Fix webauthn bug. Fix tests. Update docs

2026-01-01 15:24:56 +11:00
parent 1afcd041f9
commit ae99d3d9cf
3 changed files with 15 additions and 5 deletions
--- a/app/models/webauthn_credential.rb
+++ b/app/models/webauthn_credential.rb
@@ -1,6 +1,9 @@
 class WebauthnCredential < ApplicationRecord
  belongs_to :user

+  # Set default authenticator_type if not provided
+  after_initialize :set_default_authenticator_type, if: :new_record?
+
  # Validations
  validates :external_id, presence: true, uniqueness: true
  validates :public_key, presence: true
@@ -77,6 +80,10 @@ class WebauthnCredential < ApplicationRecord

  private

+  def set_default_authenticator_type
+    self.authenticator_type ||= "cross-platform"
+  end
+
  def time_ago_in_words(time)
    seconds = Time.current - time
    minutes = seconds / 60
--- a/docs/beta-checklist.md
+++ b/docs/beta-checklist.md
@@ -136,7 +136,7 @@ This checklist ensures Clinch meets security, quality, and documentation standar
 - [ ] Document required vs. optional configuration
 - [ ] Provide sensible defaults
 - [ ] Validate production SMTP configuration
- [ ] Ensure OIDC private key generation process is documented
+- [x] Ensure OIDC private key generation process is documented

 ### Database
 - [x] Migrations are idempotent
@@ -187,7 +187,7 @@ This checklist ensures Clinch meets security, quality, and documentation standar
 ## Known Limitations & Risks

 ### Documented Risks
- [ ] Document that ForwardAuth requires same-domain setup
+- [x] Document that ForwardAuth requires same-domain setup
 - [ ] Document HTTPS requirement for production
 - [ ] Document backup code security (single-use, store securely)
 - [ ] Document admin password security requirements
--- a/test/integration/webauthn_security_test.rb
+++ b/test/integration/webauthn_security_test.rb
@@ -128,7 +128,10 @@ class WebauthnSecurityTest < ActionDispatch::IntegrationTest
      nickname: "Test Key"
    )

-    # Sign in with WebAuthn
+    # Sign in first
+    post signin_path, params: {email_address: user.email_address, password: "password123"}
+
+    # Get WebAuthn challenge
    post webauthn_challenge_path, params: {email: "webauthn_verify_origin_test@example.com"}
    assert_response :success

@@ -224,8 +227,8 @@ class WebauthnSecurityTest < ActionDispatch::IntegrationTest
    )

    credential.reload
-    assert_equal "192.168.1.100", credential.last_ip_address
-    assert_equal "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", credential.last_user_agent
+    assert_equal "192.168.1.100", credential.last_used_ip
+    assert_equal "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", credential.user_agent

    user.destroy
  end