Class: Admin::CredentialsController

Inherits:
ApplicationController show all
Includes:
Koi::Controller::HasWebauthn
Defined in:
app/controllers/admin/credentials_controller.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Koi::Controller::HasWebauthn

#webauthn_auth_options, #webauthn_authenticate!, #webauthn_relying_party

Instance Attribute Details

#admin_userObject (readonly)

Returns the value of attribute admin_user.



9
10
11
 
# File 'app/controllers/admin/credentials_controller.rb', line 9

def admin_user
  @admin_user
end

Instance Method Details

#createObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'app/controllers/admin/credentials_controller.rb', line 34

def create
  redirect_to(action: :new) if session[:creation_challenge].blank?

  webauthn_credential = webauthn_relying_party.verify_registration(
    JSON.parse(credential_params[:response]),
    session.delete(:creation_challenge),
  )

  credential = admin_user.credentials.find_or_initialize_by(
    external_id: webauthn_credential.id,
  )

  credential.update!(
    nickname:   credential_params[:nickname],
    public_key: webauthn_credential.public_key,
    sign_count: webauthn_credential.sign_count,
  )

  respond_to do |format|
    format.html { redirect_to admin_admin_user_path(admin_user), status: :see_other }
    format.turbo_stream { render locals: { admin_user: } }
  end
end

#destroyObject 



58
59
60
61
62
63
64
65
66
 
# File 'app/controllers/admin/credentials_controller.rb', line 58

def destroy
  credential = admin_user.credentials.find(params[:id])
  credential.destroy!

  respond_to do |format|
    format.html { redirect_to admin_admin_user_path(admin_user), status: :see_other }
    format.turbo_stream { render locals: { admin_user: } }
  end
end

#newObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'app/controllers/admin/credentials_controller.rb', line 11

def new
  unless admin_user.webauthn_id
    admin_user.update!(webauthn_id: WebAuthn.generate_user_id)
  end

  options = webauthn_relying_party.options_for_registration(
    user:    {
      id:           admin_user.webauthn_id,
      name:         admin_user.email,
      display_name: admin_user.name,
    },
    exclude: admin_user.credentials.map(&:external_id),
  )

  # Store the newly generated challenge somewhere so you can have it
  # for the verification phase.
  session[:creation_challenge] = options.challenge

  credential = admin_user.credentials.new

  render locals: { admin_user:, credential:, options: }
end