Merge pull request #76 from Shopify/webauthn-verification-model

Add WebauthnVerification model
rubygems · Dec 15, 2022 · f59fe41 · f59fe41
2 parents 2d97659 + 6e69138
commit f59fe41
Show file tree

Hide file tree

Showing 9 changed files with 485 additions and 395 deletions.
diff --git a/app/models/concerns/user_webauthn_methods.rb b/app/models/concerns/user_webauthn_methods.rb
@@ -3,6 +3,7 @@ module UserWebauthnMethods
 
   included do
     has_many :webauthn_credentials, dependent: :destroy
+    has_one :webauthn_verification, dependent: :destroy
 
     after_initialize do
       self.webauthn_id ||= WebAuthn.generate_user_id

diff --git a/app/models/webauthn_verification.rb b/app/models/webauthn_verification.rb
@@ -0,0 +1,7 @@
+class WebauthnVerification < ApplicationRecord
+  belongs_to :user
+
+  validates :user_id, uniqueness: true
+  validates :path_token, presence: true, uniqueness: true
+  validates :path_token_expires_at, presence: true
+end
diff --git a/db/migrate/20221214191823_create_webauthn_verifications.rb b/db/migrate/20221214191823_create_webauthn_verifications.rb
@@ -0,0 +1,13 @@
+class CreateWebauthnVerifications < ActiveRecord::Migration[7.0]
+  def change
+    create_table :webauthn_verifications do |t|
+      t.string :path_token, limit: 128
+      t.datetime :path_token_expires_at
+      t.string :otp
+      t.datetime :otp_expires_at
+      t.references :user, null: false, index: { unique: true }, foreign_key: true
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,8 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2022_03_29_203956) do
-
+ActiveRecord::Schema[7.0].define(version: 2022_12_14_191823) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "plpgsql"
@@ -294,6 +293,18 @@
     t.index ["user_id"], name: "index_webauthn_credentials_on_user_id"
   end
 
+  create_table "webauthn_verifications", force: :cascade do |t|
+    t.string "path_token", limit: 128
+    t.datetime "path_token_expires_at"
+    t.string "otp"
+    t.datetime "otp_expires_at"
+    t.bigint "user_id", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["user_id"], name: "index_webauthn_verifications_on_user_id", unique: true
+  end
+
   add_foreign_key "api_keys", "users"
   add_foreign_key "webauthn_credentials", "users"
+  add_foreign_key "webauthn_verifications", "users"
 end
diff --git a/doc/erd.dot b/doc/erd.dot
@@ -279,6 +279,18 @@ m_WebauthnCredential [label = <<table border="0" align="center" cellspacing="0.5
   <tr><td align="left" width="130" port="sign_count">sign_count <font face="Arial Italic" color="grey60">integer (8) ∗</font></td></tr>
 </table>
 >];
+m_WebauthnVerification [label = <<table border="0" align="center" cellspacing="0.5" cellpadding="0" width="134">
+  <tr><td align="center" valign="bottom" width="130"><font face="Arial Bold" point-size="11">WebauthnVerification</font></td></tr>
+</table>
+|
+<table border="0" align="left" cellspacing="2" cellpadding="0" width="134">
+  <tr><td align="left" width="130" port="otp">otp <font face="Arial Italic" color="grey60">string</font></td></tr>
+  <tr><td align="left" width="130" port="otp_expires_at">otp_expires_at <font face="Arial Italic" color="grey60">datetime (6,0)</font></td></tr>
+  <tr><td align="left" width="130" port="path_token">path_token <font face="Arial Italic" color="grey60">string (128) ∗ U</font></td></tr>
+  <tr><td align="left" width="130" port="path_token_expires_at">path_token_expires_at <font face="Arial Italic" color="grey60">datetime (6,0) ∗</font></td></tr>
+</table>
+>];
+  m_User -> m_WebauthnVerification [arrowhead = "none", arrowtail = "none", weight = "3"];
   m_User -> m_WebauthnCredential [arrowhead = "normal", arrowtail = "none", weight = "3"];
   m_User -> m_WebHook [arrowhead = "normal", arrowtail = "none", weight = "3"];
   m_Rubygem -> m_WebHook [arrowhead = "normal", arrowtail = "none", weight = "2"];

diff --git a/doc/erd.svg b/doc/erd.svg
diff --git a/test/factories.rb b/test/factories.rb
@@ -215,6 +215,14 @@
     end
   end
 
+  factory :webauthn_verification do
+    user
+    path_token { SecureRandom.base58(20) }
+    path_token_expires_at { Time.now.utc + 1.minute }
+    otp { SecureRandom.base58(20) }
+    otp_expires_at { Time.now.utc + 1.minute }
+  end
+
   factory :api_key_rubygem_scope do
     ownership
     api_key { create(:api_key, key: SecureRandom.hex(24)) }

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
@@ -9,6 +9,7 @@ class UserTest < ActiveSupport::TestCase
   should have_many(:subscriptions).dependent(:destroy)
   should have_many(:web_hooks).dependent(:destroy)
   should have_many(:webauthn_credentials).dependent(:destroy)
+  should have_one(:webauthn_verification).dependent(:destroy)
 
   context "validations" do
     context "handle" do

diff --git a/test/unit/webauthn_verification_test.rb b/test/unit/webauthn_verification_test.rb
@@ -0,0 +1,12 @@
+require "test_helper"
+
+class WebauthnVerificationTest < ActiveSupport::TestCase
+  subject { build(:webauthn_verification) }
+
+  should belong_to :user
+
+  should validate_uniqueness_of(:user_id)
+  should validate_presence_of(:path_token)
+  should validate_uniqueness_of(:path_token)
+  should validate_presence_of(:path_token_expires_at)
+end