Class: ActionAuth::WebauthnCredentialAuthenticationsController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/action_auth/webauthn_credential_authentications_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/action_auth/webauthn_credential_authentications_controller.rb', line 12

def create
  webauthn_credential = WebAuthn::Credential.from_get(params)

  credential = user.webauthn_credentials.find_by(external_id: webauthn_credential.id)

  begin
    webauthn_credential.verify(
      session[:current_challenge],
      public_key: credential.public_key,
      sign_count: credential.sign_count
    )

    credential.update!(sign_count: webauthn_credential.sign_count)
    session.delete(:webauthn_user_id)
    session = user.sessions.create
    cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
    render json: { status: "ok" }, status: :ok
  rescue WebAuthn::Error => e
    Rails.logger.error "❌ Verification failed: #{e.message}"
    render json: "Verification failed: #{e.message}", status: :unprocessable_entity
  end
end

#newObject 



6
7
8
9
10
 
# File 'app/controllers/action_auth/webauthn_credential_authentications_controller.rb', line 6

def new
  get_options = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id))
  session[:current_challenge] = get_options.challenge
  @options = get_options
end