diff --git a/app/models/concerns/user_webauthn_methods.rb b/app/models/concerns/user_webauthn_methods.rb
index 7dee0c4ba1e..448d71cf4a1 100644
--- a/app/models/concerns/user_webauthn_methods.rb
+++ b/app/models/concerns/user_webauthn_methods.rb
@@ -3,6 +3,7 @@ module UserWebauthnMethods
included do
has_many :webauthn_credentials, dependent: :destroy
+ has_one :webauthn_verification, dependent: :destroy
after_initialize do
self.webauthn_id ||= WebAuthn.generate_user_id
diff --git a/app/models/webauthn_verification.rb b/app/models/webauthn_verification.rb
new file mode 100644
index 00000000000..ecc7e4b3ebc
--- /dev/null
+++ b/app/models/webauthn_verification.rb
@@ -0,0 +1,7 @@
+class WebauthnVerification < ApplicationRecord
+ belongs_to :user
+
+ validates :user_id, uniqueness: true
+ validates :path_token, presence: true, uniqueness: true
+ validates :path_token_expires_at, presence: true
+end
diff --git a/db/migrate/20221214191823_create_webauthn_verifications.rb b/db/migrate/20221214191823_create_webauthn_verifications.rb
new file mode 100644
index 00000000000..f06b22b2ee5
--- /dev/null
+++ b/db/migrate/20221214191823_create_webauthn_verifications.rb
@@ -0,0 +1,13 @@
+class CreateWebauthnVerifications < ActiveRecord::Migration[7.0]
+ def change
+ create_table :webauthn_verifications do |t|
+ t.string :path_token, limit: 128
+ t.datetime :path_token_expires_at
+ t.string :otp
+ t.datetime :otp_expires_at
+ t.references :user, null: false, index: { unique: true }, foreign_key: true
+
+ t.timestamps
+ end
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index fc2038cbcd9..8330b701254 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,8 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.0].define(version: 2022_03_29_203956) do
-
+ActiveRecord::Schema[7.0].define(version: 2022_12_14_191823) do
# These are extensions that must be enabled in order to support this database
enable_extension "hstore"
enable_extension "plpgsql"
@@ -294,6 +293,18 @@
t.index ["user_id"], name: "index_webauthn_credentials_on_user_id"
end
+ create_table "webauthn_verifications", force: :cascade do |t|
+ t.string "path_token", limit: 128
+ t.datetime "path_token_expires_at"
+ t.string "otp"
+ t.datetime "otp_expires_at"
+ t.bigint "user_id", null: false
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
+ t.index ["user_id"], name: "index_webauthn_verifications_on_user_id", unique: true
+ end
+
add_foreign_key "api_keys", "users"
add_foreign_key "webauthn_credentials", "users"
+ add_foreign_key "webauthn_verifications", "users"
end
diff --git a/doc/erd.dot b/doc/erd.dot
index 0770c9a6f5d..eaab956dacd 100644
--- a/doc/erd.dot
+++ b/doc/erd.dot
@@ -279,6 +279,18 @@ m_WebauthnCredential [label = <
>];
+m_WebauthnVerification [label = <
+|
+
+ otp string |
+ otp_expires_at datetime (6,0) |
+ path_token string (128) ∗ U |
+ path_token_expires_at datetime (6,0) ∗ |
+
+>];
+ m_User -> m_WebauthnVerification [arrowhead = "none", arrowtail = "none", weight = "3"];
m_User -> m_WebauthnCredential [arrowhead = "normal", arrowtail = "none", weight = "3"];
m_User -> m_WebHook [arrowhead = "normal", arrowtail = "none", weight = "3"];
m_Rubygem -> m_WebHook [arrowhead = "normal", arrowtail = "none", weight = "2"];
diff --git a/doc/erd.svg b/doc/erd.svg
index 44e9a7e1f30..05f8ed55d92 100644
--- a/doc/erd.svg
+++ b/doc/erd.svg
@@ -1,551 +1,576 @@
-
-