Set Webauthn authentication challenge in prompt page #3324

jenshenny · 2023-01-06T16:12:19Z

What problem are you solving?

Part of #3298

Stores webauthn authentication challenge on the webauthn verification page to use for credential verification.
If the user doesn't have webauthn devices, redirect to home with flash error.

What approach did you choose and why?

Storing the user id and challenge in the session. This is in line with the verification for web login https://github.com/Shopify/rubygems.org/blob/002480b704b1979a8e5db0d235ea8595ddfbc3a2/app/controllers/sessions_controller.rb#L143-L152

Testing

For when the user removes all webauthn devices before accessing the webauthn verification link

Enable a webauthn device for the user
Create a webauthn verification link by running gem signin on this Ask user to otp at webauthn verification url ruby/rubygems#6179
remove all enabled webauthn devices for the user
access the link and you will be redirected to the home page

codecov · 2023-01-06T16:20:42Z

Codecov Report

Merging #3324 (7cf09a7) into webauthn-cli (e24e848) will decrease coverage by 0.04%.
The diff coverage is 100.00%.

@@               Coverage Diff                @@
##           webauthn-cli    #3324      +/-   ##
================================================
- Coverage         98.59%   98.54%   -0.05%     
================================================
  Files               116      116              
  Lines              3405     3426      +21     
================================================
+ Hits               3357     3376      +19     
- Misses               48       50       +2

Impacted Files	Coverage Δ
...p/controllers/webauthn_verifications_controller.rb	`100.00% <100.00%> (ø)`
app/models/concerns/rubygem_searchable.rb	`94.44% <0.00%> (-5.56%)`	⬇️
lib/elastic_searcher.rb	`100.00% <0.00%> (ø)`

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

jenshenny · 2023-01-06T16:54:58Z

config/locales/zh-TW.yml

      otp_or_recovery:
      security_device:
      verify_code:
-


from running bin/fill-locales

jchestershopify

LGTM.

jenshenny · 2023-01-09T15:04:32Z

Codecov is failing because app/models/concerns/rubygem_searchable.rb coverage is decreased. This file is unrelated to this feature, and looking at the feature branch, it says that the coverage is increased in the file by the same percentage. I'm going to merge and hope that the change in coverage for the feature branch in that file will break even.

jenshenny added 2 commits January 6, 2023 11:23

Set Webauthn authentication challenge in prompt page

4a827f3

Refactor webauthn verification prompt translations

7cf09a7

jenshenny force-pushed the set-challenge-vars branch from 54d90fe to 7cf09a7 Compare January 6, 2023 16:27

jenshenny marked this pull request as ready for review January 6, 2023 16:41

jenshenny commented Jan 6, 2023

View reviewed changes

config/locales/zh-TW.yml

otp_or_recovery:

security_device:

verify_code:

Copy link

Member Author

jenshenny Jan 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from running bin/fill-locales

jchestershopify reviewed Jan 6, 2023

View reviewed changes

jenshenny requested a review from simi January 6, 2023 16:56

jenshenny merged commit 0da79ca into rubygems:webauthn-cli Jan 9, 2023

jenshenny deleted the set-challenge-vars branch January 9, 2023 15:04

jenshenny mentioned this pull request Jan 10, 2023

Add Webauthn Verification authenticate endpoint #3331

Merged

This was referenced Jan 23, 2023

Generate webauthn verification otp Shopify/rubygems.org#98

Closed

Generate webauthn verification OTP after authentication #3368

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Set Webauthn authentication challenge in prompt page #3324

Set Webauthn authentication challenge in prompt page #3324

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Set Webauthn authentication challenge in prompt page #3324

Set Webauthn authentication challenge in prompt page #3324

Uh oh!

Conversation

Uh oh!

What problem are you solving?

What approach did you choose and why?

Testing

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants