webauthn-rails 0.1.0 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5bf8803deeac8d925eef701fa4b9a25b3ecea1288e5af2b07dad81e60b16574d
-  data.tar.gz: ad28b85f03d4d693ec12d94c6702e6a8a6a0fbdd9226303efa520e61bc6c1000
+  metadata.gz: a8425de86118ec096864312cfb7b4ef98947437da28d88cdc5f12b0a4191aea9
+  data.tar.gz: 43f56151976719e1bb00200b3134cdde63b6786f5afaf225c274982e324258fc
 SHA512:
-  metadata.gz: 7d10d95538f98bfd0375159c3bd7acba311992cf06062aecfae5fe1f1c4bdf57de6494fd6c5ade9e70a5d5e096be723a768d330ec3722fe1f659904f4842d834
-  data.tar.gz: c81deb6084edc784f72d1cda4189e651a4748a75af71d80ad15e942a4ca6bd497f5f3211930b3416bb0ea474577fe7481850226938a9b725d1933bcbec652031
+  metadata.gz: d44fa7ccb7a3adc9248a74ab73f2758e0b3fb3fd4b7b70e98cb8956fac70c9c84b3eec954f39e4f261f26d8a4e3112bc4e4a289cab19542b2c11bbe4d4462d99
+  data.tar.gz: 784af4bb7538eccd87f50c4ce61d57ee8e3d92b823586c0c08c3c24718405b21d4258de6f599eca3e33b143a24ba1384fbc1365ec8e357186483dd708ef7686b

data/lib/generators/erb/webauthn_authentication/templates/app/views/passkeys/new.html.erb.tt

@@ -10,9 +10,9 @@
     "webauthn-credentials-options-url-value": create_options_passkeys_path,
   }) do |form| %>
   <div class="field">
-    <%%= form.label :nickname, 'Security Key nickname' %>
+    <%%= form.label :nickname, 'Passkey nickname' %>
     <%%= form.text_field :nickname, required: true %>
   </div>
   <%%= form.hidden_field :public_key_credential, data: { "webauthn-credentials-target": "credentialHiddenInput" } %>
-  <%%= form.submit "Add Security Key", disabled: true, data: { "webauthn-credentials-target": "submitButton" } %>
+  <%%= form.submit "Add Passkey", disabled: true, data: { "webauthn-credentials-target": "submitButton" } %>
 <%% end %>

data/lib/generators/test_unit/webauthn_authentication/templates/test/controllers/passkeys_controller_test.rb

@@ -7,7 +7,7 @@ class PasskeysControllerTest < ActionDispatch::IntegrationTest
     @client = WebAuthn::FakeClient.new(WebAuthn.configuration.allowed_origins.first)
   end
 
-  test "initiates Passkey creation when user is authenticated" do
+  test "create_options" do
     sign_in_as @user
     post create_options_passkeys_url
 
@@ -20,14 +20,14 @@ class PasskeysControllerTest < ActionDispatch::IntegrationTest
     assert_equal session[:current_registration][:challenge], body["challenge"]
   end
 
-  test "requires authentication to initiate Passkey creation" do
+  test "create_options unauthenticated" do
     post create_options_passkeys_url
 
     assert_response :redirect
     assert_redirected_to new_session_url
   end
 
-  test "creates passkey when user is authenticated" do
+  test "create" do
     sign_in_as @user
 
     post create_options_passkeys_url
@@ -48,11 +48,11 @@ class PasskeysControllerTest < ActionDispatch::IntegrationTest
     end
 
     assert_redirected_to root_path
-    assert_match (/Security Key registered successfully/), flash[:notice]
+    assert_match (/Passkey registered successfully/), flash[:notice]
     assert_nil session[:current_registration]
   end
 
-  test "does not create passkey when there is a Webauthn error" do
+  test "create with WebAuthn error" do
     sign_in_as @user
 
     post create_options_passkeys_url
@@ -77,34 +77,26 @@ class PasskeysControllerTest < ActionDispatch::IntegrationTest
     assert_nil session[:current_registration]
   end
 
