Browse Source

Add logic to handle exceptions thrown by the fido2 library

pull/456/head
Pēteris Caune 4 years ago
parent
commit
0b4251bdee
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
2 changed files with 35 additions and 13 deletions
  1. +16
    -0
      hc/accounts/tests/test_add_credential.py
  2. +19
    -13
      hc/accounts/views.py

+ 16
- 0
hc/accounts/tests/test_add_credential.py View File

@ -80,3 +80,19 @@ class AddCredentialTestCase(BaseTestCase):
r = self.client.post(self.url, payload)
self.assertEqual(r.status_code, 400)
@patch("hc.accounts.views._get_credential_data")
def test_it_handles_authentication_failure(self, mock_get_credential_data):
mock_get_credential_data.return_value = None
self.client.login(username="[email protected]", password="password")
self.set_sudo_flag()
payload = {
"name": "My New Key",
"client_data_json": "e30=",
"attestation_object": "e30=",
}
r = self.client.post(self.url, payload, follow=True)
self.assertEqual(r.status_code, 400)

+ 19
- 13
hc/accounts/views.py View File

@ -590,11 +590,14 @@ def _get_credential_data(request, form):
"""
auth_data = FIDO2_SERVER.register_complete(
request.session["state"],
ClientData(form.cleaned_data["client_data_json"]),
AttestationObject(form.cleaned_data["attestation_object"]),
)
try:
auth_data = FIDO2_SERVER.register_complete(
request.session["state"],
ClientData(form.cleaned_data["client_data_json"]),
AttestationObject(form.cleaned_data["attestation_object"]),
)
except ValueError:
return None
return auth_data.credential_data
@ -677,14 +680,17 @@ def _check_credential(request, form, credentials):
"""
FIDO2_SERVER.authenticate_complete(
request.session["state"],
credentials,
form.cleaned_data["credential_id"],
ClientData(form.cleaned_data["client_data_json"]),
AuthenticatorData(form.cleaned_data["authenticator_data"]),
form.cleaned_data["signature"],
)
try:
FIDO2_SERVER.authenticate_complete(
request.session["state"],
credentials,
form.cleaned_data["credential_id"],
ClientData(form.cleaned_data["client_data_json"]),
AuthenticatorData(form.cleaned_data["authenticator_data"]),
form.cleaned_data["signature"],
)
except ValueError:
return False
return True


Loading…
Cancel
Save