devise-webauthn/app/controllers/devise/security_key_registration_options_controller.rb at d0ee47d74f7e8c4bb9a3489dd84d01ba99dbb2b0 · cedarcode/devise-webauthn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# frozen_string_literal: true

module Devise
  class SecurityKeyRegistrationOptionsController < DeviseController
    before_action :authenticate_scope!

    def index
      create_security_key_options =
        WebAuthn::Credential.options_for_create(
          user: {
            id: resource.webauthn_id,
            name: resource_human_palatable_identifier
          },
          exclude: resource.webauthn_credentials.pluck(:external_id),
          authenticator_selection: {
            resident_key: "discouraged",
            user_verification: "discouraged"
          }
        )

      # Store challenge in session for later verification
      session[:webauthn_challenge] = create_security_key_options.challenge

      render json: create_security_key_options
    end

    private

    def authenticate_scope!
      send(:"authenticate_#{resource_name}!", force: true)
      self.resource = send(:"current_#{resource_name}")
    end

    def resource_human_palatable_identifier
      authentication_keys = resource.class.authentication_keys
      authentication_keys = authentication_keys.keys if authentication_keys.is_a?(Hash)

      authentication_keys.filter_map { |authentication_key| resource.public_send(authentication_key) }.first
    end
  end
end