-  test "requires authentication to create passkey" do
-    post passkeys_url, params: {
-      credential: {
-        nickname: "My Passkey",
-        public_key_credential: "{}"
-      }
-    }
+  test "create unauthenticated" do
+    post passkeys_url
 
     assert_response :redirect
     assert_redirected_to new_session_url
   end
 
-  test "deletes passkey when user is authenticated" do
-    2.times do |i|
-      WebauthnCredential.create!(
-        nickname: "My Passkey #{i}",
-        user: @user,
-        external_id: "external-id-#{i}",
-        public_key: "public-key-#{i}",
-        sign_count: 0,
-        authentication_factor: 0
-      )
-    end
+  test "destroy" do
+    credential = WebauthnCredential.passkey.create!(
+      nickname: "My Passkey",
+      user: @user,
+      external_id: "external-id",
+      public_key: "public-key",
+      sign_count: 0,
+    )
 
     sign_in_as @user
 
     assert_difference("WebauthnCredential.count", -1) do
-      delete passkey_url(@user.webauthn_credentials.first)
+      delete passkey_url(credential)
     end
     assert_redirected_to root_path
   end

data/lib/generators/test_unit/webauthn_authentication/templates/test/controllers/second_factor_authentications_controller_test.rb

@@ -0,0 +1,131 @@
+require "test_helper"
+require "webauthn/fake_client"
+
+class SecondFactorAuthenticationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:one)
+    @client = WebAuthn::FakeClient.new(WebAuthn.configuration.allowed_origins.first)
+
+    creation_options = WebAuthn::Credential.options_for_create(
+      user: { id: @user.webauthn_id, name: @user.email_address },
+      authenticator_selection: { resident_key: "discouraged", user_verification: "discouraged" }
+    )
+    create_options = @client.create(challenge: creation_options.challenge)
+    credential = WebAuthn::Credential.from_create(create_options)
+
+    WebauthnCredential.second_factor.create!(
+      nickname: "My Security Key",
+      user: @user,
+      external_id: credential.id,
+      public_key: credential.public_key,
+      sign_count: 0
+    )
+  end
+
+  test "get_options" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    post get_options_second_factor_authentication_url
+
+    assert_response :success
+    body = JSON.parse(response.body)
+    assert body["challenge"].present?
+    assert body["userVerification"] == "discouraged"
+
+    assert_equal session[:current_authentication][:challenge], body["challenge"]
+  end
+
+  test "create" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    post get_options_second_factor_authentication_url
+    challenge = session[:current_authentication][:challenge]
+
+    public_key_credential = @client.get(challenge: challenge, user_verified: false)
+
+    post second_factor_authentication_url, params: {
+      session: {
+        public_key_credential: public_key_credential.to_json
+      }
+    }
+
+    assert_redirected_to root_path
+    assert_nil session[:current_authentication]
+  end
+
+  test "create with a passkey" do
+    client = WebAuthn::FakeClient.new(WebAuthn.configuration.allowed_origins.first)
+
+    creation_options = WebAuthn::Credential.options_for_create(
+      user: { id: @user.webauthn_id, name: @user.email_address },
+      authenticator_selection: { resident_key: "discouraged", user_verification: "discouraged" }
+    )
+    create_options = client.create(challenge: creation_options.challenge)
+    credential = WebAuthn::Credential.from_create(create_options)
+
+
+    WebauthnCredential.passkey.create!(
+      nickname: "My Security Key",
+      user: @user,
+      external_id: credential.id,
+      public_key: credential.public_key,
+      sign_count: 0
+    )
+
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    post get_options_second_factor_authentication_url
+    challenge = session[:current_authentication][:challenge]
+
+    public_key_credential = client.get(challenge: challenge, user_verified: false)
+
+    post second_factor_authentication_url, params: {
+      session: {
+        public_key_credential: public_key_credential.to_json
+      }
+    }
+
+    assert_redirected_to root_path
+    assert_nil session[:current_authentication]
+  end
+
+  test "create with WebAuthn error" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    post get_options_second_factor_authentication_url
+
+    public_key_credential = @client.get(
+      user_verified: false
+    )
+
+    post second_factor_authentication_url, params: {
+      session: {
+        public_key_credential: public_key_credential.to_json
+      }
+    }
+
+    assert_redirected_to new_second_factor_authentication_path
+    assert_match (/Verification failed/), flash[:alert]
+    assert_nil session[:current_authentication]
+  end
+
+  test "create with unrecognized credential" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    post get_options_second_factor_authentication_url
+    challenge = session[:current_authentication][:challenge]
+
+    public_key_credential = @client.get(challenge: challenge, user_verified: false)
+    public_key_credential["id"]= "invalid-id"
+
+    post second_factor_authentication_url, params: {
+      session: {
+        public_key_credential: public_key_credential.to_json
+      }
+    }
+
+    assert_redirected_to new_second_factor_authentication_path
+    assert_match (/Credential not recognized/), flash[:alert]
+    assert_nil session[:current_authentication]
+  end
+end

