harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Add logic to handle exceptions thrown by the fido2 library

Browse Source
This commit is contained in:
Pēteris Caune 2020-11-19 16:53:58 +02:00
parent c8d387aee4
commit 0b4251bdee
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
2 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hc/accounts/tests/test_add_credential.py
View File

@ -80,3 +80,19 @@ class AddCredentialTestCase(BaseTestCase):
r = self.client.post(self.url, payload)
self.assertEqual(r.status_code, 400)
@patch("hc.accounts.views._get_credential_data")
def test_it_handles_authentication_failure(self, mock_get_credential_data):
mock_get_credential_data.return_value = None
self.client.login(username="alice@example.org", password="password")
self.set_sudo_flag()
payload = {
"name": "My New Key",
"client_data_json": "e30=",
"attestation_object": "e30=",
}
r = self.client.post(self.url, payload, follow=True)
self.assertEqual(r.status_code, 400)

32
hc/accounts/views.py
View File

@ -590,11 +590,14 @@ def _get_credential_data(request, form):
"""
auth_data = FIDO2_SERVER.register_complete(
request.session["state"],
ClientData(form.cleaned_data["client_data_json"]),
AttestationObject(form.cleaned_data["attestation_object"]),
)
try:
auth_data = FIDO2_SERVER.register_complete(
request.session["state"],
ClientData(form.cleaned_data["client_data_json"]),
AttestationObject(form.cleaned_data["attestation_object"]),
)
except ValueError:
return None
return auth_data.credential_data
@ -677,14 +680,17 @@ def _check_credential(request, form, credentials):
"""
FIDO2_SERVER.authenticate_complete(
request.session["state"],
credentials,
form.cleaned_data["credential_id"],
ClientData(form.cleaned_data["client_data_json"]),
AuthenticatorData(form.cleaned_data["authenticator_data"]),
form.cleaned_data["signature"],
)
try:
FIDO2_SERVER.authenticate_complete(
request.session["state"],
credentials,
form.cleaned_data["credential_id"],
ClientData(form.cleaned_data["client_data_json"]),
AuthenticatorData(form.cleaned_data["authenticator_data"]),
form.cleaned_data["signature"],
)
except ValueError:
return False
return True