Module: DiscourseWebauthn
- Defined in:
- lib/discourse_webauthn.rb,
lib/webauthn/challenge_generator.rb,
lib/webauthn/security_key_registration_service.rb,
lib/webauthn/security_key_authentication_service.rb,
lib/webauthn/security_key_base_validation_service.rb
Defined Under Namespace
Classes: ChallengeGenerator, ChallengeMismatchError, CredentialIdInUseError, InvalidOriginError, InvalidRelyingPartyIdError, InvalidTypeError, MalformedAttestationError, NotFoundError, OwnershipError, PublicKeyError, SecurityKeyAuthenticationService, SecurityKeyBaseValidationService, SecurityKeyError, SecurityKeyRegistrationService, UnknownCOSEAlgorithmError, UnsupportedAttestationFormatError, UnsupportedPublicKeyAlgorithmError, UserVerificationError
Constant Summary
collapse
- ACCEPTABLE_REGISTRATION_TYPE =
"webauthn.create"
- ACCEPTABLE_AUTHENTICATION_TYPE =
"webauthn.get"
- SUPPORTED_ALGORITHMS =
-7 - ES256 -257 - RS256 (Windows Hello supported alg.)
COSE::Algorithm.registered_algorithm_ids.freeze
- VALID_ATTESTATION_FORMATS =
%w[none packed fido-u2f].freeze
Class Method Summary
collapse
Class Method Details
.allowed_credentials(user, secure_session) ⇒ Object
57
58
59
60
61
62
63
64
|
# File 'lib/discourse_webauthn.rb', line 57
def self.allowed_credentials(user, secure_session)
return {} if !user.security_keys_enabled?
credential_ids = user.second_factor_security_key_credential_ids
{
allowed_credential_ids: credential_ids,
challenge: secure_session[self.session_challenge_key(user)],
}
end
|
.challenge(user, secure_session) ⇒ Object
66
67
68
|
# File 'lib/discourse_webauthn.rb', line 66
def self.challenge(user, secure_session)
secure_session[self.session_challenge_key(user)]
end
|
.rp_name ⇒ Object
74
75
76
|
# File 'lib/discourse_webauthn.rb', line 74
def self.rp_name
SiteSetting.title
end
|
.session_challenge_key(user) ⇒ Object
78
79
80
|
# File 'lib/discourse_webauthn.rb', line 78
def self.session_challenge_key(user)
"staged-webauthn-challenge-#{user&.id}"
end
|
.stage_challenge(user, secure_session) ⇒ Object
Usage:
These methods should be used in controllers where we are challenging the user that has a security key, and they must respond with a valid webauthn response and credentials.