Started the project.
Added the user and credentials models and added the sessions controller. If you look the git commit is actually on the 16th. This is because the original repo I was working on got abandoned in the process of figuring out the problems below.
This is actually a new fresh repo. With tailwindcss-rails, the start up for development is to use bin/dev and it starts up the server and a process to keep your CSS up to date. The problem is thatrails
tailwindcss:watch exists with a status of 0 where it is suppose to
watch for file system events.
I even tried adding a new css web service in the compose.yml file
but it had the same problem. So, I am just starting the Rails server
in the web service and I’m doing rails tailwindcss:build
periodically when my CSS needs to be updated.
I got a sample of a user login from the Tailwind site and tried to add
a form_with to it but I did:
<%= form_with .... do |form| %>
<%= end %>The second line should be <% end %> without the equals (=) sign.
That wasted a day.
lsp-mode to work for web-mode files (erb files) and it is
suppose to give you completion suggestions, etc.
It is working slightly but I don’t think it will be of any benefit.
I finally got back to mucking with the app itself.
Had a good day and worked on getting the new registration. I figured out how to get the submit of the form to get into the submit method of thenew-registration-controller. Figured out that -controller
needed to be added to the filename. etc.
I thought I should become more familiar with the finer details of
WebAuthn so I spent the day reading. As usual, I got only to section
5.1 but I think I have general understanding. Between the
Webauthn Gem and webauthn-json, there isn’t a lot of need to
understand the finer details.
In particular, the ponyfill makes it simpler than what the original Rails demo did.
I’m finding bugs in the webauthn-rails-demo-app. For example, it
has an exclude property that is a list of ~id~s to exclude. The
attribute should be excludeCredentials and should be a list of
PublicKeyCredentialDescriptors. There is a similar error with an
allow list that should be allowCredentials. There are also fields
in the various options that are not mentioned in the Rails demo app.
I want to at least document these options in the code so that users
will be aware that they exist and where to go look at their
specifications. I’m not exactly sure how I’m going to do this. I’m
also spending time understanding, for example, challenge and how it
changes how it is represented, where, and why. I think it starts
out as a binary array of bytes. It is Base64URL encoded. What is
Base64URL? Well, Base64 is an encoding that takes 6 bits and
encodes them into 64 normal ascii characters. 62 of those characters
are easy: A-Z, a-z, and 0-9. The last time are the weird ones. The
original used + and / but these are special for URLs. So instead,
Base64URL uses - and _. Simple after you figure it out.
So I think the path of challenge is: on the server it starts out as
binary. It is encoded by Base64URL in the webauthn-ruby gem. Then
converted to JSON by the Rails controller and transmitted. Received
as JSON in the javascript controller,
e.g. new_registration_controller, converted to Base64URL from the
JSON, and then converted back to binary by the webauthn-json library.
As I said, I think that is how it goes but I haven’t fully traced the
full path yet.
webauthn-ruby gem looks for the exclude and I’m assuming the
allow attributes and creates the appropriate list with the
appropriate types. See exclude list item in Changes.
I’ve been listening to CSS videos and slowly working on the
RegistrationController and the new-registration Stimulus
controller along with a _feature_detection partial which is being
used as a layout – not sure if that is the right way to do things but
I think it is.
I finally have something worth checking in but it isn’t done I’m sure.
All the paths are working. I now need to figure out an effective way to test this.While merging this project with my Hatred project, I added many of the things that Rubocop had flagged with the Hatred project (but not all).