Refactor Controller concerns to not use Warden::WebAuthn::StrategyHelpers
#29
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* In order to prevent a bleed-through between `warden-webauthn` and `devise-passkeys`, we need to use the new `Warden::WebAuthn::RackHelper` in order to get the `relying_party_key` that it defines * This prevents confusion & accidental over-inclusion that was caused by including the entire `Warden::WebAuthn::StrategyHelpers` module
* In order to prevent a bleed-through between `warden-webauthn` and `devise-passkeys`, we need to add error-handling inside of `verify_passkey_challenge` instead of including the entire `Warden::WebAuthn::StrategyHelpers` * This prevents confusion & accidental over-inclusion that was caused by including the entire `Warden::WebAuthn::StrategyHelpers` module
* The definitions from the README were added directly to `warden-webauthn`'s `Warden::WebAuthn::RackHelper` * see: ruby-passkeys/warden-webauthn@80d2101 * Therefore, we can remove this code and rely on the `RackHelper` to define the method for us
Vagab
suggested changes
Jun 24, 2023
* Moving the preamble checks that the `parsed_credential` is valid into its own `verify_credential_integrity` `before_action` helps keep the `verify_passkey_challenge` focused, since verifying the credential's integrity is a separate step (making sure it's not blank and is parseable JSON)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note, this cannot be merged in until ruby-passkeys/warden-webauthn#4 is merged and a new gem version is cut
This PR prevents the bleed-through caused by including all of
Warden::WebAuthn::StrategyHelpersfor a small number of methods.This resolves #28
(@Vagab I can't add you as a reviewer directly, but would like your feedback on this one as well, since it would solve our discussion: #25 (comment))