data/lib/generators/test_unit/webauthn_authentication/templates/test/controllers/second_factor_webauthn_credentials_controller_test.rb

@@ -0,0 +1,103 @@
+require "test_helper"
+require "webauthn/fake_client"
+
+class SecondFactorWebauthnCredentialsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:one)
+    @client = WebAuthn::FakeClient.new(WebAuthn.configuration.allowed_origins.first)
+  end
+
+  test "create_options" do
+    sign_in_as @user
+    post create_options_second_factor_webauthn_credentials_url
+
+    assert_response :success
+    body = JSON.parse(response.body)
+    assert body["challenge"].present?
+    assert body["authenticatorSelection"]["residentKey"] == "discouraged"
+    assert body["authenticatorSelection"]["userVerification"] == "discouraged"
+
+    assert_equal session[:current_registration][:challenge], body["challenge"]
+  end
+
+  test "create_options unauthenticated" do
+    post create_options_second_factor_webauthn_credentials_url
+
+    assert_response :redirect
+    assert_redirected_to new_session_url
+  end
+
+  test "create" do
+    sign_in_as @user
+
+    post create_options_second_factor_webauthn_credentials_url
+    challenge = session[:current_registration][:challenge]
+
+    public_key_credential = @client.create(
+      challenge: challenge,
+      user_verified: false,
+    )
+
+    assert_difference("WebauthnCredential.second_factor.count", 1) do
+      post second_factor_webauthn_credentials_url, params: {
+        credential: {
+          nickname: "My Security Key",
+          public_key_credential: public_key_credential.to_json
+        }
+      }
+    end
+
+    assert_redirected_to root_path
+    assert_match (/Security Key registered successfully/), flash[:notice]
+    assert_nil session[:current_registration]
+  end
+
+  test "create with WebAuthn error" do
+    sign_in_as @user
+
+    post create_options_second_factor_webauthn_credentials_url
+
+    public_key_credential = @client.create(
+      user_verified: false,
+    )
+
+    assert_no_difference("WebauthnCredential.count") do
+      post second_factor_webauthn_credentials_url, params: {
+        credential: {
+          nickname: "My Security Key",
+          public_key_credential: public_key_credential.to_json
+        }
+      }
+    end
+
+    assert_redirected_to new_second_factor_webauthn_credential_path
+    assert_match (/Verification failed/), flash[:alert]
+    assert_nil session[:current_registration]
+  end
+
+  test "create unauthenticated" do
+    post second_factor_webauthn_credentials_url
+
+    assert_response :redirect
+    assert_redirected_to new_session_url
+  end
+
+  test "destroy" do
+    credential = WebauthnCredential.second_factor.create!(
+      user: @user,
+      nickname: "My Security Key",
+      external_id: "external_id",
+      public_key: "public_key",
+      sign_count: 0
+    )
+
+    sign_in_as @user
+
+    assert_difference("WebauthnCredential.second_factor.count", -1) do
+      delete second_factor_webauthn_credential_url(credential)
+    end
+
+    assert_redirected_to root_path
+    assert_match (/Security Key deleted successfully/), flash[:notice]
+  end
+end

data/lib/generators/test_unit/webauthn_authentication/templates/test/controllers/webauthn_sessions_controller_test.rb

@@ -12,17 +12,16 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     create_options = @client.create(challenge: creation_options.challenge)
     credential = WebAuthn::Credential.from_create(create_options)
 
-    WebauthnCredential.create!(
+    WebauthnCredential.passkey.create!(
       nickname: "My Passkey",
       user: @user,
       external_id: credential.id,
       public_key: credential.public_key,
       sign_count: 0,
-      authentication_factor: 0
     )
   end
 
