Fix: scope login_with_passkey_form_for to the Devise resource (#134)

* fix: scope form helpers to the Devise resource

The form helpers (login_with_passkey_form_for, etc.) used form_with
without a scope, so form builder fields like f.check_box :remember_me
generated name="remember_me" instead of name="account[remember_me]".
Since the passkey strategy reads params[scope][:remember_me], the value
was never found.

Resolve the scope via Devise::Mapping.find_scope! and pass it to
form_with. Switch the internal public_key_credential hidden field to
hidden_field_tag so it stays at the top-level params where strategies
and controllers expect it. Update controllers to read :name from the
now-scoped params.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix rubocop

* docs: add changelog entry for scoped form helpers fix

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: narrow scope change to login_with_passkey_form_for only

Creation form helpers shouldn't scope fields under the Devise resource
since those fields (like :name) are passkey/security key attributes, not
account attributes. Only login_with_passkey_form_for needs the scope so
that f.check_box :remember_me generates account[remember_me].

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs: move changelog entry from Fixed to Added

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: RenzoMinelli

CHANGELOG.md

@@ -5,6 +5,7 @@
 ### Added
 
 - Dispatch `webauthn:unsupported` for browsers missing `parseOptionsFromJSON`. [#127](https://github.com/cedarcode/devise-webauthn/pull/127) [@santiagorodriguez96]
+- Scope `login_with_passkey_form_for` to the Devise resource so that form builder fields (e.g. `f.check_box :remember_me`) are properly namespaced (e.g. `account[remember_me]`). [#134](https://github.com/cedarcode/devise-webauthn/pull/134) [@RenzoMinelli]
 
 ### Changed
 

lib/devise/webauthn/helpers/credentials_helper.rb

@@ -15,11 +15,13 @@ def passkey_creation_form_for(resource_or_resource_name, **options, &block)
       end
 
       def login_with_passkey_form_for(resource_or_resource_name, **options, &block)
+        scope = Devise::Mapping.find_scope!(resource_or_resource_name)
+
         form_with(
-          **options, url: session_path(resource_or_resource_name), method: :post
+          **options, scope: scope, url: session_path(resource_or_resource_name), method: :post
         ) do |f|
           tag.webauthn_get(data: { options_url: passkey_authentication_options_path(resource_or_resource_name) }) do
-            concat f.hidden_field(:public_key_credential, data: { webauthn_target: "response" })
+            concat hidden_field_tag(:public_key_credential, nil, data: { webauthn_target: "response" })
             concat capture(f, &block)
           end
         end

spec/helpers/devise/webauthn/credentials_helper_spec.rb

@@ -101,8 +101,8 @@ def have_hidden_credential_field
       page = parse(html)
 
       expect(page).to have_css("input.btn-primary[type='submit']")
-      expect(page).to have_css("input[type='checkbox'][name='remember_me']")
-      expect(page).to have_css("label[for='remember_me']", text: "Remember me")
+      expect(page).to have_css("input[type='checkbox'][name='account[remember_me]']")
+      expect(page).to have_css("label[for='account_remember_me']", text: "Remember me")
     end
   end
 

spec/internal/app/views/devise/sessions/new.html.erb

@@ -25,8 +25,8 @@
 
 <%= login_with_passkey_form_for(resource_name, id: "passkey-login") do |form| %>
   <div class="field">
-    <%= check_box_tag "account[remember_me]", id: "passkey_remember_me" %>
-    <%= label_tag "passkey_remember_me", "Remember me" %>
+    <%= form.check_box :remember_me %>
+    <%= form.label :remember_me %>
   </div>
 
   <%= form.submit "Log in with passkeys" %>