RubyGems - passkeys-rails - Versions diffs - 0.1.4 → 0.1.6 - Mend

passkeys-rails 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +31 -3
data/app/controllers/concerns/passkeys_rails/authentication.rb +7 -6
data/app/interactors/passkeys_rails/begin_registration.rb +4 -2
data/app/interactors/passkeys_rails/finish_registration.rb +29 -12
data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb +24 -0
data/lib/passkeys-rails.rb +22 -0
data/lib/passkeys_rails/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2eb3101d4ecba95639b4cc95adfa6a86939b7bdc3e6db0e3c26ed9e154d9fa97
-  data.tar.gz: 86cc744ced315cb5a662743f2cbf44fa20a05f7fbe444103b62a82281b009edd
+  metadata.gz: c1c218e160d157a8ddcf931fae3a053fb6e130130b61a8e03f5a9a2bcade07b1
+  data.tar.gz: 42fb39898dd79867bd8d18fb95b39ac335a47ed5a06d3ccb13b5f3fc2b64b6af
 SHA512:
-  metadata.gz: f2b55ac5a4aea2f969ab32cff126f6cab53f2a0b819a998668d58b794231a4f6ca378247af0e2561fbf0062760ea0724641c36b4915c2bd2a9f24aedf2909a23
-  data.tar.gz: 115f5c9c098da302f13d45e6871ae0152a8bd454d4d5281effc29afcc7e1dfacf0b838322bb55ff5f9b17caf2f846917e1596c0f8e4fc8a525bf710e986e7a5f
+  metadata.gz: 85c226aabf90e17b56744947b37eab49f98c4cbacc42a4963316ea60a68fa6c49b40ea81297d2786a16151361fa6e0f637a5af18d147db12894f5288ef260558
+  data.tar.gz: 9a26aa0b7c5e907b954f2564244ab222205775da8087c0c9b17cde3e00706aace1b21b4c3c57d728b91472ed035eeb3f4c87d2ecc4ccecb1e41c5f767d548ccc

data/README.md CHANGED Viewed

@@ -1,13 +1,41 @@
-[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg?cachebust=4)](https://badge.fury.io/rb/passkeys-rails)
+[![Gem Version](https://badge.fury.io/rb/passkeys-rails.svg?cachebust=5)](https://badge.fury.io/rb/passkeys-rails)
 [![Build Status](https://app.travis-ci.com/alliedcode/passkeys-rails.svg?branch=main)](https://travis-ci.org/alliedcode/passkeys-rails)
 [![codecov](https://codecov.io/gh/alliedcode/passkeys-rails/branch/main/graph/badge.svg?token=UHSNJDUL21)](https://codecov.io/gh/alliedcode/passkeys-rails)
 # PasskeysRails
-Devise is awesome, but we don't need all that UI/UX for PassKeys.  This gem is to make it easy to provide a back end that authenticates a mobile front end with PassKeys.
+Devise is awesome, but we don't need all that UI/UX for PassKeys.  This gem is to make
+it easy to provide a back end that authenticates a mobile front end with PassKeys.
 ## Usage
 rails passkeys-rails::install
-PasskeysRails maintains an Agent model and related Passeys.  If you have a user model, add `include PasskeysRails::Authenticatable` to your model and include the name of that class (e.g. "User") in the authenticatable_class param when calling the register API.
+PasskeysRails maintains an Agent model and related Passeys.  If you have a user model,
+add `include PasskeysRails::Authenticatable` to your model and include the name of that
+class (e.g. "User") in the authenticatable_class param when calling the register API.
+### Optionally providing a "user" model during registration
+PasskeysRails does not require that you supply your own model, but it's often useful to do so.  For example,
+if you have a User model that you would like to have created at registration, you can supply the model name
+in the finishRegistration API call.
+PasskeysRails supports multiple "user" models.  Whatever model name you supply in the finishRegiration call will
+be created and provided an opportunity to do any required initialization at that time.
+There are two PasskeysRails configuration options related to this.
+default_class and class_whitelist
+#### default_class
+Configure default_class in passkeys_rails.rb.  Its value will be used during registration if none
+is provided in the API call.  It is "User" by default.  Since it's just a default, it can be overridden
+in the API call for any other model.  If no model is to be used, change it to nil.
+#### class_whitelist
+Configure class_whitelist in passkeys_rails.rb.  It is nil by default.  When nil, no whitelist will be applied.
+If it is non-nil, it should be an array of class names that are allowed during registration.  Supply an empty
+array to prevent PasskeysRails from attempting to create anything other than its own PasskeysRails::Agent during
+registration.
 ## Installation
 Add this line to your application's Gemfile:

data/app/controllers/concerns/passkeys_rails/authentication.rb CHANGED Viewed

@@ -9,21 +9,22 @@ module PasskeysRails
     end
     def current_agent
-      return nil if request.headers['HTTP_X_AUTH'].blank?
-      @current_agent ||= validated_auth_token&.success? && validated_auth_token&.agent
+      @current_agent ||= (request.headers['HTTP_X_AUTH'].present? &&
+                         passkey_authentication_result.success? &&
+                         passkey_authentication_result.agent.registered? &&
+                         passkey_authentication_result.agent) || nil
     end
     def authenticate_passkey!
-      return if validated_auth_token.success?
+      return if current_agent.present?
       raise PasskeysRails::Error.new(:authentication,
                                      code: :unauthorized,
                                      message: "You are not authorized to access this resource.")
     end
-    def validated_auth_token
-      @validated_auth_token ||= PasskeysRails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
+    def passkey_authentication_result
+      @passkey_authentication_result ||= PasskeysRails::ValidateAuthToken.call(auth_token: request.headers['HTTP_X_AUTH'])
     end
   end
 end