-  test "should return get_options" do
+  test "get_options" do
     post get_options_webauthn_session_url
 
     assert_response :success
@@ -33,7 +32,7 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     assert_equal session[:current_authentication][:challenge], body["challenge"]
   end
 
-  test "should create session with valid credential" do
+  test "create" do
     post get_options_webauthn_session_url
     challenge = session[:current_authentication][:challenge]
 
@@ -49,7 +48,7 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     assert_nil session[:current_authentication]
   end
 
-  test "should not create session when there is a Webauthn error" do
+  test "create with WebAuthn error" do
     post get_options_webauthn_session_url
     challenge = session[:current_authentication][:challenge]
 
@@ -66,7 +65,7 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     assert_nil session[:current_authentication]
   end
 
-  test "should not create session with unrecognized credential" do
+  test "create with unrecognized credential" do
     post get_options_webauthn_session_url
     challenge = session[:current_authentication][:challenge]
 
@@ -84,7 +83,7 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     assert_nil session[:current_authentication]
   end
 
-  test "should not create session with a second factor credential" do
+  test "create with a second factor credential" do
     client = WebAuthn::FakeClient.new(WebAuthn.configuration.allowed_origins.first)
 
     creation_options = WebAuthn::Credential.options_for_create(
@@ -93,13 +92,12 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     create_options = client.create(challenge: creation_options.challenge)
     credential = WebAuthn::Credential.from_create(create_options)
 
-    WebauthnCredential.create!(
+    WebauthnCredential.second_factor.create!(
       nickname: "Second Factor Key",
       user: @user,
       external_id: credential.id,
       public_key: credential.public_key,
       sign_count: 0,
-      authentication_factor: 1
     )
 
     post get_options_webauthn_session_url
@@ -118,7 +116,7 @@ class WebauthnSessionsControllerTest < ActionDispatch::IntegrationTest
     assert_nil session[:current_authentication]
   end
 
-  test "should destroy session" do
+  test "destroy" do
     delete webauthn_session_url
     assert_redirected_to new_session_path
   end

data/lib/generators/test_unit/webauthn_authentication/templates/test/system/manage_webauthn_credentials_test.rb

@@ -5,8 +5,7 @@ class ManageWebauthnCredentialsTest < ApplicationSystemTestCase
   include VirtualAuthenticatorTestHelper
 
   def setup
-    user = User.create!(email_address: "alice@example.com", password: "S3cr3tP@ssw0rd!")
-    sign_in_as(user)
+    @user = User.create!(email_address: "alice@example.com", password: "S3cr3tP@ssw0rd!")
     @authenticator = add_virtual_authenticator
   end
 
@@ -14,63 +13,64 @@ class ManageWebauthnCredentialsTest < ApplicationSystemTestCase
     @authenticator.remove!
   end
 
-  test "add credentials and sign in" do
-    visit root_path
+  test "adding a passkey" do
+    sign_in_as(@user)
 
+    visit new_passkey_path
+    fill_in("Passkey nickname", with: "Touch ID")
     click_on "Add Passkey"
 
-    fill_in("Security Key nickname", with: "Touch ID")
-    click_on "Add Security Key"
-
-    assert_current_path "/"
-    assert_selector "div", text: "Security Key registered successfully"
-    assert_selector "span", text: "Touch ID"
+    assert_current_path root_path
+    # Add custom assertions based on your application's behavior
+    # assert_text "Passkey registered successfully"
+  end
 
-    click_on "Sign out"
-    assert_selector("input[type=submit][value='Sign in']")
+  test "signing in with existing passkey" do
+    add_passkey_to_authenticator(@authenticator, @user)
 
+    visit new_session_path
     click_on "Sign In with Passkey"
 
-    assert_current_path "/"
-    assert_selector "h3", text: "Your Passkeys"
+    assert_current_path root_path
+    # Add custom assertions based on your application's behavior
   end
 
-  test "sign in with 2FA WebAuthn credential" do
-    visit root_path
-
-    click_on "Add Second Factor Key"
+  test "adding a 2FA WebAuthn credential" do
+    sign_in_as(@user)
 
+    visit new_second_factor_webauthn_credential_path
     fill_in("Security Key nickname", with: "Touch ID")
     click_on "Add Security Key"
 
