Module: DiscourseWebauthn

Defined in:

lib/discourse_webauthn.rb,
lib/webauthn/challenge_generator.rb,
lib/webauthn/security_key_registration_service.rb,
lib/webauthn/security_key_authentication_service.rb,
lib/webauthn/security_key_base_validation_service.rb

Defined Under Namespace

Classes: ChallengeGenerator, ChallengeMismatchError, CredentialIdInUseError, InvalidOriginError, InvalidRelyingPartyIdError, InvalidTypeError, MalformedAttestationError, NotFoundError, OwnershipError, PublicKeyError, SecurityKeyAuthenticationService, SecurityKeyBaseValidationService, SecurityKeyError, SecurityKeyRegistrationService, UnknownCOSEAlgorithmError, UnsupportedAttestationFormatError, UnsupportedPublicKeyAlgorithmError, UserVerificationError

Constant Summary

ACCEPTABLE_REGISTRATION_TYPE =

"webauthn.create"

ACCEPTABLE_AUTHENTICATION_TYPE =

"webauthn.get"

SUPPORTED_ALGORITHMS =

-7 - ES256 -257 - RS256 (Windows Hello supported alg.)

COSE::Algorithm.registered_algorithm_ids.freeze

VALID_ATTESTATION_FORMATS =

%w[none packed fido-u2f].freeze

Class Method Summary

• .allowed_credentials(user, secure_session) ⇒ Object
• .challenge(user, secure_session) ⇒ Object
• .rp_id ⇒ Object
• .rp_name ⇒ Object
• .session_challenge_key(user) ⇒ Object
• .stage_challenge(user, secure_session) ⇒ Object

  Usage:.

Class Method Details

.allowed_credentials(user, secure_session) ⇒ Object

# File 'lib/discourse_webauthn.rb', line 57

def self.allowed_credentials(user, secure_session)
  return {} if !user.security_keys_enabled?
  credential_ids = user.second_factor_security_key_credential_ids
  {
    allowed_credential_ids: credential_ids,
    challenge: secure_session[self.session_challenge_key(user)],
  }
end

.challenge(user, secure_session) ⇒ Object

# File 'lib/discourse_webauthn.rb', line 66

def self.challenge(user, secure_session)
  secure_session[self.session_challenge_key(user)]
end

.rp_id ⇒ Object

# File 'lib/discourse_webauthn.rb', line 70

def self.rp_id
  Discourse.current_hostname
end

.rp_name ⇒ Object

# File 'lib/discourse_webauthn.rb', line 74

def self.rp_name
  SiteSetting.title
end

.session_challenge_key(user) ⇒ Object

# File 'lib/discourse_webauthn.rb', line 78

def self.session_challenge_key(user)
  "staged-webauthn-challenge-#{user&.id}"
end

.stage_challenge(user, secure_session) ⇒ Object

Usage:

These methods should be used in controllers where we are challenging the user that has a security key, and they must respond with a valid webauthn response and credentials.

# File 'lib/discourse_webauthn.rb', line 53

def self.stage_challenge(user, secure_session)
  ::DiscourseWebauthn::ChallengeGenerator.generate.commit_to_session(secure_session, user)
end