# frozen-string-literal: true module Rodauth Feature.define(:webauthn_verify_account, :WebauthnVerifyAccount) do depends :verify_account, :webauthn def verify_account_view webauthn_setup_view end def create_account_set_password? false end def verify_account_set_password? false end def autologin_session(autologin_type) super if autologin_type == 'verify_account' set_session_value(authenticated_by_session_key, ['webauthn']) remove_session_value(autologin_type_session_key) webauthn_update_session(@webauthn_credential.id) end end private def before_verify_account super if features.include?(:json) && use_json? && !param_or_nil(webauthn_setup_param) cred = new_webauthn_credential json_response[webauthn_setup_param] = cred.as_json json_response[webauthn_setup_challenge_param] = cred.challenge json_response[webauthn_setup_challenge_hmac_param] = compute_hmac(cred.challenge) end @webauthn_credential = webauthn_setup_credential_from_form_submission add_webauthn_credential(@webauthn_credential) end def webauthn_account_id super || account_id end end end