Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests
History
Penar Musaraj e3e73a3091
DEV: Add routes and controller actions for passkeys (2/3) (#23587) 
This is part 2 (of 3) for passkeys support.

This adds a hidden site setting plus routes and controller actions.

1. registering passkeys

Passkeys are registered in a two-step process. First, `create_passkey`
returns details for the browser to create a passkey. This includes
- a challenge
- the relying party ID and Origin
- the user's secure identifier
- the supported algorithms
- the user's existing passkeys (if any)

Then the browser creates a key with this information, and submits it to
the server via `register_passkey`.

2. authenticating passkeys

A similar process happens here as well. First, a challenge is created
and sent to the browser. Then the browser makes a public key credential
and submits it to the server via `passkey_auth_perform`.

3. renaming/deleting passkeys

These routes allow changing the name of a key and deleting it.

4. checking if session is trusted for sensitive actions

Since a passkey is a password replacement, we want to make sure to confirm the user's identity before allowing adding/deleting passkeys. The u/trusted-session GET route returns success if user has confirmed their session (and failed if user hasn't). In the frontend (in the next PR), we're using these routes to show the password confirmation screen. 

The `/u/confirm-session` route allows the user to confirm their session with a password. The latter route's functionality already existed in core, under the 2FA flow, but it has been abstracted into its own here so it can be used independently.


Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
 		2023-10-11 14:36:54 -04:00
..
admin FEATURE: granular webhooks (#23070) 2023-10-09 03:35:31 +00:00
api FEATURE: Remove support for legacy navigation menu (#23752) 2023-10-09 07:24:10 +08:00
examples SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
about_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
application_controller_spec.rb DEV: Add hidden `cross_origin_opener_policy_header` site setting (#23346) 2023-08-31 08:50:06 -04:00
associate_accounts_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
badges_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
bookmarks_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
bootstrap_controller_spec.rb DEV: Eliminate flakiness in specs that depend on plugins from fixtures (#21912) 2023-06-05 08:06:00 +08:00
categories_controller_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
clicks_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
composer_controller_spec.rb UX: hide warning if all users mentioned via group are already invited. (#23557) 2023-09-13 19:21:44 +05:30
composer_messages_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
csp_reports_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
directory_columns_controller_spec.rb DEV: Refactored and moved Edit Directory Column tests out of directory_columns_controller_spec (#22022) 2023-06-08 18:00:01 -05:00
directory_items_controller_spec.rb FIX: Validate page/limit params for directory, user-badges and groups (#22877) 2023-07-31 15:00:05 +01:00
do_not_disturb_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
drafts_controller_spec.rb SECURITY: Limit number of drafts per user and length of `draft_key` 2023-09-12 15:31:26 -03:00
edit_directory_columns_controller_spec.rb DEV: Refactored and moved Edit Directory Column tests out of directory_columns_controller_spec (#22022) 2023-06-08 18:00:01 -05:00
email_controller_spec.rb FIX: Unsubscribing via key associated with deleted topic (#20275) 2023-02-16 10:47:01 +00:00
embed_controller_spec.rb FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales (#21876) 2023-06-01 05:27:11 +03:00
exceptions_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
export_csv_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
extra_locales_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
finish_installation_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
form_templates_controller_spec.rb DEV: Remove setting explicit `id` on Fabricated property (#21831) 2023-05-30 09:34:01 -07:00
forums_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
groups_controller_spec.rb FIX: Validate page/limit params for directory, user-badges and groups (#22877) 2023-07-31 15:00:05 +01:00
hashtags_controller_spec.rb DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) 2023-08-08 11:18:55 +10:00
inline_onebox_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
invites_controller_spec.rb SECURITY: Handle concurrent invite accepts 2023-07-28 12:53:48 +01:00
list_controller_spec.rb DEV: Validate before and bumped_before options in TopicQuery (#23451) 2023-09-07 14:38:03 +10:00
metadata_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
notifications_controller_spec.rb FEATURE: Remove support for legacy navigation menu (#23752) 2023-10-09 07:24:10 +08:00
offline_controller_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
omniauth_callbacks_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
onebox_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
permalinks_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
post_action_users_controller_spec.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
post_actions_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
post_readers_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
posts_controller_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
presence_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
published_pages_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
push_notification_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
qunit_controller_spec.rb DEV: Stop building test assets in production under Embroider (#23388) 2023-09-11 09:12:37 +01:00
reviewable_claimed_topics_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
reviewables_controller_spec.rb FIX: Pending post deletion by creator (#23130) 2023-08-18 15:30:59 +00:00
robots_txt_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
safe_mode_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
search_controller_spec.rb FIX: Search by tag context was broken (#23006) 2023-08-08 15:15:34 -04:00
session_controller_spec.rb DEV: Add routes and controller actions for passkeys (2/3) (#23587) 2023-10-11 14:36:54 -04:00
sidebar_sections_controller_spec.rb SECURITY: limit amount of links in custom sidebar section (#22543) 2023-07-11 15:25:01 -06:00
similar_topics_controller_spec.rb DEV: Disable SearchIndexer after fabrication (#21378) 2023-05-04 09:20:52 +08:00
site_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
sitemap_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
slugs_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
static_controller_spec.rb DEV: Avoid leaking new site setting states in test environment (#21713) 2023-05-25 07:53:57 +08:00
steps_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
stylesheets_controller_spec.rb DEV: Eliminate flakiness in specs that depend on plugins from fixtures (#21912) 2023-06-05 08:06:00 +08:00
svg_sprite_controller_spec.rb DEV: Avoid multiple fabrications in spec (#21606) 2023-05-17 14:28:31 +08:00
tag_groups_controller_spec.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
tags_controller_spec.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
theme_javascripts_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
topics_controller_spec.rb DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
uploads_controller_multisite_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
uploads_controller_spec.rb DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
user_actions_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
user_api_keys_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
user_avatars_controller_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
user_badges_controller_spec.rb FIX: Validate page/limit params for directory, user-badges and groups (#22877) 2023-07-31 15:00:05 +01:00
user_status_controller_spec.rb DEV: Format `UserStatus#ends_at` as a ISO8601 timestamp (#23796) 2023-10-05 20:41:12 +02:00
users_controller_spec.rb DEV: Add routes and controller actions for passkeys (2/3) (#23587) 2023-10-11 14:36:54 -04:00
users_email_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
webhooks_controller_spec.rb FEATURE: Add Mailpace webhook (#21981) 2023-06-08 20:06:20 +03:00
wizard_controller_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00