Class: AuthController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- AuthController
- Defined in:
- app/controllers/auth_controller.rb
Instance Method Summary collapse
- #add_key ⇒ Object
- #create_key ⇒ Object
- #destroy_key ⇒ Object
- #email ⇒ Object
- #login ⇒ Object
- #logout ⇒ Object
- #unsupported ⇒ Object
- #update_email_auth ⇒ Object
- #verify_code ⇒ Object
- #verify_key ⇒ Object
Methods inherited from ApplicationController
Instance Method Details
#add_key ⇒ Object
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'app/controllers/auth_controller.rb', line 77 def add_key user = User::User.find_by(id: session[:current_user_id]) if session[:email_verified] != true && user.verified != true redirect_to controller: "users", action: "email_verification" and return end webauthn_credential = WebAuthn::Credential.from_create(params) webauthn_credential.verify(session[:creation_challenge]) credential = User::Credential.new( webauthn_id: webauthn_credential.id, public_key: webauthn_credential.public_key, sign_count: webauthn_credential.sign_count, user_users_id: session[:current_user_id], name: params[:name] ) credential.save! if session[:email_verified] && user.verified != true user.verified = true user.save! end session[:authenticated] = true flash[:notice] = if params[:from_settings] "Disable insecure email code authentication" else "To disable insecure email code authentication, head to Account Settings." end render json: {authenticated: true} rescue WebAuthn::Error => e render json: {error: true, message: e} end |
#create_key ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'app/controllers/auth_controller.rb', line 49 def create_key user = User::User.find_by(id: session[:current_user_id]) if session[:email_verified] != true && user.verified != true redirect_to controller: "users", action: "email_verification" and return end if params[:skip_passkey] == "true" user.verified = true user.save! session[:authenticated] = true redirect_to(session[:return_path] || root_path, notice: "To add a passkey in the future, head to Account Settings") end @options = WebAuthn::Credential.( user: {id: user.webauthn_id, name: user.email, display_name: user.name}, authenticator_selection: { residentKey: "required", userVerification: "preferred" }, extensions: { credProps: true } ) session[:creation_challenge] = @options.challenge end |
#destroy_key ⇒ Object
149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'app/controllers/auth_controller.rb', line 149 def destroy_key cred = User::Credential.find_by(id: params[:credential_id]) if !(cred.user_users_id == current_user.id) render status: 403, plain: "403 Forbidden" end if User::Credential.where(user_users_id: current_user.id).length == 1 flash[:notice] = "You can't remove your last credential without adding a new one" else cred.destroy! end redirect_to(controller: "users", action: "settings") end |
#email ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'app/controllers/auth_controller.rb', line 17 def email user = User::User.find_by(email: params[:email]) if !user redirect_to(controller: "users", action: "register") return elsif user.disable_email_auth? flash[:notice] = "Email login codes are disabled" redirect_to(controller: "auth", action: "login") return end if Time.now.to_i > (user.try(:otp_last_minted).nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" User::Mailer.with(user: user).verification_email.deliver_later if params[:resend] == "true" then flash[:notice] = "Sent email code" end end end |
#login ⇒ Object
8 9 10 11 12 13 14 15 |
# File 'app/controllers/auth_controller.rb', line 8 def login # allow: User::Credential.all.map { |c| c.webauthn_id } = WebAuthn::Credential.(rp_id: WebAuthn.configuration.rp_id) session[:authentication_challenge] = .challenge @options = .as_json end |
#logout ⇒ Object
166 167 168 169 170 171 |
# File 'app/controllers/auth_controller.rb', line 166 def logout session.delete(:current_user_id) @_current_user = nil reset_session redirect_to root_url end |
#unsupported ⇒ Object
163 164 |
# File 'app/controllers/auth_controller.rb', line 163 def unsupported end |
#update_email_auth ⇒ Object
173 174 175 176 177 178 179 |
# File 'app/controllers/auth_controller.rb', line 173 def update_email_auth u = current_user u.disable_email_auth = !ActiveModel::Type::Boolean.new.cast(params[:checked]) u.save! end |
#verify_code ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'app/controllers/auth_controller.rb', line 36 def verify_code u = User::User.find_by(email: params[:email]) if u.use_otp(params[:code]) == true session[:authenticated] = true session[:current_user_id] = u.id redirect_to(session[:return_path] || root_path, notice: (User::Credential.where(user_users_id: u.id).length == 0) ? "Passkeys are more secure & convienient way to login. Head to Account Settings to add one." : "To disable insecure email code authentication, head to Account Settings.") else render inline: "<%= turbo_stream.replace \"error\" do %><p class=\"error\">Invalid OTP</p><% end %>", status: :unprocessable_entity, format: :turbo_stream end end |
#verify_key ⇒ Object
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# File 'app/controllers/auth_controller.rb', line 116 def verify_key webauthn_credential = WebAuthn::Credential.from_get(params) stored_credential = User::Credential.find_by(webauthn_id: webauthn_credential.id) if stored_credential.nil? render json: {error: true, message: "No account found with that key"} and return end begin webauthn_credential.verify( session[:authentication_challenge], public_key: stored_credential.public_key, sign_count: stored_credential.sign_count ) stored_credential.update!(sign_count: webauthn_credential.sign_count) session[:authenticated] = true session[:current_user_id] = stored_credential.user_users_id flash[:notice] = "To disable insecure email code authentication, head to Account Settings." render json: {authenticated: true} rescue WebAuthn::SignCountVerificationError session[:authenticated] = true render json: {authenticated: true} rescue WebAuthn::Error render json: {error: true, message: "An error occurred;"} end end |