Blocked by: rubygems#3334

What problem are you solving?

Part of rubygems#3298

After successful verification of Webauthn credentials, an OTP needs generated to be sent to the client (either through manual pasting or sockets).

What approach did you choose and why?

• Added a generate otp method on WebauthnVerification model
• After webauthn credentials are verified, generate the otp as SecureRandom.base58(20) with 2 minute expiry.

What should reviewers focus on?

• is SecureRandom.base58(20) fine for the otp and 2 minutes as the expiry?

Testing

1. Follow the tophat instructions from Set Webauthn authentication challenge in prompt page rubygems/rubygems.org#3324 to get to the prompt page. You are able to authenticate your webauthn credential when clicking the button.
2. Check if an OTP is generated by going to the console and running WebauthnVerification.find_by(path_token: "4MFRajUpoARwmt9w").otp