Compare commits
8 Commits
CVE-2022-4
...
v2.5b1
| Author | SHA1 | Date | |
|---|---|---|---|
|
7a0c77108f | ||
|
|
84b9d297d2 | ||
|
|
1ebc5bfd2b | ||
|
|
d8b10bcdc1 | ||
|
|
f6d25d7a79 | ||
|
|
1f4be15fc5 | ||
|
|
6ea99ff931 | ||
|
660d5ca8f8 |
@@ -1,4 +1,12 @@
|
||||
# Change Log
|
||||
## 2.5.0
|
||||
|
||||
* Bumped fido2 version to 1.0
|
||||
* Fixed: issue in the 'Authorize' button don't show on Firefox and Chrome on iOS.
|
||||
Note: It seems Firefox doesn't support WebAuthn on iOS
|
||||
* Fixed: Support for bootstrap5
|
||||
Thanks to @ezrajrice
|
||||
|
||||
## 2.4.0
|
||||
|
||||
* Fixed: issue in the 'Authorize' button don't show on Safari Mobile.
|
||||
|
||||
@@ -187,6 +187,7 @@ function some_func() {
|
||||
* [willingham](https://github.com/willingham)
|
||||
* [AndreasDickow](https://github.com/AndreasDickow)
|
||||
* [mnelson4](https://github.com/mnelson4)
|
||||
* [ezrajrice](https://github.com/ezrajrice)
|
||||
|
||||
|
||||
# Security contact information
|
||||
|
||||
@@ -146,5 +146,5 @@ MFA_SUCCESS_REGISTRATION_MSG="Go to Home"
|
||||
TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name
|
||||
|
||||
U2F_APPID="https://localhost" #URL For U2F
|
||||
FIDO_SERVER_ID=u"local.mkalioby.com" # Server rp id for FIDO2, it the full domain of your project
|
||||
FIDO_SERVER_NAME=u"TestApp"
|
||||
FIDO_SERVER_ID="localhost" # Server rp id for FIDO2, it the full domain of your project
|
||||
FIDO_SERVER_NAME="TestApp"
|
||||
|
||||
14
mfa/FIDO2.py
14
mfa/FIDO2.py
@@ -1,6 +1,6 @@
|
||||
from fido2.client import ClientData
|
||||
from fido2.client import Fido2Client
|
||||
from fido2.server import Fido2Server, PublicKeyCredentialRpEntity
|
||||
from fido2.ctap2 import AttestationObject, AuthenticatorData
|
||||
from fido2.webauthn import AttestationObject, AuthenticatorData, CollectedClientData
|
||||
from django.template.context_processors import csrf
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.shortcuts import render
|
||||
@@ -11,7 +11,7 @@ from django.http import HttpResponse
|
||||
from django.conf import settings
|
||||
from .models import *
|
||||
from fido2.utils import websafe_decode, websafe_encode
|
||||
from fido2.ctap2 import AttestedCredentialData
|
||||
from fido2.webauthn import AttestedCredentialData
|
||||
from .views import login, reset_cookie
|
||||
import datetime
|
||||
from .Common import get_redirect_url
|
||||
@@ -28,7 +28,7 @@ def recheck(request):
|
||||
|
||||
def getServer():
|
||||
"""Get Server Info from settings and returns a Fido2Server"""
|
||||
rp = PublicKeyCredentialRpEntity(settings.FIDO_SERVER_ID, settings.FIDO_SERVER_NAME)
|
||||
rp = PublicKeyCredentialRpEntity(id=settings.FIDO_SERVER_ID, name=settings.FIDO_SERVER_NAME)
|
||||
return Fido2Server(rp)
|
||||
|
||||
|
||||
@@ -51,7 +51,7 @@ def complete_reg(request):
|
||||
try:
|
||||
data = cbor.decode(request.body)
|
||||
|
||||
client_data = ClientData(data['clientDataJSON'])
|
||||
client_data = CollectedClientData(data['clientDataJSON'])
|
||||
att_obj = AttestationObject((data['attestationObject']))
|
||||
server = getServer()
|
||||
auth_data = server.register_complete(
|
||||
@@ -68,6 +68,8 @@ def complete_reg(request):
|
||||
uk.save()
|
||||
return HttpResponse(simplejson.dumps({'status': 'OK'}))
|
||||
except Exception as exp:
|
||||
import traceback
|
||||
print(traceback.format_exc())
|
||||
try:
|
||||
from raven.contrib.django.raven_compat.models import client
|
||||
client.captureException()
|
||||
@@ -112,7 +114,7 @@ def authenticate_complete(request):
|
||||
credentials = getUserCredentials(username)
|
||||
data = cbor.decode(request.body)
|
||||
credential_id = data['credentialId']
|
||||
client_data = ClientData(data['clientDataJSON'])
|
||||
client_data = CollectedClientData(data['clientDataJSON'])
|
||||
auth_data = AuthenticatorData(data['authenticatorData'])
