build: configure webauthn origin using Rails configurations (#144)

cedarcode · Mar 29, 2024 · 9bbd81a · 9bbd81a
1 parent fe83a4d
commit 9bbd81a
Show file tree

Hide file tree

Showing 11 changed files with 13 additions and 9 deletions.
diff --git a/.env.example b/.env.example
@@ -1,3 +1,2 @@
 ROLLBAR_POST_SERVER_ITEM_ACCESS_TOKEN=
 ROLLBAR_POST_CLIENT_ITEM_ACCESS_TOKEN=
-WEBAUTHN_ORIGIN=http://localhost:3000
diff --git a/.env.test b/.env.test
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -23,7 +23,7 @@ def current_user
   def relying_party
     @relying_party ||=
       WebAuthn::RelyingParty.new(
-        origin: ENV["WEBAUTHN_ORIGIN"],
+        origin: Rails.configuration.webauthn_origin,
         name: "WebAuthn Rails Demo App"
       )
   end

diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -64,4 +64,6 @@
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
+
+  config.webauthn_origin = 'http://localhost:3000'
 end
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -83,5 +83,7 @@
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
 
-  config.middleware.use(Rack::HostRedirect, "webauthn.herokuapp.com" => URI(ENV["WEBAUTHN_ORIGIN"]).host)
+  config.webauthn_origin = 'https://webauthn.cedarcode.com'
+
+  config.middleware.use(Rack::HostRedirect, "webauthn.herokuapp.com" => URI(config.webauthn_origin).host)
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
@@ -53,4 +53,6 @@
 
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true
+
+  config.webauthn_origin = 'http://localhost:3030'
 end
diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
@@ -6,7 +6,7 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   driven_by :selenium, using: (ENV["TEST_BROWSER"] || :chrome).to_sym, screen_size: [1400, 1400]
 
   setup do
-    Capybara.app_host = ENV['WEBAUTHN_ORIGIN']
+    Capybara.app_host = Rails.configuration.webauthn_origin
     Capybara.server_host = "localhost"
     Capybara.server_port = 3030
     Capybara.default_max_wait_time = 20

diff --git a/test/controllers/registrations_controller_test.rb b/test/controllers/registrations_controller_test.rb
@@ -38,7 +38,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
     public_key_credential =
       WebAuthn::FakeClient
-      .new(ENV["WEBAUTHN_ORIGIN"])
+      .new(Rails.configuration.webauthn_origin)
       .create(challenge: challenge, user_verified: true)
 
     webauthn_credential = WebAuthn::Credential.from_create(public_key_credential)

diff --git a/test/system/add_credential_test.rb b/test/system/add_credential_test.rb
@@ -5,7 +5,7 @@
 
 class AddCredentialTest < ApplicationSystemTestCase
   test "add credentials" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)
 

diff --git a/test/system/registration_test.rb b/test/system/registration_test.rb
@@ -5,7 +5,7 @@
 
 class RegistrationTest < ApplicationSystemTestCase
   test "register user" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)
 

diff --git a/test/system/sign_in_test.rb b/test/system/sign_in_test.rb
@@ -5,7 +5,7 @@
 
 class SignInTest < ApplicationSystemTestCase
   test "register and then sign in" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)