FEATURE: Enable passkeys by default (#25340)

2025-02-25 18:55:32 -06:00 · 2024-01-23 17:23:26 +01:00 · 2024-01-23 17:23:26 +01:00 · 4d43ef5186
commit 4d43ef5186
parent 67244a2318
20 changed files with 105 additions and 35 deletions
--- a/app/assets/javascripts/discourse/tests/acceptance/create-account-from-login-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/create-account-from-login-test.js
@ -2,7 +2,13 @@ import { click, fillIn, visit } from "@ember/test-helpers";
 import { test } from "qunit";
 import { acceptance } from "discourse/tests/helpers/qunit-helpers";

-acceptance("Create Account Fields - From Login Form", function () {
+acceptance("Create Account Fields - From Login Form", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("autofills email field with login form value", async function (assert) {
    await visit("/");
    await click("header .login-button");
--- a/app/assets/javascripts/discourse/tests/acceptance/create-account-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/create-account-test.js
@ -78,6 +78,17 @@ acceptance("Create Account", function () {

    assert.verifySteps(["buildPostForm"]);
  });
+
+  test("does not show passkeys button", async function (assert) {
+    await visit("/");
+    await click("header .sign-up-button");
+
+    assert
+      .dom(".d-modal.create-account .btn-primary")
+      .exists("create account button exists");
+
+    assert.dom(".passkey-login-button").doesNotExist();
+  });
 });

 acceptance("Create Account - full_name_required", function (needs) {
@ -114,19 +125,3 @@ acceptance("Create Account - full_name_required", function (needs) {
    assert.verifySteps(["request"]);
  });
 });
-
-acceptance("Create Account - passkeys enabled", function (needs) {
-  needs.settings({ enable_passkeys: true });
-
-  test("does not show passkeys button", async function (assert) {
-    await visit("/");
-    await click("header .sign-up-button");
-
-    assert
-      .dom(".d-modal.create-account .btn-primary")
-      .exists("create account button exists");
-
-    assert.dom(".d-modal.create-account .btn-primary").exists();
-    assert.dom(".passkey-login-button").doesNotExist();
-  });
-});
--- a/app/assets/javascripts/discourse/tests/acceptance/forgot-password-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/forgot-password-test.js
@ -16,6 +16,10 @@ acceptance("Forgot password", function (needs) {
        user_found: userFound,
      });
    });
+
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
  });

  test("requesting password reset", async function (assert) {
@ -92,6 +96,10 @@ acceptance(
      server.post("/session/forgot_password", () => {
        return helper.response({});
      });
+
+      server.get(`/session/passkey/challenge.json`, () =>
+        helper.response({ challenge: "smth" })
+      );
    });

    test("requesting password reset", async function (assert) {
--- a/app/assets/javascripts/discourse/tests/acceptance/groups-index-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/groups-index-test.js
@ -8,7 +8,9 @@ import {
  query,
 } from "discourse/tests/helpers/qunit-helpers";

-acceptance("Groups", function () {
+acceptance("Groups", function (needs) {
+  needs.settings({ enable_passkeys: false });
+
  test("Browsing Groups", async function (assert) {
    await visit("/g?username=eviltrout");
    assert.strictEqual(count(".group-box"), 1, "it displays user's groups");
--- a/app/assets/javascripts/discourse/tests/acceptance/login-redirect-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/login-redirect-test.js
@ -2,7 +2,13 @@ import { currentRouteName, visit } from "@ember/test-helpers";
 import { test } from "qunit";
 import { acceptance } from "discourse/tests/helpers/qunit-helpers";

-acceptance("Login redirect - anonymous", function () {
+acceptance("Login redirect - anonymous", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("redirects login to default homepage", async function (assert) {
    await visit("/login");
    assert.strictEqual(
@ -18,6 +24,12 @@ acceptance("Login redirect - categories default", function (needs) {
    top_menu: "categories|latest|top|hot",
  });

+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("when site setting is categories", async function (assert) {
    await visit("/login");
    assert.strictEqual(
--- a/app/assets/javascripts/discourse/tests/acceptance/login-required-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/login-required-test.js
@ -9,6 +9,12 @@ import {
 acceptance("Login Required", function (needs) {
  needs.settings({ login_required: true });

+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("redirect", async function (assert) {
    await visit("/latest");
    assert.strictEqual(
--- a/app/assets/javascripts/discourse/tests/acceptance/mobile-sign-in-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/mobile-sign-in-test.js
@ -4,6 +4,13 @@ import { acceptance, exists } from "discourse/tests/helpers/qunit-helpers";

 acceptance("Signing In - Mobile", function (needs) {
  needs.mobileView();
+
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("sign in", async function (assert) {
    await visit("/");
    await click("header .login-button");
--- a/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-test.js
@ -4,7 +4,11 @@ import sinon from "sinon";
 import { acceptance } from "discourse/tests/helpers/qunit-helpers";
 import I18n from "discourse-i18n";

-acceptance("Modal - Login", function () {
+acceptance("Modal - Login", function (needs) {
+  needs.settings({
+    enable_passkeys: false,
+  });
+
  test("You can tab to the login button", async function (assert) {
    await visit("/");
    await click("header .login-button");
@ -29,6 +33,10 @@ acceptance("Modal - Login - With 2FA", function (needs) {
        totp_enabled: true,
      })
    );
+
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
  });

  test("You can tab to 2FA login button", async function (assert) {
@ -46,15 +54,9 @@ acceptance("Modal - Login - With 2FA", function (needs) {
 });

 acceptance("Modal - Login - With Passkeys enabled", function (needs) {
-  needs.settings({
-    enable_passkeys: true,
-  });
-
  needs.pretender((server, helper) => {
    server.get(`/session/passkey/challenge.json`, () =>
-      helper.response({
-        challenge: "some-challenge",
-      })
+      helper.response({ challenge: "smth" })
    );
  });

@ -86,9 +88,6 @@ acceptance("Modal - Login - With Passkeys disabled", function (needs) {

 acceptance("Modal - Login - Passkeys on mobile", function (needs) {
  needs.mobileView();
-  needs.settings({
-    enable_passkeys: true,
-  });

  needs.pretender((server, helper) => {
    server.get(`/session/passkey/challenge.json`, () =>
--- a/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-and-hide-email-address-taken-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-and-hide-email-address-taken-test.js
@ -7,6 +7,7 @@ acceptance("Login with email - hide email address taken", function (needs) {
  needs.settings({
    enable_local_logins_via_email: true,
    hide_email_address_taken: true,
+    enable_passkeys: false,
  });

  needs.pretender((server, helper) => {
--- a/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-and-no-social-logins-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-and-no-social-logins-test.js
@ -10,6 +10,9 @@ acceptance("Login with email - no social logins", function (needs) {
  needs.settings({ enable_local_logins_via_email: true });
  needs.pretender((server, helper) => {
    server.post("/u/email-login", () => helper.response({ success: "OK" }));
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
  });
  test("with login with email enabled", async function (assert) {
    await visit("/");
--- a/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-disabled-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-disabled-test.js
@ -6,6 +6,7 @@ acceptance("Login with email disabled", function (needs) {
  needs.settings({
    enable_local_logins_via_email: false,
    enable_facebook_logins: true,
+    enable_passkeys: false,
  });

  test("with email button", async function (assert) {
--- a/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/modal/login/login-with-email-test.js
@ -15,6 +15,7 @@ acceptance("Login with email", function (needs) {
  needs.settings({
    enable_local_logins_via_email: true,
    enable_facebook_logins: true,
+    enable_passkeys: false,
  });

  let userFound = false;
--- a/app/assets/javascripts/discourse/tests/acceptance/new-message-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/new-message-test.js
@ -7,7 +7,13 @@ import {
 } from "discourse/tests/helpers/qunit-helpers";
 import selectKit from "discourse/tests/helpers/select-kit-helper";

-acceptance("New Message - Anonymous", function () {
+acceptance("New Message - Anonymous", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("accessing new-message route when logged out", async function (assert) {
    await visit(
      "/new-message?username=charlie&title=message%20title&body=message%20body"
--- a/app/assets/javascripts/discourse/tests/acceptance/new-topic-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/new-topic-test.js
@ -3,7 +3,13 @@ import { test } from "qunit";
 import { acceptance, exists } from "discourse/tests/helpers/qunit-helpers";
 import selectKit from "discourse/tests/helpers/select-kit-helper";

-acceptance("New Topic - Anonymous", function () {
+acceptance("New Topic - Anonymous", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("accessing new-topic route when logged out", async function (assert) {
    await visit("/new-topic?title=topic%20title&body=topic%20body");

--- a/app/assets/javascripts/discourse/tests/acceptance/sign-in-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/sign-in-test.js
@ -6,7 +6,13 @@ import {
  query,
 } from "discourse/tests/helpers/qunit-helpers";

-acceptance("Signing In", function () {
+acceptance("Signing In", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("sign in", async function (assert) {
    await visit("/");
    await click("header .login-button");
--- a/app/assets/javascripts/discourse/tests/acceptance/static-test.js
+++ b/app/assets/javascripts/discourse/tests/acceptance/static-test.js
@ -2,7 +2,13 @@ import { currentRouteName, visit } from "@ember/test-helpers";
 import { test } from "qunit";
 import { acceptance } from "discourse/tests/helpers/qunit-helpers";

-acceptance("Static pages", function () {
+acceptance("Static pages", function (needs) {
+  needs.pretender((server, helper) => {
+    server.get(`/session/passkey/challenge.json`, () =>
+      helper.response({ challenge: "smth" })
+    );
+  });
+
  test("/faq", async function (assert) {
    await visit("/faq");
    assert.true(
--- a/app/serializers/web_hook_user_serializer.rb
+++ b/app/serializers/web_hook_user_serializer.rb
@ -32,6 +32,7 @@ class WebHookUserSerializer < UserSerializer
    can_change_website
    can_change_tracking_preferences
    user_api_keys
+    user_passkeys
    group_users
    user_auth_tokens
    user_auth_token_logs
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@ -422,7 +422,7 @@ login:
    validator: "EnableLocalLoginsViaEmailValidator"
  enable_passkeys:
    client: true
-    default: false
+    default: true
    hidden: true
  allow_new_registrations:
    client: true
--- a/spec/requests/api/schemas/json/user_get_response.json
+++ b/spec/requests/api/schemas/json/user_get_response.json
@ -324,6 +324,9 @@
            "null"
          ]
        },
+        "user_passkeys": {
+          "type": "array"
+        },
        "sidebar_tags": {
          "type": "array"
        },
--- a/spec/serializers/user_serializer_spec.rb
+++ b/spec/serializers/user_serializer_spec.rb
@ -450,6 +450,7 @@ RSpec.describe UserSerializer do
    end

    it "does not include them if feature is disabled" do
+      SiteSetting.enable_passkeys = false
      json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json

      expect(json[:user_passkeys]).to eq(nil)