|
||||
signature = data['signature']
|
||||
try:
|
||||
|
||||
@@ -105,7 +105,7 @@
|
||||
$("#main_paragraph").html("FIDO2 must work under secure context")
|
||||
} else {
|
||||
ua=new UAParser().getResult()
|
||||
if (ua.browser.name == "Safari" || ua.browser.name == "Mobile Safari" )
|
||||
if (ua.browser.name == "Safari" || ua.browser.name == "Mobile Safari" || ua.os.name == "iOS" || ua.os.name == "iPadOS")
|
||||
$("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
|
||||
else
|
||||
authen()
|
||||
|
||||
@@ -47,24 +47,24 @@
|
||||
<div class="row">
|
||||
<div align="center">
|
||||
<div class="btn-group">
|
||||
<button class="btn btn-success dropdown-toggle" data-toggle="dropdown">
|
||||
<button class="btn btn-success dropdown-toggle" data-toggle="dropdown" data-bs-toggle="dropdown">
|
||||
Add Method <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu">
|
||||
{% if not 'TOTP' in UNALLOWED_AUTHEN_METHODS %}
|
||||
<li><a href="{% url 'start_new_otop' %}">Authenticator app</a></li>
|
||||
<li><a class="dropdown-item" href="{% url 'start_new_otop' %}">Authenticator app</a></li>
|
||||
{% endif %}
|
||||
{% if not 'Email' in UNALLOWED_AUTHEN_METHODS %}
|
||||
<li><a href="{% url 'start_email' %}">Email Token</a></li>
|
||||
<li><a class="dropdown-item" href="{% url 'start_email' %}">Email Token</a></li>
|
||||
{% endif %}
|
||||
{% if not 'U2F' in UNALLOWED_AUTHEN_METHODS %}
|
||||
<li><a href="{% url 'start_u2f' %}">Security Key</a></li>
|
||||
<li><a class="dropdown-item" href="{% url 'start_u2f' %}">Security Key</a></li>
|
||||
{% endif %}
|
||||
{% if not 'FIDO2' in UNALLOWED_AUTHEN_METHODS %}
|
||||
<li><a href="{% url 'start_fido2' %}">FIDO2 Security Key</a></li>
|
||||
<li><a class="dropdown-item" href="{% url 'start_fido2' %}">FIDO2 Security Key</a></li>
|
||||
{% endif %}
|
||||
{% if not 'Trusted_Devices' in UNALLOWED_AUTHEN_METHODS %}
|
||||
<li><a href="{% url 'start_td' %}">Trusted Device</a></li>
|
||||
<li><a class="dropdown-item" href="{% url 'start_td' %}">Trusted Device</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
@@ -108,4 +108,4 @@
|
||||
</div>
|
||||
</div>
|
||||
{% include "modal.html" %}
|
||||
{% endblock %}
|
||||
{% endblock %}
|
||||
|
||||
10
setup.py
10
setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
|
||||
|
||||
setup(
|
||||
name='django-mfa2',
|
||||
version='2.4.0',
|
||||
version='2.5.0b1',
|
||||
description='Allows user to add 2FA to their accounts',
|
||||
long_description=open("README.md").read(),
|
||||
long_description_content_type="text/markdown",
|
||||
@@ -24,14 +24,14 @@ setup(
|
||||
'ua-parser',
|
||||
'user-agents',
|
||||
'python-jose',
|
||||
'fido2 == 0.9.2',
|
||||
'fido2 == 1.0.0',
|
||||
'jsonLookup'
|
||||
],
|
||||
python_requires=">=3.5",
|
||||
include_package_data=True,
|
||||
zip_safe=False, # because we're including static files
|
||||
classifiers=[
|
||||
"Development Status :: 5 - Production/Stable",
|
||||
"Development Status :: 4 - Beta",
|
||||
"Environment :: Web Environment",
|
||||
"Framework :: Django",
|
||||
"Framework :: Django :: 2.0",
|
||||
@@ -39,6 +39,8 @@ setup(
|
||||
"Framework :: Django :: 2.2",
|
||||
"Framework :: Django :: 3.0",
|
||||
"Framework :: Django :: 3.1",
|
||||
"Framework :: Django :: 3.2",
|
||||
"Framework :: Django :: 4.0",
|
||||
"Intended Audience :: Developers",
|
||||
"Operating System :: OS Independent",
|
||||
"Programming Language :: Python",
|
||||
@@ -47,6 +49,8 @@ setup(
|
||||
"Programming Language :: Python :: 3.6",
|
||||
"Programming Language :: Python :: 3.7",
|
||||
"Programming Language :: Python :: 3.8",
|
||||
"Programming Language :: Python :: 3.9",
|
||||
"Programming Language :: Python :: 3.10",
|
||||
"Topic :: Software Development :: Libraries :: Python Modules",
|
||||
]
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user