Updates and UI Changes

- Added Webauthn Key Types
- Updated text for Passkey Only login that it doesn't work with hardware keys
- Fixed attr_accessors for passkey_only and pwned_enabled

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    action_auth (1.4.2)
+    action_auth (1.5.0)
       bcrypt (~> 3.1.0)
       rails (~> 7.1)
 

README.md

@@ -103,8 +103,9 @@ ActionAuth.configure do |config|
   config.default_from_email = "[email protected]"
   config.magic_link_enabled = true
   config.passkey_only = true # Allows sign in with only a passkey
+  config.pwned_enabled = true # defined?(Pwned)
   config.verify_email_on_sign_in = true
-  config.webauthn_enabled = true
+  config.webauthn_enabled = true # defined?(WebAuthn)
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
 end

app/controllers/action_auth/webauthn_credentials_controller.rb

@@ -38,7 +38,8 @@ def create
         external_id: webauthn_credential.id,
         nickname: params[:credential_nickname],
         public_key: webauthn_credential.public_key,
-        sign_count: webauthn_credential.sign_count
+        sign_count: webauthn_credential.sign_count,
+        key_type: key_type
       )
 
       if credential.save
@@ -57,4 +58,27 @@ def destroy
 
     redirect_to sessions_path
   end
+
+  private
+
+  def key_type
+    transports = params.dig(:response, :transports)
+    return :unknown unless transports.present?
+
+    transport_types = {
+      ["internal", "hybrid"] => :passkey,
+      ["usb", "nfc"] => :hardware,
+      ["bluetooth", "wireless"] => :wireless,
+    }.freeze
+
+    transport_types.each do |keys, type|
+      if transports.is_a?(String)
+        return type if keys.include?(transports)
+      elsif transports.is_a?(Array)
+        return type if (keys & transports).any?
+      end
+    end
+
+    :unknown
+  end
 end

app/models/action_auth/webauthn_credential.rb

@@ -10,5 +10,12 @@ class WebauthnCredential < ApplicationRecord
                 greater_than_or_equal_to: 0,
                 less_than_or_equal_to: 2**32 - 1
               }
+
+    enum :key_type, {
+      unknown: 0,
+      passkey: 1,
+      hardware: 2,
+      wireless: 3
+    }
   end
 end

app/views/action_auth/sessions/index.html.erb

@@ -36,6 +36,7 @@
       <thead>
         <tr>
           <th>Key</th>
+          <th>Type</th>
           <th nowrap>Registered On</th>
           <th nowrap></th>
         </tr>
@@ -44,6 +45,7 @@
         <% current_user.webauthn_credentials.each do |credential| %>
           <%= content_tag :tr, id: dom_id(credential) do %>
             <td><%= credential.nickname %></td>
+            <td><%= credential.key_type %></td>
             <td nowrap><%= credential.created_at.strftime('%B %d, %Y') %></td>
             <td nowrap><%= button_to "Delete", credential, method: :delete, class: "btn btn-primary" %></td>
           <% end %>

app/views/action_auth/sessions/passkeys/new.html.erb

@@ -10,7 +10,7 @@
   class: "action-auth--text-center" do %>
 
   <div class="mb-3 action-auth--text-center">
-    Insert a USB key, if necessary, and tap it.
+    You must use a passkey, not a hardware key, to sign in.
     An account with a matching passkey is required.
   </div>
 <% end %>

db/migrate/20240818032321_add_type_to_webauthn_credentials.rb

@@ -0,0 +1,5 @@
+class AddTypeToWebauthnCredentials < ActiveRecord::Migration[7.2]
+  def change
+    add_column :webauthn_credentials, :key_type, :integer, default: 0, limit: 2
+  end
+end

lib/action_auth/configuration.rb

@@ -4,6 +4,8 @@ class Configuration
     attr_accessor :allow_user_deletion
     attr_accessor :default_from_email
     attr_accessor :magic_link_enabled
+    attr_accessor :passkey_only
+    attr_accessor :pwned_enabled
     attr_accessor :verify_email_on_sign_in
     attr_accessor :webauthn_enabled
     attr_accessor :webauthn_origin

lib/action_auth/version.rb

@@ -1,3 +1,3 @@
 module ActionAuth
-  VERSION = "1.4.2"
+  VERSION = "1.5.0"
 end

test/dummy/config/initializers/action_auth.rb

@@ -1,5 +1,11 @@
 ActionAuth.configure do |config|
-  config.webauthn_enabled = true
-  config.webauthn_origin = 'http://localhost:3000'
-  config.webauthn_rp_name = "Example Inc."
+  config.allow_user_deletion = true
+  config.default_from_email = "[email protected]"
+  config.magic_link_enabled = true
+  config.passkey_only = true # Allows sign in with only a passkey
+  config.pwned_enabled = true # defined?(Pwned)
+  config.verify_email_on_sign_in = true
+  config.webauthn_enabled = true # defined?(WebAuthn)
+  config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
+  config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
 end

test/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_01_14_051355) do
+ActiveRecord::Schema[7.2].define(version: 2024_08_18_032321) do
   create_table "posts", force: :cascade do |t|
     t.integer "user_id", null: false
     t.string "title"
@@ -46,6 +46,7 @@
     t.integer "user_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer "key_type", limit: 2, default: 0
     t.index ["external_id"], name: "index_webauthn_credentials_on_external_id", unique: true
     t.index ["user_id"], name: "index_webauthn_credentials_on_user_id"
   end