--wip-- [skip ci]

Author: rafaella-martino

test/dummy/app/controllers/second_factor_webauthn_credentials_controller.rb

@@ -50,6 +50,29 @@ def create
     end
   end
 
+  def upgrade
+    webauthn_credential = WebAuthn::Credential.from_get(JSON.parse(session_params[:public_key_credential]))
+
+    credential = user.webauthn_credentials.find_by(external_id: webauthn_credential.id)
+    unless credential
+      redirect_to root_path, alert: "Credential not recognized"
+      return
+    end
+
+    begin
+      webauthn_credential.verify(
+        session[:current_authentication][:challenge] || session[:current_authentication]["challenge"],
+        public_key: credential.public_key,
+        sign_count: credential.sign_count
+      )
+
+      credential.update!(authenticator_factor: "first_factor")
+      redirect_to root_path
+    rescue WebAuthn::Error => e
+      redirect_to root_path, alert: "Verification failed: #{e.message}"
+    end
+  end
+
   def destroy
     Current.user.second_factor_webauthn_credentials.destroy(params[:id])
 

test/dummy/app/views/home/_credentials_list.html.erb

@@ -5,6 +5,7 @@
       <span>
         <span><%= credential.nickname %></span>
         <span><%= credential.external_id %></span>
+        <%=link_to "Upgrade" , second_factor_webauthn_credential_upgrade_path(credential), locals: {credential: credential} %>
       </span>
 
       <%= link_to "Delete credential", delete_path.call(credential), data: { turbo_method: :delete } %>

test/dummy/app/views/second_factor_webauthn_credentials/upgrade.html.erb

@@ -0,0 +1,18 @@
+<h3>Upgrade your security key to a passkey</h3>
+
+<p>
+  You are about to upgrade your security key <%= @credential.nickname %> to a passkey.
+</p>
+<%= form_with(
+  url: second_factor_webauthn_credentials_upgrade,
+  data: {
+    controller: "webauthn-credentials",
+    action: "webauthn-credentials#get:prevent",
+    "webauthn-credentials-options-url-value": get_options_second_factor_webauthn_credentials_path,
+  }) do |form| %>
+  <%= form.hidden_field :public_key_credential, data: { "webauthn-credentials-target": "credentialHiddenInput" } %>
+
+  <div class="field">
+    <%= form.submit "Upgrade to passkey", disabled: true, data: { "webauthn-credentials-target": "submitButton" } %>
+  </div>
+<% end %>

test/dummy/config/routes.rb

@@ -9,6 +9,8 @@
 
   resources :second_factor_webauthn_credentials, only: [ :new, :create, :destroy ] do
     post :create_options, on: :collection
+    get :upgrade
+    post :upgrade
   end
 
   resource :second_factor_authentication, only: [ :new, :create ] do