data/app/interactors/passkeys_rails/begin_registration.rb CHANGED Viewed

@@ -5,14 +5,16 @@ module PasskeysRails
     delegate :username, to: :context
     def call
-      agent = create_unregistered_agent
+      agent = create_or_replace_unregistered_agent
       context.options = WebAuthn::Credential.options_for_create(user: { id: agent.webauthn_identifier, name: agent.username })
     end
     private
-    def create_unregistered_agent
+    def create_or_replace_unregistered_agent
+      Agent.unregistered.where(username:).destroy_all
       agent = Agent.create(username:, webauthn_identifier: WebAuthn.generate_user_id)
       context.fail!(code: :validation_errors, message: agent.errors.full_messages.to_sentence) unless agent.valid?

data/app/interactors/passkeys_rails/finish_registration.rb CHANGED Viewed

@@ -40,25 +40,42 @@ module PasskeysRails
           context.fail! code: :passkey_error, message: e.message
         end
-        create_authenticatable! if authenticatable_class.present?
+        create_authenticatable! if aux_class_name.present?
       end
     end
-    def create_authenticatable!
-      klass = begin
-        authenticatable_class.constantize
+    def aux_class_name
+      @aux_class_name ||= authenticatable_class || PasskeysRails.default_class
+    end
+    def aux_class
+      whitelist = PasskeysRails.class_whitelist
+      @aux_class ||= begin
+        case whitelist
+        when Array
+          unless whitelist.include?(aux_class_name)
+            context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{aux_class_name}) is not in the whitelist")
+          end
+        when present?
+          context.fail!(code: :invalid_class_whitelist,
+                        message: "class_whitelist is invalid.  It should be nil or an array of zero or more class names.")
+        end
+        aux_class_name.constantize
       rescue StandardError
-        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{authenticatable_class}) is not defined")
+        context.fail!(code: :invalid_authenticatable_class, message: "authenticatable_class (#{aux_class_name}) is not defined")
       end
+    end
-      begin
-        authenticatable = klass.create! do |obj|
-          obj.registering_with(agent) if obj.respond_to?(:registering_with)
-        end
-        agent.update!(authenticatable:)
-      rescue ActiveRecord::RecordInvalid => e
-        context.fail!(code: :record_invalid, message: e.message)
+    def create_authenticatable!
+      authenticatable = aux_class.create! do |obj|
+        obj.registering_with(agent) if obj.respond_to?(:registering_with)
       end
+      agent.update!(authenticatable:)
+    rescue ActiveRecord::RecordInvalid => e
+      context.fail!(code: :record_invalid, message: e.message)
     end
     def webauthn_credential

data/lib/generators/passkeys_rails/templates/passkeys_rails_config.rb CHANGED Viewed

@@ -21,4 +21,28 @@ PasskeysRails.config do |c|
   # Default is 30 days
   #
   # c.auth_token_expires_in = 30.days
+  # Model to use when creating or authenticating a passkey.
+  # This can be overridden when calling the API, but if no
+  # value is supplied when calling the API, this value is used.
+  #
+  # If nil, there is no default, and if none is supplied when
+  # calling the API, no resource is created other than
+  # a PaskeysRails::Agent that is used to track the passkey.
+  #
+  # This library doesn't assume that there will only be one
+  # model, but it is a common use case, so setting the
+  # default_class simplifies the use of the API in that case.
+  #
+  # c.default_class = "User"
+  # By providing a class_whitelist, the API will require that
+  # any supplied class is in the whitelist.  If it is not, the
+  # auth API will return an error.  This prevents a caller from
+  # attempting to create an unintended records on registration.
+  # If nil, any model will be allowed.
+  # This should be an array of symbols or strings,
+  # for example: %w[User AdminUser]
+  #
+  # c.class_whitelist = nil
 end

data/lib/passkeys-rails.rb CHANGED Viewed

@@ -19,6 +19,28 @@ module PasskeysRails
   # Set it to 0 for no expiration (not recommended in production).
   mattr_accessor :auth_token_expires_in, default: 30.days
+  # Model to use when creating or authenticating a passkey.
+  # This can be overridden when calling the API, but if no
+  # value is supplied when calling the API, this value is used.
+  # If nil, there is no default, and if none is supplied when
+  # calling the API, no resource is created other than
+  # a PaskeysRails::Agent that is used to track the passkey.
+  #
+  # This library doesn't assume that there will only be one
+  # model, but it is a common use case, so setting the
+  # default_class simplifies the use of the API in that case.
+  mattr_accessor :default_class, default: "User"
+  # By providing a class_whitelist, the API will require that
+  # any supplied class is in the whitelist.  If it is not, the
+  # auth API will return an error.  This prevents a caller from
+  # attempting to create an unintended record on registration.
+  # If nil, any model will be allowed.
+  # If [], no model will be allowed.
+  # This should be an array of symbols or strings,
+  # for example: %w[User AdminUser]
+  mattr_accessor :class_whitelist, default: nil
   class << self
     def config
       yield self

data/lib/passkeys_rails/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PasskeysRails
-  VERSION = "0.1.4".freeze
+  VERSION = "0.1.6".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passkeys-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Troy Anderson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-23 00:00:00.000000000 Z
+date: 2023-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails