Module: BetterAuth::Passkey::Utils

Defined in:

lib/better_auth/passkey/utils.rb

Class Method Summary

• .after_registration_verification_user_id(config, ctx, credential, challenge, response, session) ⇒ Object
• .allowed_origins(config, ctx, origin: nil) ⇒ Object
• .authenticator_selection(config, query) ⇒ Object
• .call_callback(callback, data) ⇒ Object
• .normalize_hash(value) ⇒ Object
• .origin(config, ctx) ⇒ Object
• .registration_user_data(id:, name:, display_name: nil, email: nil) ⇒ Object
• .relying_party(config, ctx, origin: nil) ⇒ Object
• .require_key!(body, key) ⇒ Object
• .require_string!(body, key) ⇒ Object
• .resolve_extensions(extensions, ctx) ⇒ Object
• .resolve_registration_user(config, ctx, query) ⇒ Object
• .rp_id(config, ctx) ⇒ Object
• .validate_authenticator_attachment!(value) ⇒ Object

Class Method Details

.after_registration_verification_user_id(config, ctx, credential, challenge, response, session) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 132

def after_registration_verification_user_id(config, ctx, credential, challenge, response, session)
  user_data = challenge.fetch("userData")
  target_user_id = user_data.fetch("id")
  callback = config.dig(:registration, :after_verification)
  return target_user_id unless callback.respond_to?(:call)

  result = normalize_hash(call_callback(callback, {
    ctx: ctx,
    verification: credential,
    user: {
      id: user_data.fetch("id"),
      name: user_data["name"] || user_data.fetch("id"),
      display_name: user_data["displayName"] || user_data["display_name"]
    },
    client_data: response,
    context: challenge["context"]
  }) || {})
  returned_user_id = result[:user_id]
  return target_user_id if returned_user_id.nil? || returned_user_id == ""

  unless returned_user_id.is_a?(String) && returned_user_id.length.positive?
    raise APIError.new("BAD_REQUEST", message: BetterAuth::Passkey::ErrorCodes::PASSKEY_ERROR_CODES.fetch("RESOLVED_USER_INVALID"))
  end

  if session && returned_user_id != session.fetch(:user).fetch("id")
    raise APIError.new("UNAUTHORIZED", message: BetterAuth::Passkey::ErrorCodes::PASSKEY_ERROR_CODES.fetch("YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY"))
  end

  returned_user_id
end

.allowed_origins(config, ctx, origin: nil) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 27

def allowed_origins(config, ctx, origin: nil)
  Array(origin || config[:origin] || ctx.context.options.base_url).compact
end

.authenticator_selection(config, query) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 42

def authenticator_selection(config, query)
  selection = normalize_hash(config[:authenticator_selection] || {})
  attachment = query[:authenticator_attachment]
  selection[:authenticator_attachment] = attachment if attachment
  {
    resident_key: selection[:resident_key] || "preferred",
    user_verification: selection[:user_verification] || "preferred",
    authenticator_attachment: selection[:authenticator_attachment]
  }.compact
end

.call_callback(callback, data) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 163

def call_callback(callback, data)
  return nil unless callback.respond_to?(:call)

  if callback.parameters.any? { |kind, _name| [:key, :keyreq, :keyrest].include?(kind) }
    callback.call(**data)
  else
    callback.call(data)
  end
end

.normalize_hash(value) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 11

def normalize_hash(value)
  BetterAuth::Passkey::Schema.normalize_hash(value)
end

.origin(config, ctx) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 23

def origin(config, ctx)
  config[:origin] || ctx.headers["origin"]
end

.registration_user_data(id:, name:, display_name: nil, email: nil) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 117

def registration_user_data(id:, name:, display_name: nil, email: nil)
  {
    "id" => id,
    "name" => name,
    "displayName" => display_name,
    "email" => email
  }.compact
end

