Module: Devise::Passkeys::Controllers::Concerns::Reauthentication

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/passkeys/controllers/concerns/reauthentication.rb

Overview

This concern is responsible for storing, retrieving, clearing, consuming, and validating the reauthentication token in the session.

A reauthentication token is a one-time random value that is used to indicate that the user has successfully been reauthenticated. This can be used for scenarios such as:

  • Adding a new passkey
  • Deleting a passkey
  • Performing sensitive actions inside your application

You can customize which reauthentication token you're using by changing the passkey_reauthentication_token_key method after including this concern

See Also:

Instance Method Summary collapse

Instance Method Details

#clear_reauthentication_token!String

This method is responsible for clearing the reauthentication token from the session.

Returns:

  • (String)

    The reauthentication token

See Also:



51
52
53
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 51

def clear_reauthentication_token!
  session.delete(passkey_reauthentication_token_key)
end

#consume_reauthentication_token!String

This method is responsible for consuming (i.e. retrieving & clearing) the reauthentication token from the session.

Returns:

  • (String)

    The reauthentication token

See Also:



61
62
63
64
65
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 61

def consume_reauthentication_token!
  value = stored_reauthentication_token
  clear_reauthentication_token!
  value
end

#passkey_reauthentication_token_keyString

This method is responsible for generating the key that will be used to store the reauthentication token in the session hash.

Returns:

  • (String)

    The key that will be used to access the reauthentication token in the session



86
87
88
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 86

def passkey_reauthentication_token_key
  "#{resource_name}_current_reauthentication_token"
end

#store_reauthentication_token_in_sessionString

This method is responsible for storing the reauthentication token in the session.

The reauthentication token is securely generated using Devise.friendly_token

Returns:

  • (String)

    The reauthentication token

See Also:



32
33
34
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 32

def store_reauthentication_token_in_session
  session[passkey_reauthentication_token_key] = Devise.friendly_token(50)
end

#stored_reauthentication_tokenString

This method is responsible for retrieving the reauthentication token from the session.

Returns:

  • (String)

    The reauthentication token

See Also:



42
43
44
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 42

def stored_reauthentication_token
  session[passkey_reauthentication_token_key]
end

#valid_reauthentication_token?(given_reauthentication_token:) ⇒ Boolean

This method is responsible for validating the given reauthentication token against the one currently in the session.

Note: Whenever a reauthentication token is checked using valid_reauthentication_token?, It will be consumed. This means that a new token will need to be generated & stored (by reauthenticating the user) if there were any issues.

Parameters:

  • given_reauthentication_token (String)

    token to compare store token against

Returns:

  • (Boolean)

    whether the given_reauthentication_token is the same as the stored_reauthentication_token

See Also:



78
79
80
 
# File 'lib/devise/passkeys/controllers/concerns/reauthentication.rb', line 78

def valid_reauthentication_token?(given_reauthentication_token:)
  Devise.secure_compare(consume_reauthentication_token!, given_reauthentication_token)
end