Fix webauthn secure key authentication (#16792)
* Add tests * Fix webauthn secure key authentication Fixes #16769main
parent
2e549fa2d5
commit
24f9ea7818
|
@ -42,7 +42,7 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
end
|
end
|
||||||
|
|
||||||
def webauthn_options
|
def webauthn_options
|
||||||
user = find_user
|
user = User.find_by(id: session[:attempt_user_id])
|
||||||
|
|
||||||
if user&.webauthn_enabled?
|
if user&.webauthn_enabled?
|
||||||
options_for_get = WebAuthn::Credential.options_for_get(
|
options_for_get = WebAuthn::Credential.options_for_get(
|
||||||
|
|
|
@ -519,4 +519,33 @@ RSpec.describe Auth::SessionsController, type: :controller do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'GET #webauthn_options' do
|
||||||
|
context 'with WebAuthn and OTP enabled as second factor' do
|
||||||
|
let(:domain) { "#{Rails.configuration.x.use_https ? 'https' : 'http' }://#{Rails.configuration.x.web_domain}" }
|
||||||
|
|
||||||
|
let(:fake_client) { WebAuthn::FakeClient.new(domain) }
|
||||||
|
|
||||||
|
let!(:user) do
|
||||||
|
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
user.update(webauthn_id: WebAuthn.generate_user_id)
|
||||||
|
public_key_credential = WebAuthn::Credential.from_create(fake_client.create)
|
||||||
|
user.webauthn_credentials.create(
|
||||||
|
nickname: 'SecurityKeyNickname',
|
||||||
|
external_id: public_key_credential.id,
|
||||||
|
public_key: public_key_credential.public_key,
|
||||||
|
sign_count: '1000'
|
||||||
|
)
|
||||||
|
post :create, params: { user: { email: user.email, password: user.password } }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http success' do
|
||||||
|
get :webauthn_options
|
||||||
|
expect(response).to have_http_status :ok
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue