diff options
author | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
---|---|---|
committer | Thibaut Girka <thib@sitedethib.com> | 2020-08-30 16:13:08 +0200 |
commit | 8c3c27bf063d648823da39a206be3efd285611ad (patch) | |
tree | c78c0bed2bab5ed64a7dfd546b91b21600947112 /app/controllers/auth | |
parent | 30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff) | |
parent | 52157fdcba0837c782edbfd240be07cabc551de9 (diff) |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
Diffstat (limited to 'app/controllers/auth')
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 441833e85..1cf6a0a59 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -39,6 +39,22 @@ class Auth::SessionsController < Devise::SessionsController store_location_for(:user, tmp_stored_location) if continue_after? end + def webauthn_options + user = find_user + + if user.webauthn_enabled? + options_for_get = WebAuthn::Credential.options_for_get( + allow: user.webauthn_credentials.pluck(:external_id) + ) + + session[:webauthn_challenge] = options_for_get.challenge + + render json: options_for_get, status: :ok + else + render json: { error: t('webauthn_credentials.not_enabled') }, status: :unauthorized + end + end + protected def find_user @@ -53,7 +69,7 @@ class Auth::SessionsController < Devise::SessionsController end def user_params - params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt) + params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {}) end def after_sign_in_path_for(resource) |