Passeys.  If you have a user model,
+add `include PasskeysRails::Authenticatable` to your model and include the name of that
+class (e.g. "User") in the authenticatable_class param when calling the register API.
+### Optionally providing a "user" model during registration
+PasskeysRails does not require that you supply your own model, but it's often useful to do so.  For example,
+if you have a User model that you would like to have created at registration, you can supply the model name
+in the finishRegistration API call.
+PasskeysRails supports multiple "user" models.  Whatever model name you supply in the finishRegiration call will
+be created and provided an opportunity to do any required initialization at that time.
+There are two PasskeysRails configuration options related to this.
+default_class and class_whitelist
+#### default_class
+Configure default_class in passkeys_rails.rb.  Its value will be used during registration if none
+is provided in the API call.  It is "User" by default.  Since it's just a default, it can be overridden
+in the API call for any other model.  If no model is to be used, change it to nil.
+#### class_whitelist
+Configure class_whitelist in passkeys_rails.rb.  It is nil by default.  When nil, no whitelist will be applied.
+If it is non-nil, it should be an array of class names that are allowed during registration.  Supply an empty
+array to prevent PasskeysRails from attempting to create anything other than its own PasskeysRails::Agent during
+registration.
 ## Installation
 Add this line to your application's Gemfile:

data/app/controllers/concerns/passkeys_rails/authentication.rb CHANGED Viewed

@@ -9,21 +9,22 @@ module PasskeysRails
     end
     def current_agent
-      return nil if request.headers['HTTP_X_AUTH'].blank?
-      @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
+      @current_agent ||= (request.headers['HTTP_X_AUTH'].present? &&
+                         passkey_authentication_result.success? &&
+                         passkey_authentication_result.agent.registered? &&
+                         passkey_authentication_result.agent) || nil
     end
     def authenticate_passkey!
-      return if validated_auth_token.success?
+      return if current_agent.present?
       raise PasskeysRails::Error.new(:authentication,
                                      code: :unauthorized,
                                      message: "You are not authorized to access this resource.")
     end
-    def validated_auth_token
-      @validated_auth_token ||= PasskeysRails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
+    def passkey_authentication_result
+      @passkey_authentication_result ||= PasskeysRails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
     end
   end
 end

data/app/interactors/passkeys_rails/begin_registration.rb CHANGED Viewed

@@ -5,14 +5,16 @@ module PasskeysRails
     delegate :username, to: :context
     def call
-      agent = create_unregistered_agent
+      agent = create_or_replace_unregistered_agent
       context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
     end
     private
-    def create_unregistered_agent
+    def create_or_replace_unregistered_agent
+      Agent.unregistered.where(username:).destroy_all
       agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
       context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?

data/app/interactors/passkeys_rails/finish_registration.rb CHANGED Viewed

@@ -40,25 +40,42 @@ module PasskeysRails
           context.fail! code: :passkey_error, message: e.message
         end
-        create_authenticatable! if authenticatable_class.present?
+        create_authenticatable! if aux_class_name.present?
       end
     end
-    def create_authenticatable!
-      klass = begin
-        authenticatable_class.constantize
+    def aux_class_name
+      @aux_class_name ||= authenticatable_class || PasskeysRails.default_class
+    end
+    def aux_class
+      whitelist = PasskeysRails.class_whitelist
+      @aux_class ||= begin
+        case whitelist
+        when Array
+          unless whitelist.include?(aux_class_name)
+            context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{aux_class_name}) is not in the whitelist")
+          end
+        when present?
+          context.fail!(code: :invalid_class_whitelist,
+                        message: "class_whitelist is invalid.  It should be nil or an array of zero or more class names.")
+        end
+        aux_class_name.constantize
       rescue StandardError
-        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
+        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{aux_class_name}) is not defined")
       end
+    end
-      begin
-        authenticatable = klass.create! do |obj|
-          obj.registering_with(agent) if obj.respond_to?(:registering_with)
-        end
-        agent.update!(authenticatable:)
-      rescue ActiveRecord::RecordInvalid => e
-        context.fail!(code: :record_invalid, message: e.message)
+    def create_authenticatable!
+      authenticatable = aux_class.create! do |obj|
+        obj.registering_with(agent) if obj.respond_to?(:registering_with)
       end
+      agent.update!(authenticatable:)
+    rescue ActiveRecord::RecordInvalid => e
+      context.fail!(code: :record_invalid, message: e.message)
     end
     def webauthn_credential

data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb CHANGED Viewed

@@ -21,4 +21,28 @@ PasskeysRails.config do |c|
   # Default is 30 days
   #
   # c.auth_token_expires_in = 30.days
+  # Model to use when creating or authenticating a passkey.
+  # This can be overridden when calling the API, but if no
+  # value is supplied when calling the API, this value is used.
+  #
+  # If nil, there is no default, and if none is supplied when
+  # calling the API, no resource is created other than
+  # a PaskeysRails::Agent that is used to track the passkey.
+  #
+  # This library doesn't assume that there will only be one
+  # model, but it is a common use case, so setting the
+  # default_class simplifies the use of the API in that case.
+  #
+  # c.default_class = "User"
+  # By providing a class_whitelist, the API will require that
+  # any supplied class is in the whitelist.  If it is not, the
+  # auth API will return an error.  This prevents a caller from
+  # attempting to create an unintended records on registration.
+  # If nil, any model will be allowed.
+  # This should be an array of symbols or strings,
+  # for example: %w[User AdminUser]
+  #
+  # c.class_whitelist = nil
 end

data/lib/passkeys-rails.rb CHANGED Viewed

@@ -19,6 +19,28 @@ module PasskeysRails
   # Set it to 0 for no expiration (not recommended in production).
   mattr_accessor :auth_token_expires_in, default: 30.days
+  # Model to use when creating or authenticating a passkey.
+  # This can be overridden when calling the API, but if no
+  # value is supplied when calling the API, this value is used.
+  # If nil, there is no default, and if none is supplied when
+  # calling the API, no resource is created other than
+  # a PaskeysRails::Agent that is used to track the passkey.
+  #
+  # This library doesn't assume that there will only be one
+  # model, but it is a common use case, so setting the
+  # default_class simplifies the use of the API in that case.
+  mattr_accessor :default_class, default: "User"
+  # By providing a class_whitelist, the API will require that
+  # any supplied class is in the whitelist.  If it is not, the
+  # auth API will return an error.  This prevents a caller from
+  # attempting to create an unintended record on registration.
+  # If nil, any model will be allowed.
+  # If [], no model will be allowed.
+  # This should be an array of symbols or strings,
+  # for example: %w[User AdminUser]
+  mattr_accessor :class_whitelist, default: nil
   class << self
     def config
       yield self

data/lib/passkeys_rails/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PasskeysRails
-  VERSION = "0.1.4".freeze
+  VERSION = "0.1.6".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passkeys-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Troy Anderson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-23 00:00:00.000000000 Z
+date: 2023-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails