From a48ae253d6bb5702d96ca55eb664271463c7a205 Mon Sep 17 00:00:00 2001 From: BIZ Factory GmbH Date: Mon, 1 Mar 2021 07:44:17 +0100 Subject: [PATCH 1/3] Update U2F.py --- mfa/U2F.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mfa/U2F.py b/mfa/U2F.py index 938841e..1531b51 100644 --- a/mfa/U2F.py +++ b/mfa/U2F.py @@ -52,7 +52,7 @@ def validate(request,username): challenge = request.session.pop('_u2f_challenge_') device, c, t = complete_authentication(challenge, data, [settings.U2F_APPID]) - key=User_Keys.objects.get(username=username,properties__shas="$.device.publicKey=%s"%device["publicKey"]) + key = User_Keys.objects.filter(username=username, properties__iregex=rf'{device["publicKey"]}') key.last_used=timezone.now() key.save() mfa = {"verified": True, "method": "U2F","id":key.id} From 4fbe88b90fb071165ab7dc91795b8d95c7174bd3 Mon Sep 17 00:00:00 2001 From: BIZ Factory GmbH Date: Mon, 1 Mar 2021 08:25:48 +0100 Subject: [PATCH 2/3] Update U2F.py fix get instead of filter in function call --- mfa/U2F.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mfa/U2F.py b/mfa/U2F.py index 1531b51..16cebea 100644 --- a/mfa/U2F.py +++ b/mfa/U2F.py @@ -52,7 +52,7 @@ def validate(request,username): challenge = request.session.pop('_u2f_challenge_') device, c, t = complete_authentication(challenge, data, [settings.U2F_APPID]) - key = User_Keys.objects.filter(username=username, properties__iregex=rf'{device["publicKey"]}') + key = User_Keys.objects.get(username=username, properties__iregex=rf'{device["publicKey"]}') key.last_used=timezone.now() key.save() mfa = {"verified": True, "method": "U2F","id":key.id} From 600ef2421a0c0cbf24ba8157c2a341de6500fe33 Mon Sep 17 00:00:00 2001 From: BIZ Factory GmbH Date: Mon, 1 Mar 2021 08:27:38 +0100 Subject: [PATCH 3/3] Update TrustedDevice.py add postgresql support --- mfa/TrustedDevice.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mfa/TrustedDevice.py b/mfa/TrustedDevice.py index 94b2136..812e13e 100644 --- a/mfa/TrustedDevice.py +++ b/mfa/TrustedDevice.py @@ -62,7 +62,7 @@ def add(request): key=request.POST["key"].replace("-","").replace(" ","").upper() context["username"] = request.POST["username"] context["key"] = request.POST["key"] - trusted_keys=User_Keys.objects.filter(username=request.POST["username"],properties__has="$.key="+key) + trusted_keys=User_Keys.objects.filter(username=request.POST["username"],properties__iregex=rf'{key}') cookie=False if trusted_keys.exists(): tk=trusted_keys[0]