From 9f43c7a940b1a98484d1cf190f1d7a9b75004e49 Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Thu, 5 Feb 2026 16:15:27 -0300 Subject: [PATCH 1/2] Remove now-unnecessary helpers --- .../webauthn/helpers/credentials_helper.rb | 71 ------------------- 1 file changed, 71 deletions(-) diff --git a/lib/devise/webauthn/helpers/credentials_helper.rb b/lib/devise/webauthn/helpers/credentials_helper.rb index 2173263a..0c74af20 100644 --- a/lib/devise/webauthn/helpers/credentials_helper.rb +++ b/lib/devise/webauthn/helpers/credentials_helper.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -# rubocop:disable Metrics/ModuleLength module Devise module Webauthn module CredentialsHelper @@ -59,75 +58,6 @@ def login_with_security_key_button(text = nil, resource:, button_classes: nil, f end end - def create_passkey_options(resource) - @create_passkey_options ||= begin - options = WebAuthn::Credential.options_for_create( - user: { - id: resource.webauthn_id, - name: resource_human_palatable_identifier - }, - exclude: resource.passkeys.pluck(:external_id), - authenticator_selection: { - resident_key: "required", - user_verification: "required" - } - ) - - # Store challenge in session for later verification - session[:webauthn_challenge] = options.challenge - - options - end - end - - def passkey_authentication_options - @passkey_authentication_options ||= begin - options = WebAuthn::Credential.options_for_get( - user_verification: "required" - ) - - # Store challenge in session for later verification - session[:authentication_challenge] = options.challenge - - options - end - end - - def create_security_key_options(resource) - @create_security_key_options ||= begin - options = WebAuthn::Credential.options_for_create( - user: { - id: resource.webauthn_id, - name: resource_human_palatable_identifier - }, - exclude: resource.webauthn_credentials.pluck(:external_id), - authenticator_selection: { - resident_key: "discouraged", - user_verification: "discouraged" - } - ) - - # Store challenge in session for later verification - session[:webauthn_challenge] = options.challenge - - options - end - end - - def security_key_authentication_options(resource) - @security_key_authentication_options ||= begin - options = WebAuthn::Credential.options_for_get( - allow: resource.webauthn_credentials.pluck(:external_id), - user_verification: "discouraged" - ) - - # Store challenge in session for later verification - session[:two_factor_authentication_challenge] = options.challenge - - options - end - end - private def resource_human_palatable_identifier @@ -139,4 +69,3 @@ def resource_human_palatable_identifier end end end -# rubocop:enable Metrics/ModuleLength From 803e12ec4911e89072e1a90dccabff0bc0f93a5f Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Thu, 5 Feb 2026 17:02:26 -0300 Subject: [PATCH 2/2] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4116822..a06f1708 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Changed - Options for getting or creating passkeys and security keys are now served by dedicated Rails controllers and retrieved via JavaScript fetch requests. [#73](https://github.com/cedarcode/devise-webauthn/pull/73) [@nicolastemciuc] +- BREAKING!: Remove helpers for generating WebAuthn options. [#106](https://github.com/cedarcode/devise-webauthn/pull/115) [@nicolastemciuc] ## [v0.3.0](https://github.com/cedarcode/devise-webauthn/compare/v0.2.2...v0.3.0/) - 2026-01-16