From 0b4251bdee8eeb4f92be4b2edfbcc115c819b15a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Thu, 19 Nov 2020 16:53:58 +0200 Subject: [PATCH] Add logic to handle exceptions thrown by the fido2 library --- hc/accounts/tests/test_add_credential.py | 16 ++++++++++++ hc/accounts/views.py | 32 ++++++++++++++---------- 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/hc/accounts/tests/test_add_credential.py b/hc/accounts/tests/test_add_credential.py index f55ab61f..0d726316 100644 --- a/hc/accounts/tests/test_add_credential.py +++ b/hc/accounts/tests/test_add_credential.py @@ -80,3 +80,19 @@ class AddCredentialTestCase(BaseTestCase): r = self.client.post(self.url, payload) self.assertEqual(r.status_code, 400) + + @patch("hc.accounts.views._get_credential_data") + def test_it_handles_authentication_failure(self, mock_get_credential_data): + mock_get_credential_data.return_value = None + + self.client.login(username="alice@example.org", password="password") + self.set_sudo_flag() + + payload = { + "name": "My New Key", + "client_data_json": "e30=", + "attestation_object": "e30=", + } + + r = self.client.post(self.url, payload, follow=True) + self.assertEqual(r.status_code, 400) diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 354b72c8..701f4be0 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -590,11 +590,14 @@ def _get_credential_data(request, form): """ - auth_data = FIDO2_SERVER.register_complete( - request.session["state"], - ClientData(form.cleaned_data["client_data_json"]), - AttestationObject(form.cleaned_data["attestation_object"]), - ) + try: + auth_data = FIDO2_SERVER.register_complete( + request.session["state"], + ClientData(form.cleaned_data["client_data_json"]), + AttestationObject(form.cleaned_data["attestation_object"]), + ) + except ValueError: + return None return auth_data.credential_data @@ -677,14 +680,17 @@ def _check_credential(request, form, credentials): """ - FIDO2_SERVER.authenticate_complete( - request.session["state"], - credentials, - form.cleaned_data["credential_id"], - ClientData(form.cleaned_data["client_data_json"]), - AuthenticatorData(form.cleaned_data["authenticator_data"]), - form.cleaned_data["signature"], - ) + try: + FIDO2_SERVER.authenticate_complete( + request.session["state"], + credentials, + form.cleaned_data["credential_id"], + ClientData(form.cleaned_data["client_data_json"]), + AuthenticatorData(form.cleaned_data["authenticator_data"]), + form.cleaned_data["signature"], + ) + except ValueError: + return False return True