-    assert_current_path "/"
-    assert_selector "div", text: "Security Key registered successfully"
-    assert_selector "span", text: "Touch ID"
+    assert_current_path root_path
+    # Add custom assertions based on your application's behavior
+    # assert_text "Security Key registered successfully"
+  end
 
-    click_on "Sign out"
-    assert_selector("input[type=submit][value='Sign in']")
+  test "sign in with existing 2FA WebAuthn credential" do
+    add_security_key_to_authenticator(@authenticator, @user)
 
-    fill_in "email_address", with: "alice@example.com"
-    fill_in "password", with: "S3cr3tP@ssw0rd!"
+    visit new_session_path
+    fill_in "email_address", with: @user.email_address
+    fill_in "password", with: @user.password
     click_on "Sign in"
 
+    assert_current_path new_second_factor_authentication_path
     assert_selector "h3", text: "Two-factor authentication"
     click_on "Use Security Key"
 
-    assert_current_path "/"
-    assert_selector "h3", text: "Your Passkeys"
+    assert_current_path root_path
+    # Add custom assertions based on your application's behavior
   end
 
   private
 
   def sign_in_as(user)
     visit new_session_path
-
     fill_in "email_address", with: user.email_address
     fill_in "password", with: user.password
-
     click_on "Sign in"
 
-    assert_selector "h3", text: "Your Passkeys"
+    assert_current_path root_path
   end
 end

data/lib/generators/test_unit/webauthn_authentication/templates/test/test_helpers/virtual_authenticator_test_helper.rb

@@ -6,4 +6,42 @@ module VirtualAuthenticatorTestHelper
     options.resident_key = true
     page.driver.browser.add_virtual_authenticator(options)
   end
+
+  def add_passkey_to_authenticator(authenticator, user)
+    add_credential_to_authenticator(authenticator, user, passkey: true)
+  end
+
+  def add_security_key_to_authenticator(authenticator, user)
+    add_credential_to_authenticator(authenticator, user, passkey: false)
+  end
+
+  def add_credential_to_authenticator(authenticator, user, passkey:)
+    credential_id = SecureRandom.random_bytes(16)
+    encoded_credential_id = Base64.urlsafe_encode64(credential_id)
+    key = OpenSSL::PKey.generate_key("ED25519")
+    encoded_private_key = Base64.urlsafe_encode64(key.private_to_der)
+
+    cose_public_key = COSE::Key::OKP.from_pkey(OpenSSL::PKey.read(key.public_to_der))
+    cose_public_key.alg = -8
+    encoded_cose_public_key = Base64.urlsafe_encode64(cose_public_key.serialize)
+
+    credential_json = {
+      "credentialId" => encoded_credential_id,
+      "isResidentCredential" => passkey,
+      "rpId" => "localhost",
+      "privateKey" => encoded_private_key,
+      "signCount" => 0
+    }
+    credential_json["userHandle"] = user.webauthn_id if passkey
+
+    authenticator.add_credential(credential_json)
+
+    user.webauthn_credentials.create!(
+      nickname: "My Credential",
+      external_id: Base64.urlsafe_encode64(credential_id, padding: false),
+      public_key: encoded_cose_public_key,
+      sign_count: 0,
+      authentication_factor: passkey ? :first_factor : :second_factor
+    )
+  end
 end

data/lib/generators/test_unit/webauthn_authentication/webauthn_authentication_generator.rb

@@ -9,6 +9,8 @@ module TestUnit
       def create_controller_test_files
         template "test/controllers/passkeys_controller_test.rb"
         template "test/controllers/webauthn_sessions_controller_test.rb"
+        template "test/controllers/second_factor_authentications_controller_test.rb"
+        template "test/controllers/second_factor_webauthn_credentials_controller_test.rb"
       end
 
       def create_system_test_files

data/lib/generators/webauthn_authentication/templates/app/controllers/passkeys_controller.rb

@@ -35,7 +35,7 @@ class PasskeysController < ApplicationController
           public_key: webauthn_credential.public_key,
           sign_count: webauthn_credential.sign_count
       )
-        redirect_to root_path, notice: "Security Key registered successfully"
+        redirect_to root_path, notice: "Passkey registered successfully"
       else
         flash[:alert] = "Error registering credential"
         render :new
@@ -50,7 +50,7 @@ class PasskeysController < ApplicationController
   def destroy
     Current.user.passkeys.destroy(params[:id])
 
