DEV: Refactor webauthn to support passkeys (1/3) #23586

pmusaraj · 2023-09-14T13:54:15Z

This is part 1 of 3, split up of PR #23529. This PR refactors the webauthn code to support passkey authentication/registration.

Passkeys aren't used yet, that is coming in PRs 2 and 3.

Changes in this PR include:

renaming webauthn services
centralizing rp_id and origin properties (this also simplifies local testing)
adding first factor params to webauthn services
adding specs with valid credentials for first factor

This is part 1 of 3, split up of PR #23529. This PR refactors the webauthn code to support passkey authentication/registration. Passkeys aren't used yet, that is coming in PRs 2 and 3.

pmusaraj · 2023-09-14T13:56:17Z

lib/webauthn/base_validation_service.rb

+    # bit 6 - attested credential data
+    # bit 7 - extension data
+
+    def validate_user_presence


Previously, we were checking for the user presence flag only but the validation was using the wrong name. The change here adds the correct error message for user presence and adds the correct flow for user verification. (Note that in the registration/authentication services, verification is only used for first-factor keys.)

discoursebot · 2023-09-14T18:52:00Z

This pull request has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/support-for-apples-passkeys-system/229259/32

pmusaraj · 2023-09-27T20:02:03Z

Marked this as ready for review just now, if you have a chance to review please @tgxworld @davidtaylorhq.

app/models/user.rb

lib/discourse_webauthn.rb

lib/webauthn/authentication_service.rb

lib/webauthn/base_validation_service.rb

lib/discourse_webauthn.rb

spec/lib/webauthn/authentication_service_spec.rb

spec/lib/webauthn/registration_service_spec.rb

spec/lib/webauthn/authentication_service_spec.rb

spec/lib/webauthn/registration_service_spec.rb

lib/discourse_webauthn.rb

spec/requests/users_controller_spec.rb

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

app/models/user.rb

tgxworld

Some more small comments that needs to be resolved but I think the changes look great to me 👍

DEV: Refactor webauthn to support passkeys

16439db

This is part 1 of 3, split up of PR #23529. This PR refactors the webauthn code to support passkey authentication/registration. Passkeys aren't used yet, that is coming in PRs 2 and 3.

pmusaraj commented Sep 14, 2023

View reviewed changes

This was referenced Sep 14, 2023

DEV: Add routes and controller actions for passkeys (2/3) #23587

Merged

DEV: Add UI for passkeys (3/3) #23591

Closed

pmusaraj changed the title ~~DEV: Refactor webauthn to support passkeys~~ DEV: Refactor webauthn to support passkeys (1/3) Sep 14, 2023

pmusaraj marked this pull request as ready for review September 27, 2023 20:00

tgxworld reviewed Sep 27, 2023

View reviewed changes

app/models/user.rb Outdated Show resolved Hide resolved

tgxworld reviewed Sep 27, 2023

View reviewed changes

lib/discourse_webauthn.rb Show resolved Hide resolved

tgxworld reviewed Sep 27, 2023

View reviewed changes

lib/webauthn/authentication_service.rb Outdated Show resolved Hide resolved

tgxworld reviewed Sep 27, 2023

View reviewed changes

lib/webauthn/authentication_service.rb Outdated Show resolved Hide resolved

tgxworld reviewed Sep 27, 2023

View reviewed changes

lib/webauthn/base_validation_service.rb Outdated Show resolved Hide resolved

tgxworld reviewed Sep 27, 2023

View reviewed changes

lib/discourse_webauthn.rb Outdated Show resolved Hide resolved