Module: Devise::Passkeys::Controllers::ReauthenticationControllerConcern

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise/passkeys/controllers/reauthentication_controller_concern.rb

Overview

This concern is responsible for handling reauthentication. It should be included in any controller that handles reauthentication, and defines:

• Useful methods to assist with the reauthentication process
• Concerns that are required to complete the reauthentication process
• Helper modules from Warden::WebAuthn that are required to complete the reauthentication process

Note: the implementing controller must define a relying_party method in order for reauthentications to work.

The authenticate_scope! is called as a before_action to verify the authentication and set the resource for the controller.

Likewise, Warden::WebAuthn::RackHelpers#set_relying_party_in_request_env is a before_action to ensure that the relying party is set in the request.env before the Warden strategy is executed

Examples:

class ReauthenticationController < ApplicationController
  include Devise::Passkeys::Controllers::ReauthenticationControllerConcern

  def relying_party
     WebAuthn::RelyingParty.new
  end
end

See Also:

• #relying_party
• Concerns::ReauthenticationChallenge
• Concerns::Reauthentication
• Warden::WebAuthn::StrategyHelpers
• Warden::WebAuthn::RackHelpers

Instance Method Summary

• #new_challenge ⇒ Object

  A controller action that stores the reauthentication challenge in session and renders the options for authentication from webauthn-ruby.

• #prepare_params ⇒ Object

  Prepares the request parameters for use by the Warden strategy.

• #reauthenticate ⇒ Object

  A controller action that:.

• #relying_party ⇒ WebAuthn::RelyingParty abstract

  The method that returns the WebAuthn::RelyingParty for this request.

• #strategy ⇒ Symbol

  A method that can be overridden to customize the Warden stratey used.

Instance Method Details

#new_challenge ⇒ Object

A controller action that stores the reauthentication challenge in session and renders the options for authentication from webauthn-ruby.

The response is rendered as JSON, with a status of 200 OK.

See Also:

• Concerns::ReauthenticationChallenge#store_reauthentication_challenge_in_session
• Warden::WebAuthn::AuthenticationInitiationHelpers#generate_authentication_options
• Warden::WebAuthn::RackHelpers#set_relying_party_in_request_env

# File 'lib/devise/passkeys/controllers/reauthentication_controller_concern.rb', line 68

def new_challenge
  options_for_authentication = generate_authentication_options(relying_party: relying_party,
                                                               options: { allow: resource.passkeys.pluck(:external_id) })

  store_reauthentication_challenge_in_session(options_for_authentication: options_for_authentication)

  render json: options_for_authentication
end

#prepare_params ⇒ Object

Prepares the request parameters for use by the Warden strategy

# File 'lib/devise/passkeys/controllers/reauthentication_controller_concern.rb', line 112

def prepare_params
  request.params[resource_name] = ActionController::Parameters.new({
                                                                     passkey_credential: params[:passkey_credential]
                                                                   })
end

#reauthenticate ⇒ Object

A controller action that:

1. Uses the warden strategy to authenticate the current user with the defined strategy
2. Calls sign_in with event: :passkey_reauthentication to verify that the user can authenticate
3. Stores the reauthentication token in the session
4. Renders a JSON object with the reauthentication token
5. Ensures that the reauthentication challenge from the session, regardless of any errors

prepare_params is called as a before_action to prepare the passkey credential for use by the Warden strategy.

Optionally accepts a block that will be executed after the user has been reauthenticated.

Examples:

{"reauthentication_token": "abcd1234"}

See Also:

• #strategy
• Concerns::Reauthentication#store_reauthentication_token_in_session
• #prepare_params

# File 'lib/devise/passkeys/controllers/reauthentication_controller_concern.rb', line 95

def reauthenticate
  sign_out(resource)
  self.resource = warden.authenticate!(strategy, auth_options)
  sign_in(resource, event: :passkey_reauthentication)
  yield resource if block_given?

  store_reauthentication_token_in_session

  render json: { reauthentication_token: stored_reauthentication_token }
ensure
  delete_reauthentication_challenge
end

#relying_party ⇒ WebAuthn::RelyingParty

This method is abstract.

The method that returns the WebAuthn::RelyingParty for this request.

Returns:

• (WebAuthn::RelyingParty) —

  when overridden, this method should return a WebAuthn::RelyingParty instance

Raises:

• (NoMethodError)

# File 'lib/devise/passkeys/controllers/reauthentication_controller_concern.rb', line 138

def relying_party
  raise NoMethodError, "need to define relying_party for this #{self.class.name}"
end

#strategy ⇒ Symbol

A method that can be overridden to customize the Warden stratey used.

Returns:

• (Symbol) —

  The key that identifies which Warden strategy will be used to handle the authentication flow for the reauthentication. Defaults to :passkey_reauthentication

# File 'lib/devise/passkeys/controllers/reauthentication_controller_concern.rb', line 122

def strategy
  :passkey_reauthentication
end