-    redirect_to root_path, notice: "Security Key deleted successfully"
+    redirect_to root_path, notice: "Passkey deleted successfully"
   end
 
   private

data/lib/generators/webauthn_authentication/templates/app/controllers/second_factor_authentications_controller.rb

@@ -35,9 +35,9 @@ class SecondFactorAuthenticationsController < ApplicationController
       redirect_to after_authentication_url
     rescue WebAuthn::Error => e
       redirect_to new_second_factor_authentication_path, alert: "Verification failed: #{e.message}"
-    ensure
-      session.delete(:current_authentication)
     end
+  ensure
+    session.delete(:current_authentication)
   end
 
   private
@@ -57,6 +57,6 @@ class SecondFactorAuthenticationsController < ApplicationController
   end
 
   def current_authentication_user_id
-    session[:current_authentication][:user_id] || session[:current_authentication]["user_id"]
+    session.dig(:current_authentication, :user_id) || session.dig(:current_authentication, "user_id")
   end
 end

data/lib/generators/webauthn_authentication/templates/app/controllers/second_factor_webauthn_credentials_controller.rb

@@ -40,9 +40,9 @@ class SecondFactorWebauthnCredentialsController < ApplicationController
       end
     rescue WebAuthn::Error => e
       redirect_to new_second_factor_webauthn_credential_path, alert: "Verification failed: #{e.message}"
-    ensure
-      session.delete(:current_registration)
     end
+  ensure
+    session.delete(:current_registration)
   end
 
   def destroy

data/lib/generators/webauthn_authentication/webauthn_authentication_generator.rb

@@ -8,7 +8,11 @@ end
 
 class WebauthnAuthenticationGenerator < ::Rails::Generators::Base
   include ActiveRecord::Generators::Migration
-  include BundleHelper
+  if Rails.version >= "8.1"
+    include Rails::Generators::BundleHelper
+  else
+    include BundleHelper
+  end
 
   source_root File.expand_path("../templates", __FILE__)
 
@@ -28,7 +32,7 @@ class WebauthnAuthenticationGenerator < ::Rails::Generators::Base
     if File.exist?(File.join(destination_root, "app/controllers/sessions_controller.rb"))
       gsub_file "app/controllers/sessions_controller.rb",
         /^  def create.*?^  end/m,
-        <<~RUBY.strip_heredoc.indent(2)
+        <<~RUBY.chomp.indent(2)
           def create
             if user = User.authenticate_by(params.permit(:email_address, :password))
               if user.second_factor_enabled?
@@ -54,9 +58,7 @@ class WebauthnAuthenticationGenerator < ::Rails::Generators::Base
         <<-RUBY.strip_heredoc.indent(4)
 
           def require_no_authentication
-            if Current.user
-              redirect_to root_path
-            end
+            redirect_to root_path if find_session_by_cookie
           end
         RUBY
       end

data/lib/webauthn/rails/version.rb

@@ -1,5 +1,5 @@
 module Webauthn
   module Rails
-    VERSION = "0.1.0"
+    VERSION = "0.1.2"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: webauthn-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - Cedarcode
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-09-26 00:00:00.000000000 Z
+date: 2025-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -41,6 +41,8 @@ files:
 - lib/generators/erb/webauthn_authentication/templates/app/views/second_factor_webauthn_credentials/new.html.erb.tt
 - lib/generators/erb/webauthn_authentication/webauthn_authentication_generator.rb
 - lib/generators/test_unit/webauthn_authentication/templates/test/controllers/passkeys_controller_test.rb
+- lib/generators/test_unit/webauthn_authentication/templates/test/controllers/second_factor_authentications_controller_test.rb
+- lib/generators/test_unit/webauthn_authentication/templates/test/controllers/second_factor_webauthn_credentials_controller_test.rb
 - lib/generators/test_unit/webauthn_authentication/templates/test/controllers/webauthn_sessions_controller_test.rb
 - lib/generators/test_unit/webauthn_authentication/templates/test/system/manage_webauthn_credentials_test.rb
 - lib/generators/test_unit/webauthn_authentication/templates/test/test_helpers/virtual_authenticator_test_helper.rb