14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# File 'lib/booth/core/webauth/authentication_verification.rb', line 14
def call
if credential_id != authenticator.credential_id
raise 'this authenticator doesnt match the credential'
end
log do
"Verifying using challenge #{challenge.inspect} and public key #{authenticator.public_key.inspect} and sign count #{authenticator.sign_count.inspect}"
end
webauth.verify(
challenge,
public_key: authenticator.public_key,
sign_count: authenticator.sign_count,
)
log { 'Response successfully verified' }
authenticator.update!(sign_count: webauth.sign_count)
sudo.webauth!
Tron.success :webauth_authentication_verification_successful,
credential: authenticator.credential,
public_json: {},
http_status: :created
rescue WebAuthn::SignCountVerificationError => e
log { "Response verification failed: #{e.message} (expected #{authenticator.sign_count})" }
Tron.failure :webauth_failed, public_json: { public_message: 'Passkey Sign count mismatch.' },
public_message: "Verification failed: #{e.message}",
http_status: :unprocessable_entity
rescue WebAuthn::Error => e
log { "Response verification failed: #{e.message}" }
Tron.failure :webauth_failed, public_json: {},
public_message: "Verification failed: #{e.message}",
http_status: :unprocessable_entity
rescue RuntimeError => e
raise
ensure
sudo.webauthn_challenge = nil
end
|