unmagic-passkeys 0.1.0

data/lib/unmagic/passkeys/web_authn.rb

@@ -0,0 +1,84 @@
+# = Action Pack WebAuthn
+#
+# Provides a pure-Ruby implementation of the WebAuthn (Web Authentication)
+# specification for passkey registration and authentication. This module
+# is the top-level namespace for all WebAuthn components and provides
+# shared utilities used across ceremonies.
+#
+# == Components
+#
+# [Unmagic::Passkeys::WebAuthn::RelyingParty]
+#   Identifies your application to authenticators.
+#
+# [Unmagic::Passkeys::WebAuthn::PublicKeyCredential]
+#   Orchestrates registration and authentication ceremonies.
+#
+# [Unmagic::Passkeys::WebAuthn::Authenticator]
+#   Parses and validates authenticator responses.
+#
+# [Unmagic::Passkeys::WebAuthn::CborDecoder]
+#   Decodes CBOR-encoded data from authenticators.
+#
+# [Unmagic::Passkeys::WebAuthn::CoseKey]
+#   Parses COSE public keys into OpenSSL key objects.
+#
+# == Extending Attestation Formats
+#
+# By default only the "none" attestation format is supported. Register
+# additional verifiers with:
+#
+#   Unmagic::Passkeys::WebAuthn.register_attestation_verifier("packed", MyPackedVerifier.new)
+#
+module Unmagic::Passkeys::WebAuthn
+  class InvalidResponseError < StandardError; end
+  class InvalidCborError < StandardError; end
+  class InvalidKeyError < StandardError; end
+  class UnsupportedKeyTypeError < StandardError; end
+  class InvalidOptionsError < StandardError; end
+
+  class << self
+    # Returns a new RelyingParty configured from the current request context.
+    def relying_party
+      RelyingParty.new
+    end
+
+    # Returns the MessageVerifier used to sign and verify WebAuthn challenges.
+    def challenge_verifier
+      Rails.application.message_verifier("action_pack.webauthn.challenge")
+    end
+
+    # Returns the registry of attestation format verifiers, keyed by format
+    # string (e.g., "none", "packed"). Only "none" is registered by default.
+    def attestation_verifiers
+      @attestation_verifiers ||= {
+        "none" => Authenticator::AttestationVerifiers::None.new
+      }
+    end
+
+    # Registers a custom attestation verifier for the given +format+.
+    # The +verifier+ must respond to +verify!(attestation, client_data_json:)+.
+    def register_attestation_verifier(format, verifier)
+      attestation_verifiers[format.to_s] = verifier
+    end
+  end
+
+  # Implicit namespaces for the ceremony files required below (no Zeitwerk in lib/).
+  module Authenticator
+    module AttestationVerifiers; end
+  end
+end
+
+require_relative "web_authn/current"
+require_relative "web_authn/relying_party"
+require_relative "web_authn/cbor_decoder"
+require_relative "web_authn/cose_key"
+require_relative "web_authn/public_key_credential"
+require_relative "web_authn/public_key_credential/options"
+require_relative "web_authn/public_key_credential/creation_options"
+require_relative "web_authn/public_key_credential/request_options"
+require_relative "web_authn/authenticator/response"
+require_relative "web_authn/authenticator/data"
+require_relative "web_authn/authenticator/attestation"
+require_relative "web_authn/authenticator/attestation_verifiers/none"
+require_relative "web_authn/authenticator/attestation_response"
+require_relative "web_authn/authenticator/assertion_response"

data/lib/unmagic/passkeys.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "active_support"
+require "active_support/all"
+require "active_model"
+require "openssl"
+require "base64"
+require "json"
+require "digest"
+
+require "unmagic/passkeys/version"
+require "unmagic/passkeys/web_authn"
+require "unmagic/passkeys/holder"
+require "unmagic/passkeys/request"
+require "unmagic/passkeys/form_helper"
+require "unmagic/passkeys/engine" if defined?(::Rails::Engine)
+
+module Unmagic
+  # Passkey (WebAuthn) authentication for Rails. The module methods are thin delegators to the
+  # +Unmagic::Passkeys::Credential+ Active Record model so host code reads as
+  # +Unmagic::Passkeys.authenticate(params)+.
+  module Passkeys
+    class << self
+      def registration_options(**options)
+        Credential.registration_options(**options)
+      end
+
+      def register(passkey, **attributes)
+        Credential.register(passkey, **attributes)
+      end
+
+      def authentication_options(**options)
+        Credential.authentication_options(**options)
+      end
+
+      def authenticate(passkey)
+        Credential.authenticate(passkey)
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: unmagic-passkeys
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Keith Pitt
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-06-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: actionview
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.1'
+description: A Rails engine that adds passkey registration and authentication backed
+  by Active Record. Self-contained, pure-Ruby WebAuthn ceremonies (CBOR, COSE, attestation
+  and assertion verification) with stateless signed challenges — no external gems.
+email:
+- keith@unreasonable-magic.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- NOTICE
+- README.md
+- app/assets/javascripts/unmagic/passkeys/passkey.js
+- app/assets/javascripts/unmagic/passkeys/webauthn.js
+- app/controllers/unmagic/passkeys/challenges_controller.rb
+- app/models/unmagic/passkeys/credential.rb
+- config/importmap.rb
+- config/routes.rb
+- lib/generators/unmagic/passkeys/install_generator.rb
+- lib/generators/unmagic/passkeys/templates/POST_INSTALL
+- lib/generators/unmagic/passkeys/templates/create_unmagic_passkeys_credentials.rb.tt
+- lib/unmagic/passkeys.rb
+- lib/unmagic/passkeys/engine.rb
+- lib/unmagic/passkeys/form_helper.rb
+- lib/unmagic/passkeys/holder.rb
+- lib/unmagic/passkeys/request.rb
+- lib/unmagic/passkeys/version.rb
+- lib/unmagic/passkeys/web_authn.rb
+- lib/unmagic/passkeys/web_authn/authenticator/assertion_response.rb
+- lib/unmagic/passkeys/web_authn/authenticator/attestation.rb
+- lib/unmagic/passkeys/web_authn/authenticator/attestation_response.rb
+- lib/unmagic/passkeys/web_authn/authenticator/attestation_verifiers/none.rb
+- lib/unmagic/passkeys/web_authn/authenticator/data.rb
+- lib/unmagic/passkeys/web_authn/authenticator/response.rb
+- lib/unmagic/passkeys/web_authn/cbor_decoder.rb
+- lib/unmagic/passkeys/web_authn/cose_key.rb
+- lib/unmagic/passkeys/web_authn/current.rb
+- lib/unmagic/passkeys/web_authn/public_key_credential.rb
+- lib/unmagic/passkeys/web_authn/public_key_credential/creation_options.rb
+- lib/unmagic/passkeys/web_authn/public_key_credential/options.rb
+- lib/unmagic/passkeys/web_authn/public_key_credential/request_options.rb
+- lib/unmagic/passkeys/web_authn/relying_party.rb
+homepage: https://github.com/unreasonable-magic/unmagic-passkeys
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/unreasonable-magic/unmagic-passkeys
+  source_code_uri: https://github.com/unreasonable-magic/unmagic-passkeys
+  changelog_uri: https://github.com/unreasonable-magic/unmagic-passkeys/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Passkey (WebAuthn) authentication for Rails, with no external dependencies
+test_files: []