Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch webauthn_credentials.any? and .present? to be webauthn_enabled? #3867

Merged
merged 1 commit into from Jun 16, 2023
Merged

Switch webauthn_credentials.any? and .present? to be webauthn_enabled? #3867

merged 1 commit into from Jun 16, 2023

Conversation

ericherscovich
Copy link
Contributor

What problem are you solving?

user.webauthn_credentials.any? and user.webauthn_credentials.present? were used to detect if any webauthn credentials are present. But, there is a method, webauthn_enabled? that we can now use. The different patterns used to detect if there are webauthn credentials is inconsistent.

Further, prior to decoupling, we used @user.mfa_enabled? || @user.webauthn_credentials.any? (or present?) to represent if MFA is enabled. Now that @user.mfa_enabled? encompasses both totp and webauthn devices, the || @user.webauthn_credentials.any? should be removed.

Contributes to #3800

What approach did you choose and why?

Removes instances of .present? and .any? and replaces with webauthn_enabled? where needed. Also remove the now unnecessary or-ing to check if mfa is enabled.

@codecov
Copy link

codecov bot commented Jun 15, 2023

Codecov Report

Merging #3867 (10e3358) into master (d1cab82) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #3867   +/-   ##
=======================================
  Coverage   98.79%   98.79%           
=======================================
  Files         215      215           
  Lines        5372     5372           
=======================================
  Hits         5307     5307           
  Misses         65       65
Impacted Files Coverage Δ
app/controllers/api/v1/api_keys_controller.rb 100.00% <100.00%> (ø)
...ollers/api/v1/webauthn_verifications_controller.rb 100.00% <100.00%> (ø)
app/controllers/email_confirmations_controller.rb 100.00% <100.00%> (ø)
app/controllers/passwords_controller.rb 100.00% <100.00%> (ø)
app/controllers/sessions_controller.rb 100.00% <100.00%> (ø)
app/models/concerns/user_multifactor_methods.rb 100.00% <100.00%> (ø)

jenshenny
jenshenny approved these changes Jun 16, 2023
View reviewed changes
app/models/concerns/user_multifactor_methods.rb
@@ -26,7 +26,7 @@ def no_mfa_devices?
end

def mfa_gem_signin_authorized?(otp)
return true unless strong_mfa_level? || webauthn_credentials.present?
return true unless strong_mfa_level? || webauthn_enabled?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return true unless strong_mfa_level? || webauthn_enabled?
return true unless strong_mfa_level?

This can be removed once the rake task to migrate all webauthn only users is run.

app/models/concerns/user_multifactor_methods.rb
Comment on lines +12 to 15
if webauthn_enabled? && mfa_disabled?
self.mfa_level = :ui_and_gem_signin
save!(validate: false)
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can also be removed once the rake task is run.

@jenshenny jenshenny merged commit 70e2702 into rubygems:master Jun 16, 2023
13 checks passed
@rubygems-org-shipit rubygems-org-shipit bot temporarily deployed to staging June 16, 2023 02:03 Inactive
@rubygems-org-shipit rubygems-org-shipit bot temporarily deployed to production June 24, 2023 00:59 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jenshenny jenshenny jenshenny approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ericherscovich @jenshenny