Upgrade to FIDO2 (0.6) and Supporting Windows Hello

README.md

@@ -7,9 +7,9 @@ Web Authencation API (WebAuthn) is state-of-the art techology that is expected t
 
 ![Andriod Fingerprint](https://cdn-images-1.medium.com/max/800/1*1FWkRE8D7NTA2Kn1DrPjPA.png)
 
-For FIDO2, **security keys**, **Apple's Touch ID (Chrome)** and **android-safetynet** are supported.
+For FIDO2, **security keys**, **Windows Hello**, **Apple's Touch ID (Chrome)** and **android-safetynet** are supported.
 
-In English :), It allows you to verify the user by security keys on PC, Laptops, Touch ID on Macboks (Chrome) and Fingerprint/PIN on Andriod Phones.
+In English :), It allows you to verify the user by security keys on PC, Laptops, Windows Hello (Fingerprint, PIN) on Windows 10 Build 1903 (May 2019 Update) Touch ID on Macbooks (Chrome) and Fingerprint/PIN on Andriod Phones.
 
 Trusted device is a mode for the user to add a device that doesn't support security keys like iOS and andriod without fingerprints or NFC.
 

mfa/FIDO2.py

@@ -34,11 +34,11 @@ def begin_registeration(request):
     }, getUserCredentials(request.user.username))
     request.session['fido_state'] = state
 
-    return HttpResponse(cbor.dumps(registration_data),content_type='application/octet-stream')
+    return HttpResponse(cbor.encode(registration_data),content_type='application/octet-stream')
 @csrf_exempt
 def complete_reg(request):
     try:
-        data = cbor.loads(request.body)[0]
+        data = cbor.decode(request.body)
 
         client_data = ClientData(data['clientDataJSON'])
         att_obj = AttestationObject((data['attestationObject']))
@@ -79,7 +79,7 @@ def authenticate_begin(request):
     credentials=getUserCredentials(request.session.get("base_username",request.user.username))
     auth_data, state = server.authenticate_begin(credentials)
     request.session['fido_state'] = state
-    return HttpResponse(cbor.dumps(auth_data),content_type="application/octet-stream")
+    return HttpResponse(cbor.encode(auth_data),content_type="application/octet-stream")
 
 @csrf_exempt
 def authenticate_complete(request):
@@ -87,7 +87,7 @@ def authenticate_complete(request):
     username=request.session.get("base_username",request.user.username)
     server=getServer()
     credentials=getUserCredentials(username)
-    data = cbor.loads(request.body)[0]
+    data = cbor.decode(request.body)
     credential_id = data['credentialId']
     client_data = ClientData(data['clientDataJSON'])
     auth_data = AuthenticatorData(data['authenticatorData'])

setup.py

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='1.2.1',
+    version='1.3.0',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",
@@ -24,7 +24,7 @@ setup(
         'ua-parser',
         'user-agents',
         'python-jose',
-        'fido2 == 0.5',
+        'fido2 == 0.6',
         'jsonLookup'
       ],
     python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*",