DEV: Refactor rp_id and rp_name (#23339)

They're both constant per-instance values, there is no need to store them in the session. This also makes the code a bit more readable by moving the `session_challenge_key` method up to the `DiscourseWebauthn` module.
2025-02-25 18:55:32 -06:00 · 2023-08-31 09:11:23 -04:00
parent 5724b7bccd
commit 006a5166e5
8 changed files with 28 additions and 59 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1550,8 +1550,8 @@ class UsersController < ApplicationController
    render json:
             success_json.merge(
               challenge: challenge_session.challenge,
-               rp_id: challenge_session.rp_id,
-               rp_name: challenge_session.rp_name,
+               rp_id: DiscourseWebauthn.rp_id,
+               rp_name: DiscourseWebauthn.rp_name,
               supported_algorithms: ::DiscourseWebauthn::SUPPORTED_ALGORITHMS,
               user_secure_id: current_user.create_or_fetch_secure_identifier,
               existing_active_credential_ids:
@@ -1568,7 +1568,7 @@ class UsersController < ApplicationController
      current_user,
      params,
      challenge: DiscourseWebauthn.challenge(current_user, secure_session),
-      rp_id: DiscourseWebauthn.rp_id(current_user, secure_session),
+      rp_id: DiscourseWebauthn.rp_id,
      origin: Discourse.base_url,
    ).register_second_factor_security_key
    render json: success_json
--- a/app/models/concerns/second_factor_manager.rb
+++ b/app/models/concerns/second_factor_manager.rb
@@ -167,7 +167,7 @@ module SecondFactorManager
      self,
      security_key_credential,
      challenge: DiscourseWebauthn.challenge(self, secure_session),
-      rp_id: DiscourseWebauthn.rp_id(self, secure_session),
+      rp_id: DiscourseWebauthn.rp_id,
      origin: Discourse.base_url,
    ).authenticate_security_key
  end