.relying_party(config, ctx, origin: nil) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 15

def relying_party(config, ctx, origin: nil)
  WebAuthn::RelyingParty.new(
    id: rp_id(config, ctx),
    name: config[:rp_name] || ctx.context.app_name,
    allowed_origins: allowed_origins(config, ctx, origin: origin)
  )
end

.require_key!(body, key) ⇒ Object

Raises:

• (APIError)

# File 'lib/better_auth/passkey/utils.rb', line 59

def require_key!(body, key)
  return if body.key?(key)

  raise APIError.new("BAD_REQUEST", message: BASE_ERROR_CODES.fetch("VALIDATION_ERROR"))
end

.require_string!(body, key) ⇒ Object

Raises:

• (APIError)

# File 'lib/better_auth/passkey/utils.rb', line 65

def require_string!(body, key)
  require_key!(body, key)
  return if body[key].is_a?(String)

  raise APIError.new("BAD_REQUEST", message: BASE_ERROR_CODES.fetch("VALIDATION_ERROR"))
end

.resolve_extensions(extensions, ctx) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 126

def resolve_extensions(extensions, ctx)
  return nil unless extensions

  normalize_hash(extensions.respond_to?(:call) ? call_callback(extensions, {ctx: ctx}) : extensions)
end

.resolve_registration_user(config, ctx, query) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 72

def resolve_registration_user(config, ctx, query)
  require_session = config.dig(:registration, :require_session) != false
  if require_session
    session = BetterAuth::Routes.current_session(ctx, allow_nil: true, sensitive: true, fresh: true)
    unless session&.dig(:user, "id")
      raise APIError.new("UNAUTHORIZED", message: BetterAuth::Passkey::ErrorCodes::PASSKEY_ERROR_CODES.fetch("SESSION_REQUIRED"))
    end
    user = session.fetch(:user)
    return registration_user_data(
      id: user.fetch("id"),
      name: user["email"] || user["id"],
      display_name: user["email"] || user["id"],
      email: user["email"]
    )
  end

  session = BetterAuth::Routes.current_session(ctx, allow_nil: true)
  if session
    user = session.fetch(:user)
    return registration_user_data(
      id: user.fetch("id"),
      name: user["email"] || user["id"],
      display_name: user["email"] || user["id"],
      email: user["email"]
    )
  end

  resolver = config.dig(:registration, :resolve_user)
  unless resolver.respond_to?(:call)
    raise APIError.new("BAD_REQUEST", message: BetterAuth::Passkey::ErrorCodes::PASSKEY_ERROR_CODES.fetch("RESOLVE_USER_REQUIRED"))
  end

  resolved = normalize_hash(call_callback(resolver, {ctx: ctx, context: query[:context]}) || {})
  unless resolved[:id].to_s != "" && resolved[:name].to_s != ""
    raise APIError.new("BAD_REQUEST", message: BetterAuth::Passkey::ErrorCodes::PASSKEY_ERROR_CODES.fetch("RESOLVED_USER_INVALID"))
  end

  registration_user_data(
    id: resolved[:id],
    name: resolved[:name],
    display_name: resolved[:display_name],
    email: resolved[:email]
  )
end

.rp_id(config, ctx) ⇒ Object

# File 'lib/better_auth/passkey/utils.rb', line 31

def rp_id(config, ctx)
  return config[:rp_id] if config[:rp_id]

  base_url = ctx.context.options.base_url.to_s
  return "localhost" if base_url.empty?

  URI.parse(base_url).host || "localhost"
rescue URI::InvalidURIError
  "localhost"
end

.validate_authenticator_attachment!(value) ⇒ Object

Raises:

• (APIError)

# File 'lib/better_auth/passkey/utils.rb', line 53

def validate_authenticator_attachment!(value)
  return if value.nil? || ["platform", "cross-platform"].include?(value)

  raise APIError.new("BAD_REQUEST", message: BASE_ERROR_CODES.fetch("VALIDATION_ERROR"))
end